#ISC2Congress: CTI Is Woefully Underused

Written by

Cyber threat intelligence is not being fully exploited, as businesses are often unclear on what it is and how it can be used. 

Speaking on day three of the (ISC)² Security Congress in Orlando, Florida, CTI analyst Xena Olsen said vital information about online threats wasn't flowing smoothly from CTI analysts to management and other employees. As a result, key decisions are frequently made without full comprehension of the prevailing security landscape.

Olsen told Infosecurity Magazine: "There are communication issues. Sometimes you get managers that don’t know anything about CTI, so they have to get up to speed. They aren't analysts, so they don't understand how CTI analysts approach data. They don't know what to ask, and they don't know what to look for. 

"People in other departments also don't know that they can lean on their own in-house CTI team. They don't even know what they have access to. So, people get confused, and then they don't know who to talk to within the organization."

According to Olsen, there are blockages on both ends of the intelligence pipe, as CTI analysts frequently botch the job of clearly explaining their findings to non-techies and don't sit down with management to work out what information is really needed.   

“It takes having honest conversations, and in the corporate world it's a little bit more difficult to achieve that because sometimes people don't like asking questions or admitting that they don't know something,” Olsen told Infosecurity Magazine.

Olsen advised analysts to create a short and simple daily cyber-threat report and weekly threat summary for management. Each threat listed should be given a clear threat ranking pertinent to that particular organization, so management can see at a glance what is going on and how worried they should be about it.

Analysts should also make a quarterly cyber-threat landscape report that includes pictures of phishing emails received and features graphs or heat maps showing what threat actor activity occurred and when. 

Olsen advised managers to request data that can be used to make their organizations safer. She said: "You can ask for data on who clicks the most [number of bad links] and who gets infected the most in your organization."

Giving feedback will help managers get the most out of CTI. Olsen added: "If I spent 40 hours preparing a report for you, and you tell me it wasn't useful, then I won't do it anymore, and I will do something else instead."

What’s hot on Infosecurity Magazine?