Nearly half of organisations have said that applying threat intelligence throughout their cyber security operations is one of the greatest challenges they currently face.
New research from Mandiant showed that although an overwhelming majority of business leaders (96%) are satisfied with the quality of threat intelligence their organisation is using, effectively utilising threat intelligence still represents a key hurdle.
This difficulty embedding threat intelligence within security practices is posing a severe risk to how organisations proactively mitigate threats whilst traversing an increasingly perilous threat landscape, the security firm said.
“A conventional, check-the-box mindset isn’t enough to defend against today’s well-resourced and dynamic adversaries,” said Sandra Joyce, VP for Mandiant intelligence at Google Cloud.
“Security teams are outwardly confident, but often struggle to keep pace with the rapidly changing threat landscape. They crave actionable information that can be applied throughout their organisation.”
Information overload
A key factor in the difficulty experienced by organisations seeking to bolster their threat intelligence capabilities is “information overload”, Mandiant warned.
The heightened state of danger currently permeating the global threat landscape means that security teams are now forced to process a far larger volume of data every day.
More than one-third (38%) said a key challenge was “knowing what to do with the information” they collected, and as a result believe they could risk overlooking potential threats.
“A large majority (84%) of respondents said that they are concerned they may be missing out on threats or incidents because of the number of alerts and data they are faced with,” read the report.
This information overload is also impacting individual personnel, with more than two-thirds (69%) of security teams admitting they feel overwhelmed.
James Collier, Mandiant senior threat intelligence advisor for Google Cloud, said that the lingering issue of information overflow is now a key barrier for security teams.
“One of the biggest barriers to building stronger defences is the sheer volume of information; organisations must find better strategies for putting intelligence into action to regain much-needed focus and identify clear priorities,” he said.
“UK organisations need to put themselves on the front foot, and that can only be achieved by knowing your adversaries,” Collier added.
What is threat intelligence?
Threat intelligence is a process which involves the gathering and analysis of cyber security data to combat emerging threats. It enables organisations to stay one step ahead of increasingly sophisticated threat actors.
This allows security practitioners to identify trends within the global threat landscape, such as the prevalence of specific attack methods, or the emergence of new malware strains, for example.
2023 Strategic roadmap for data security platform convergence
Capitalise on your data and share it securely using consolidated platforms
By gathering threat intelligence, practitioners can better understand threat actor motives, potential targets, and behaviours.
This understanding can help security teams secure systems from known attack methodologies of nation-state attackers, preventing attacks like ransomware, data breaches, and cyber espionage, among others.
Mandiant’s report showed that business leaders globally are now aware of the advantages that threat intelligence offers with regard to preventing future security risks.
96% of security leaders told the firm that it is “important to understand which cyber threat actors could be targeting their organisation”.
“The importance of threat intelligence was well understood. A large majority of the respondents deemed it important to identify the attacker (85%); the tools and techniques used by the attacker (88%); and the attacker’s motivation (87%),” the report stated.
However, despite the “appreciation for detailed threat intelligence”, security teams revealed they often do not follow through. Only 34% said they “always consider the source of a potential attack when testing cyber security defences and operations”.
In addition, the report found that security teams do not spend the requisite time on identifying and acting on threats.
“A substantial majority of respondents (79%) said their organisation could focus more time and energy on identifying critical trends within cyber security, while almost all (98%) said they need to be faster at implementing changes to their cyber security strategy based on the latest threat intelligence.”
