You know the old saying that knowledge is power—that can be especially true in the cybersecurity world, but only if that knowledge is actionable.
A recent IID and Ponemon Institute survey found that out of the 47% of those surveyed that had a data breach in the past 24 months, 65% said that they believed threat intelligence could have prevented or minimized the consequences of the attack.
When asked the same question in the 2014 survey, 61% said yes—indicating increasing effectiveness of threat intelligence platforms and information exchange efforts.
“It is becoming more and more apparent that raw threat data is not effective. Just like the bad guys share ways to carry out their attacks, organizations must also share actionable and timely ways to stop threats,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “It is also clear that it is impossible for one organization to harvest that threat intelligence on their own as evidenced by the fact that 83% of people we surveyed exchange threat intelligence.”
The value of effective threat intelligence exchange is clear: A full 75% of respondents believe that exchanging threat intelligence improves their organization’s security posture, and 63% say it’s good for the United States’ critical infrastructure. But the main inhibitors for exchanging threat intelligence are potential liability issues, lack of trust in sources and lack of resources.
Respondents said timeliness makes threat intelligence the most actionable followed by the ability to prioritize and trustworthiness of the source. Despite 89% believing threat intelligence has a shelf life of hours or less, 79% refresh their data in increments of daily or longer.
The biggest source of threat intelligence is free sources. Yet 46% say they cannot prioritize threats with such platforms, 39% they have no confidence in them, and 35% they have no context with free sources.
“The amount of large organizations that have been breached online is eye-opening, but what is equally interesting is the fact that IT and security professionals know what they need to stop those cyberattacks yet they are not doing so,” said IID vice president of marketing Mark Foege. “We must continue to work together as an industry to make threat intelligence as timely, relevant and actionable as possible or else the bad guys will continue to infiltrate large businesses and governments worldwide.”