sb-nz logo
Story image

Cyber threat intelligence reaching maturity in organisations worldwide

07 Jul 2020

Cyber threat intelligence is reaching a state of maturity and integration in organisations across the globe, according to a survey by the SANS Institute and sponsored by ThreatQuotient.

The 2020 SANS Cyber Threat Intelligence survey polled 1006 respondents, of whom 40.4% (406) had operations in APAC and 27.3% (275) in Australia & New Zealand.

The survey indicates that local organisations are investing more in cyber threat intelligence (CTI) programmes, with 49% of respondents stating they have a formal, dedicated team that focuses specifically on CTI.

Furthermore, 26.2% say CTI is part of a shared responsibility, and 8.8% say they have a single, dedicated person. Further down the scale, 7.1% plan to assign a person, 5.2% have no plans to assign a person, and 3.2% do not know.

Organisations are using CTI for three main use cases: threat detection (89%), followed by threat prevention (77%), threat response (72%) and threat mitigation (59%). Just under half (44%) of respondents say they have clearly defined threat intelligence requirements. 

“Organisations can use those requirements to set obtainable goals based on the intent behind the requirement. When looking at security and response use cases, these measurements can be mapped to overall defender-based metrics instead of simply tracking adversary metrics,” the report states.

Many organisations are using CTI specialist vendors for gathering intelligence, according to 68.9% of respondents. Others are members of information sharing and analysis centres (ISACs), in which organisations access timely and relevant threat information, as well as the ability to network with other organisations.

Respondents also rated their satisfaction areas in several key areas. Respondents are most satisfied with their ability to have visibility into threats (75%), search and report on those threats (73%) and have relevant threat data and information (72%).

Additionally, more than 40% of organisations say they both produce and consume threat intelligence data.

Organisations are facing common roadblocks such as skills gaps, automation, and a lack of ways to measure effectiveness.

According to the survey, 57% of respondents report a lack of trained staff and skills associated with fully utilising CTI. The next leading issue at 52% was the time to implement proper intelligence processes across the team.

Organisations are slow to adopt automation, with most tasks either manual or semi-automated. More complex activities, such as reverse-engineering samples are a manual undertaking for 48% of respondents.

Furthermore, 4% of respondents had processes in place to measure the effectiveness of CTI, enabling to set obtainable goals based on their requirements.

Story image
Majority of industrial enterprises face increase cyber threats since COVID-19
Leadership's top cyber security priority was implementing new technology solutions since the onset of the pandemic.More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
How to secure your business against DDoS Attacks
With the upward trend of DDoS attacks this year, and an increased dependency on online channels across all industries, businesses need to be prepared, so they don’t suffer any disruption. More
Story image
Entrust launches cloud-based ID issuance solution
The Sigma instant ID solution uses encryption, trusted HSM technology and secure boot to issue highly secure physical and mobile identities.More