76 Percent of Security Pros Say Sharing Threat Intelligence Is a Moral Responsibility


A recent AlienVault survey of 222 security professionals at the Black Hat 2016 conference found that 76 percent of respondents believe the IT security industry has a moral responsibility to share threat intelligence, and fully 95 percent of respondents use threat intelligence in some way.

When asked what sources they rely on for threat intelligence, respondents listed their own detection processes (66 percent), trusted peers (48 percent), paid subscription services (44 percent), government agencies (38 percent), crowdsourced/open source communities (37 percent), and blogs/online forums (28 percent).

One of the reasons for this wide range of threat intelligence sources, AlienVault said in a statement, is that threat intelligence can be additive in nature.

"A company can rely primarily on its own internal detection processes, but can complement this method with sources such as a government feed, or by pulling data from a crowdsourced platform, with little overlap in the data obtained," AlienVault stated. "By referencing more threat intelligence sources, a company can gain a more comprehensive view of the overall threat landscape."

Respondents said they share threat intelligence with trusted peers (56 percent), internally (47 percent), with government agencies (28 percent), publicly (18 percent), and with crowdsourced/open source platforms (15 percent). The adoption of crowdsourced platforms for threat intelligence sharing has increased almost five times since AlienVault conducted a similar survey last year.

"The nature of the security industry has been extremely secretive, so it's very encouraging to see that more people are utilizing different sources and are willing to more openly share threat intelligence," AlientVault security advocate Javvad Malik said in a statement. "Malicious criminals innovate quickly, and the more our industry can achieve a similar level of agility through cooperation and collaboration, the more we can create a powerful collective defense against today's advanced threats."

Fifty-three percent of respondents reported an increase in security incidents over the past year, and 62 percent said their security teams have increased in size over the last two years.

Separately, a recent TransUnion survey of 1,033 U.S. adults found that fully 83 percent of consumers are concerned that they will become a victim of identity theft within the next two years by having their personal data stolen from a business or government agency, and 53 percent said they or a member of their household has already been a victim.

Just 36 percent of respondents agreed that government agencies and organizations truly understand and appreciate the pain and problems that a data breach of personal information can cause, and 52 percent expressed concerns about what methods organizations and government agencies are using to protect sensitive data from fraudsters.

Fifty-five percent of consumers would like government organizations to mandate increased authentication security beyond user passwords to prevent identity theft, with "two-factor authentication" ranked the highest, followed by "identity verification" and "biometrics and fingerprinting."

"Cyber criminals are getting smarter and more technically sophisticated, making cybercrimes increasingly difficult to detect," Jeffrey Huth, vice president of product strategy for TransUnion's government information solutions division, said in a statement. "When criminals impersonate a real person using a stolen identity to access an online system, traditional cyber security measures will be ineffective."

A recent eSecurity Planet article examined the importance of sharing threat intelligence.