A new report, “Importance of Cyber Threat Intelligence to a Strong Security Posture,” reveals a greater reliance on threat intelligence as a viable enterprise cybersecurity defense. Commissioned by Webroot, the market leader in cloud-based, real-time internet threat detection, and in partnership with the Ponemon Institute, the study indicates that most companies believe threat intelligence is essential for a well-rounded cybersecurity defense and has proven effective in stopping security incidents. However, improvements are necessary to make threat intelligence more timely, accurate and actionable in order to strengthen an organization’s security posture.
Key findings from the Cyber Threat Intelligence Study include:
- 40% of companies surveyed had a material security breach in the past 24 months, and 80% believe if they’d had threat intelligence at the time of the breach, they could have prevented or minimized the consequences of the attack
- Current cyber defense practices are not considered effective; only 36% of respondents rate their company’s defense as strong
- Almost half of respondents are increasing the amount of intelligence data they receive to prevent or mitigate the consequences of an attack
- 56% say intelligence becomes stale within seconds or minutes, and indicate that the more valuable features of a threat intelligence solution are the ability to implement intelligence and gauge the trustworthiness of the source in real time
- 49% use “fee-based” sources of intelligence, stating free sources are inadequate for comprehensive threat analysis, making it more difficult to prioritize threats
- In the next two years, one-third of respondents will increase their threat intelligence budget significantly
The new survey features perspectives from 693 IT and IT security professionals in the U.S., with sixty-one percent of respondents in the Fortune 1,000, Global 2,000 and the Forbes List of the Largest Private Companies. It concluded that companies see the potential benefits and importance of having cyber threat intelligence. However, participants are wary of the reliability of this intelligence, as well as its ability to be actionable. Further, respondents are also dissatisfied with perceived threat intelligence deficiencies, such as a surplus of alerts and false positives that make it difficult to respond to breaches.
“While the report found that spending on threat intelligence is expected to increase in the next two years, these resources do not necessarily translate to greater security, and it is critical that the information be timely, accurate and actionable to be effective,” said Larry Ponemon, chairman and founder of Ponemon Institute. “The results of the study indicate that, while some companies have figured out how to leverage threat intelligence into a viable enterprise security defense, many more have not. But, given the rapidly changing threat landscape, we expect threat intelligence to evolve to the point that it will become a key component of IT security.”
“Businesses are struggling to identify and stop new web threats because they must assess the risk of more unknown objects than before and the rate of change across the threat landscape is faster than their traditional security technologies can keep up with,” said Patrick Kennedy, vice president of enterprise marketing at Webroot. “The study highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks.”
What can organizations do?
To achieve a stronger security posture, organizations should consider integrating real-time threat intelligence into their security infrastructure in order to more quickly assess the risk of unknown IPs, URLs, files and mobile apps before they enter the IT environment. Combining this with experienced staff and appropriate incident response processes will increase an organization’s ability to minimize or prevent serious security incidents.
For a copy of the Importance of Cyber Threat Intelligence to a Strong Security Posture report and comprehensive analysis of the survey findings, visit http://www.webroot.com/shared/pdf/CyberThreatIntelligenceReport2015.pdf.
About Ponemon Institute
Ponemon Institute was founded in 2002 by Dr. Larry Ponemon. Headquartered in Michigan, Ponemon Institute is considered the pre-eminent research center dedicated to privacy, data protection and information security policy. Ponemon Institute's annual consumer studies on privacy trust are widely quoted in the media and the organization's research quantifying the cost of a data breach has become valuable to organizations seeking to understand the business impact of lost or stolen data. For more information, please visit: http://www.ponemon.org/