According to a recent survey of 692 IT and IT security professionals, fully 47 percent of respondents said their company had experienced a material security breach in the past 24 months.
The survey, conducted in September 2015 by the Ponemon Institute and sponsored by IID, also found that 65 percent of respondents said they believed threat intelligence could have prevented or minimized the impact of that breach.
"Just like the bad guys share ways to carry out their attacks, organizations must also share actionable and timely ways to stop threats," Ponemon Institute chairman and founder Larry Ponemon said in a statement.
"It is also clear that it is impossible for one organization to harvest that threat intelligence on their own as evidenced by the fact that 83 percent of people we surveyed exchange threat intelligence," Ponemon added.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Seventy-five percent of respondents said they believe exchanging threat intelligence improves their organization's security posture, and 63 percent said it's good for U.S. critical infrastructure.
Timeliness is key -- while 89 percent of respondents believe threat intelligence has a shelf life of hours or less, 79 percent only refresh their data daily or in even longer increments.
And although free sources of threat intelligence are the most commonly used, 46 percent of respondents said they can't prioritize threats with free sources, and 39 percent said they have no confidence in them.
The leading concerns keeping companies from exchanging threat intelligence are potential liability issues (62 percent of respondents), lack of trust in sources (60 percent of respondents), and lack of resources (52 percent of respondents).
"The amount of large organizations that have been breached online is eye opening, but what is equally interesting is the fact that IT and security professionals know what they need to stop those cyber attacks yet they are not doing so," IID vice president of marketing Mark Foege said in a statement.
"We must continue to work together as an industry to make threat intelligence as timely, relevant and actionable as possible, or else the bad guys will continue to infiltrate large businesses and governments worldwide," Foege added.
The report offers the following recommendations to improve the exchange of threat intelligence:
- Establish a trusted intermediary for the exchange of threat intelligence.
- Address liability concerns that may result from the exchange of threat intelligence among organizations.
- Speed up the process of sharing threat intelligence. Threat intelligence is considered to go stale within seconds or minutes.
- Present intelligence in a format that prioritizes threats and categorizes the threat type or attacker.
- Simplify the communication of intelligence to ensure ease and speed of use.
- Create a collaborative environment for the sharing of threat intelligence within organizations by eliminating silos and deploying technologies that streamline the dissemination of intelligence throughout the organization.
- Encourage the use of technologies to integrate shared threat intelligence into IT cyber defenses. These include: UTM and next generation firewalls followed by SIEM and other network intelligence tools.
A recent eSecurity Planet article examined the potential of threat intelligence to help thwart cyber attacks.