REPORT: Organisations Are Turning to Cyber Threat Intelligence To Keep One Step Ahead of Attackers
July 2020 by sans institute
New data from the 2020 SANS Cyber Threat Intelligence survey, sponsored by ThreatQuotient, a threat intelligence platform provider, analyses the state of play in cyber threat intelligence (CTI) worldwide and reveals we are entering an exciting period. CTI shows strong signs of maturing and cementing its place in the cybersecurity arsenal to protect businesses from relentless attempts at infiltration, theft and disruption by cybercriminals.
Due to the increased likelihood of cyber attacks, organisations across ANZ and APAC are increasingly looking to CTI programmes to build a proactive defence posture and for their response teams to stay one step ahead of adversaries in the increased likelihood of a cyber attack.
The survey of organisations throughout the world received an unprecedented response from leading security professionals in the APAC and ANZ region, with 40.4% (406) of respondents having operations in APAC and 27.3% (275) in Australia & New Zealand. Notably, 4% of survey respondents hold C-Suite positions and 57.6% hold security analyst and response team roles, while the majority of respondents’ organisations operate in the government (24.5%), bank & finance (14.7%), cybersecurity service provider(13.7%), and technology (9.2%) sectors.
Key findings from the 2020 SANS Cyber Threat Intelligence Survey reveal:
Cyber Threat Intelligence is Coming of Age
• Value: 82% of survey respondents say their CTI activities are delivering value - organisations are becoming more strategic about how they implement the intelligence process and are recognising the value of collaboration with the wider threat intelligence community
• Use case: The leading use was for threat detection (89%), followed by threat prevention (77%), threat response (72%) and threat mitigation (59%)
• Intelligence source: 68.9% said their primary source for gathering intelligence was threat feeds from CTI-specific vendors, up from 59.8% in 2019
• Response teams: 85% overall said they had some form of CTI resource, with nearly half (49.5%) having a formal, dedicated team
• Collaboration: 45% reported membership of an Information Sharing and Analysis Centre (ISAC). The main benefits noted are timely and relevant threat information and the ability to network with contacts at other member organisations
Organisations are Becoming More Strategic About Cyber Threat Intelligence
• Defined CTI requirements: The percentage of respondents reporting they have clearly defined intelligence requirements has jumped 13.5%, from 30% in 2019 to 44% in 2020
• Stakeholders: There was more input from security operations teams, incident response teams and C-Suite executives, showing that a diverse group of stakeholders is helping to drive both the tactical and strategic direction of the CTI programme
• Produce & Consume: More than 40% of organisations said they both produce and consume threat intelligence data
Inhibitors Holding Teams back
• Skills gap: The leading issue at 57% was the lack of trained staff and skills associated with fully utilising CTI. The next leading issue at 52% was the time to implement proper intelligence processes across the team
• Automation: The majority of processing tasks are completed either manually or semi-automated. More complex activities, such as reverse-engineering samples are a manual undertaking for 48% of respondents
• Measuring effectiveness: Only 4% of respondents had processes in place to measure the effectiveness of CTI, enabling to set obtainable goals based on requirements
Ultimately, the 2020 SANS Cyber Threat Intelligence survey offers robust evidence that CTI is increasing in adoption and is proving its worth to a greater number of organisations than ever before. When threat intelligence is effectively collected, integrated, automated, prioritised and shared between analysts and wider stakeholders, organisations become more agile and effective at addressing the threats they face.
Now, more than ever, the uncertain cyber and physical environment and new threats emerging out of the disruption of COVID-19 pandemic mean that intelligence analysts need to share best practice data and strategies to overcome threats.