Report shows organisations across A/NZ and APAC looking to CTI programmes to build a proactive defence posture.
New research from the 2020 SANS Cyber Threat Intelligence survey showed cyber threat intelligence was strong showing signs of maturing and cementing its place in the cybersecurity arsenal to protect businesses from relentless attempts at infiltration, theft and disruption by cybercriminals.
Due to the increased likelihood of cyber-attacks, organisations across A/NZ and APAC were increasingly looking to CTI programmes to build a proactive defence posture and for their response teams to stay one step ahead of adversaries in the increased likelihood of a cyber-attack.
Key findings from the 2020 SANS Cyber Threat Intelligence Survey, sponsored by ThreatQuotient reveal:
Cyber Threat Intelligence is Coming of Age
- Value: 82 per cent of survey respondents say their CTI activities are delivering value – organisations are becoming more strategic about how they implement the intelligence process and are recognising the value of collaboration with the wider threat intelligence community
- Use case: The leading use was for threat detection (89 per cent), followed by threat prevention (77 per cent), threat response (72 per cent) and threat mitigation (59 per cent)
- Intelligence source: 68.9 per cent said their primary source for gathering intelligence was threat feeds from CTI-specific vendors, up from 59.8 per cent in 2019
- Response teams: 85 per cent overall said they had some form of CTI resource, with nearly half (49.5 per cent) having a formal, dedicated team
- Collaboration: 45 per cent reported membership of an Information Sharing and Analysis Centre (ISAC). The main benefits noted are timely and relevant threat information and the ability to network with contacts at other member organisations
- Defined CTI requirements: The percentage of respondents reporting they have clearly defined intelligence requirements has jumped 13.5 per cent, from 30 per cent in 2019 to 44 per cent in 2020
- Stakeholders: There was more input from security operations teams, incident response teams and C-Suite executives, showing that a diverse group of stakeholders is helping to drive both the tactical and strategic direction of the CTI programme
- Produce & Consume: More than 40 per cent of organisations said they both produce and consume threat intelligence data
However, the research showed inhibitors holding teams back from utilising CTI.
These inhibitors were:
- Skills gap: The leading issue at 57 per cent was the lack of trained staff and skills associated with fully utilising CTI. The next leading issue at 52 per cent was the time to implement proper intelligence processes across the team
- Automation: The majority of processing tasks are completed either manually or semi-automated. More complex activities, such as reverse-engineering samples are a manual undertaking for 48 per cent of respondents
- Measuring effectiveness: Only 4 per cent of respondents had processes in place to measure the effectiveness of CTI, enabling to set obtainable goals based on requirements