73 Percent of Security Pros Aren't Using Threat Intelligence Data Effectively
Just 46 percent say they're using threat data at all in deciding how to respond to malicious activity.
According to the results of a recent survey of 1,072 security industry professionals, 73 percent of respondents admit they aren't using threat data effectively to pinpoint cyber threats.
The top reasons for that lack of effectiveness include lack of staff expertise (69 percent of respondents), lack of ownership (58 percent), and lack of suitable technologies (52 percent).
The survey, sponsored by Anomali and conducted by the Ponemon Institute, also found that just 46 percent of respondents are using threat data at all in deciding how to respond to malicious activity.
Fully 70 percent of respondents, the survey found, believe threat intelligence is often too voluminous and/or complex to provide actionable insights.
Still, two-thirds of respondents either have or are planning to deploy a threat intelligence platform, and 78 percent rate the importance of threat intelligence in achieving a strong cyber security posture as very high.
"Every industry knows that threat intelligence is a key component of any effective defense strategy and, as this survey points out, it has becomes too overwhelming to deal with," Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement. "Security providers do a great job of gathering and storing data. Now, they need to simplify it and make it actionable so that security teams and top executives can make decisions that protect their businesses from surging attacks."
Forty-nine percent of respondents said their IT security team doesn't receive or read threat intelligence reports, and just 31 percent of respondents said they receive information that can be used to inform them about critical security and risk issues they face today.
"Too much data that is not delivered in the right way can be just as bad as not enough," Anomali CEO Hugh Njemanze said in a statement. "This is the situation that many companies find themselves in. We call it threat overload. The number of threat indicators is skyrocketing, and organizations simply cannot cope with the volume of threat intelligence data coming their way."
The survey found that 72 percent of enterprises plans to increase spending on threat intelligence over the next 12 to 18 months, and 55 percent plan to collect, process and analyze additional external threat intelligence over the next 12 to 24 months.
Sixty-nine percent of respondents regularly use six or more different external threat intelligence sources as part of their threat intelligence programs, and 60 percent claim that 25 employees or more review threat intelligence as part of their day-to-day responsibilities.
"Security teams are focusing on becoming more efficient and effective at incident prevention, detection and response," ESG senior principal analyst Jon Oltsik said in a statement. "By creating systems and processes that orchestrate threat intelligence, cyber security personnel can improve analysts' workflow and incident remediation so their organizations can be better prepared to operationalize threat intelligence."
Earlier this year, an AlienVault survey of 222 security professionals at Black Hat USA 2016 found that 76 percent believe the IT security industry has a moral responsibility to share threat intelligence, and 95 percent use threat intelligence in some way.
A recent eSecurity Planet article looked at the ways that sharing threat intelligence can prevent cyber attacks.
Photo courtesy of Shutterstock.