[BreachExchange] CISOs Wary Of Threat Intelligence Accuracy, Quality: Study

Audrey McNeil audrey at riskbasedsecurity.com
Thu Feb 8 18:49:11 EST 2018


In a world where cyber criminals are becoming increasingly stealthy and
sophisticated—with new threats on the rise ranging from ransomware to DNS
hijacking—it is ineffective and costly for companies to defend themselves
against cybersecurity threats alone. According to a new report conducted by
Ponemon Institute , the consumption and exchange of threat intelligence has
increased significantly since 2015. Yet despite the increase in the
exchange and use of threat intelligence, CISOs are not satisfied with the
current quality of the data.

The report titled “Exchanging Cyber Threat Intelligence: There Has to Be a
Better Way,” found that while security professionals are increasingly
recognizing the importance of threat intelligence, the majority remain
dissatisfied with its accuracy and quality. Meanwhile, because many
security teams still execute threat investigations solo rather than pooling
intelligence, their ability to quickly act on threats is limited. The
report found 67 percent of IT and security professionals spend more than 50
hours per week on threat investigations, instead of efficiently using
security resources and sharing threat intelligence.

Lack of accuracy and timeliness is among the top complaints about threat
intelligence, which in turn hinders its effectiveness and security teams’
ability to quickly mitigate threats, the report noted. In fact, only 31
percent of respondents cited threat intelligence as actionable. But
exchanging threat intelligence amongst peers, industry groups, IT vendors
and government bodies can result in more holistic, accurate and timely
threat intelligence and a stronger security posture.

Two-thirds of respondents (66 percent) reported that threat intelligence
could have prevented or minimized the consequence of a data breach or cyber
attack, indicating that more infosecurity professionals are realizing the
importance of threat intelligence.

“Cybersecurity takes a village, and this survey spotlights a real need for
the cybersecurity community and public sector to better cooperate and
communicate to share intel on security threats,” said Larry Ponemon, Ph.D.
chairman and founder of the Ponemon Institute.

“More accurate and comprehensive exchange of threat intelligence will speed
up our ability to respond to attacks and will result in stronger defense
against cyber threats - whether that’s amongst enterprises or our nation’s
critical infrastructure,” he added.

The vast majority of respondents are focused on threat sharing, with 84
percent of organizations fully participating or partially participating in
an initiative or program for exchanging threat intelligence with peers
and/or industry groups. But, most of these organizations are only
participating in peer-to-peer exchange of threat intelligence (65 percent)
instead of a more formal approach such as threat intelligence exchange
services or consortium, which contributes to the dissatisfaction with the
quality of the threat intelligence obtained.

“There’s a real need for actionable, timely and effective threat
intelligence sharing,” said Jesper Andersen, CEO of Infoblox. “As industry
players, we have a responsibility to our customers and consumers to make
sure we’re doing everything to facilitate comprehensive threat intelligence
within the ecosystem. This means establishing an exchange platform that
enables sharing that is trusted, neutral and offers a 360-degree view of
market threats.”

Other key findings from the survey include:Most respondents believe threat
intelligence improves situational awareness, with an increase from 54
percent of respondents in 2014 to 61 percent of respondents in this year’s
study. Sixty-six percent of respondents say shared information is not
timely, and 41 percent say it is too complicated.

Potential liability and lack of trust in intelligence providers prevent
some organizations from fully participating in threat intelligence exchange
programs, with 58 percent and 60 percent respectively citing these
concerns. Twenty-four percent of organizations would rather exchange threat
intelligence via a threat intelligence exchange service and 21 percent via
a trusted intermediary, with only four percent preferring to share
intelligence directly with other organizations— indicating a need for an
exchange platform that enables such sharing because it is trusted and

While the value of threat intelligence declines within minutes, only 24
percent of respondents say they receive threat intelligence in real time
(nine percent) or hourly (15 percent). Seventy-three percent of respondents
say they use threat indicators and the most valuable types of information
are indicators of malicious IP addresses and malicious URLs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180208/ee79f595/attachment.html>

More information about the BreachExchange mailing list