The threat intelligence provider, Mandiant, says almost all cybersecurity leaders are happy with the threat intelligence they are consuming, but that intelligence is not always considered when they develop their cyber strategies and make purchasing decisions. The failure to effectively use threat intelligence data prevents organizations from getting the maximum ROI on their investment and reduces the effectiveness of their cybersecurity strategies.
Mandiant commissioned a survey of 1,350 cybersecurity decision-makers at organizations with at least 1,000 employees, across 18 sectors in 13 countries to gain a global perspective on how organizations are leveraging threat intelligence to navigate the global cybersecurity threat landscape. The survey confirmed that organizations typically receive threat intelligence from multiple sources, and 96% of cybersecurity leaders say they are happy with the threat intelligence they were receiving; however, 47% of respondents said they struggle to effectively apply threat intelligence throughout their organization and almost all respondents (98%) said they need to be faster at implementing changes based on the threat intelligence they receive.
A majority of respondents (79%) admitted to making purchasing decisions based on current cyberattack trends, without gaining insights into the attackers that are actually targeting their industry and the tactics they are using. For instance, security teams often implement defenses against advanced persistent threat actors (APT), when these nation-state actors do not actually pose a threat to their organization or sector. Security teams receive huge numbers of alerts about software vulnerabilities yet fail to use threat intelligence to identify which vulnerabilities are actually being exploited by the threat actors targeting their sector, or if the threat actors would even be able to exploit the vulnerabilities. While more than 85% of security leaders appreciate the importance of identifying attackers, their tools and techniques, and motivations, only 34% said they consider the source of a potential attack when they test their cybersecurity defenses.
If threat intelligence is not factored into purchasing decisions, solutions may be purchased that fail to provide the optimum level of protection against the most pertinent threats to their sector, which could weaken their cybersecurity strategy. Organizations that factor threat intelligence into purchasing decisions and cybersecurity strategies can achieve optimal protection against the tactics, techniques, and procedures used by the threat actors that are actually targeting their organization.
Even though security decisions are made without insights into the threat actors that are attacking them, security decision-makers were still confident in their cybersecurity defenses, especially against financially motivated threats such as ransomware. 91% of respondents were confident about their ability to protect against ransomware attacks, 89% were confident about defending against attacks by hacktivists, 83% were confident about defending against nation-state threat actors, and almost all respondents (95%) were confident they could prove to their senior leadership that they had a moderate to highly effective cybersecurity strategy.
More than two-thirds of cybersecurity decision-makers said they believe their senior leadership teams underestimate the cyber threat posed to their organization and 68% said their organization needs to improve its understanding of the threat landscape. While security teams understand the importance of threat intelligence, 79% of respondents admitted that they could focus more time and energy on identifying critical trends. The survey also revealed threat intelligence is not shared frequently enough throughout the organization. For example, Cybersecurity is only discussed on average once every four or five weeks with various departments within organizations, and only 38% of security teams share threat intelligence with a wider group of employees for risk awareness.
“A conventional, check-the-box mindset isn’t enough to defend against today’s well-resourced and dynamic adversaries. Security teams are outwardly confident, but often struggle to keep pace with the rapidly changing threat landscape. They crave actionable information that can be applied throughout their organization,” said Sandra Joyce, Vice President, Mandiant Intelligence at Google Cloud. “As our ‘Global Perspectives on Threat Intelligence’ report demonstrates, security teams are concerned that senior leaders don’t fully grasp the nature of the threat. This means that critical cyber security decisions are being made without insights into the adversary and their tactics.”
One of the problems highlighted by the survey is information overload. Organizations receive vast amounts of threat data that needs to be processed and there is concern that important information may be missed. 84% said they were concerned that they may be missing vital threat intelligence due to the number of alerts and data they have to process, and 69% of respondents said they feel overwhelmed by the threat intelligence data they receive. In healthcare, 79% of respondents said they feel somewhat or completely overwhelmed by the amount of data and alerts they have to deal with.
Mandiant offers several suggestions that can help security leaders maximize their investment and effectively operationalize their cyber threat intelligence. Organizations should regularly evaluate the data received to make sure it is timely, trustworthy, and accurate. It is important to learn about the threat actors that are actually targeting the organization and sector, adapt defenses accordingly, then test defenses and the organization’s response to the attack tactics that have been identified and track improvements over time. Threat intelligence also needs to be leveraged across all security systems and processes to proactively protect against all potential threats. Organizations should also ensure that threat intelligence is communicated effectively with stakeholders to allow that intelligence to be factored in when making purchasing decisions.
The post Mandiant: Organizations Are Not Getting the Maximum ROI from Threat Intelligence appeared first on HIPAA Journal.