A Threat Intelligence Benchmark, a study by the forecaster Forrester Consulting commissioned by Google Cloud, looked at the threat intelligence practices of more than 1,500 IT and cybersecurity people from eight countries and across 12 industries. Operationalizing threat intelligence remains a major challenge, said a majority of the surveyโs respondents.
Too much data leaves security teams struggling to prioritize threats, creating significant security gaps, it’s suggested. As a result, most, 86 per cent of respondents said that their organization needs to improve its understanding of the threat landscape, 85pc of respondents say that their organization could focus more time and energy on emerging critical threats, and 72pc said they are mostly reactive to threats. Most, 86pc of respondents agreed that they โmustโ use AI to improve their ability to operationalize threat intelligence. When asked about the benefits of using AI in threat intelligence, improving efficiency by generating easy-to-read summaries was cited most frequently.
โRather than aiding efficiency, myriad [threat intelligence] feeds inundate security teams with data, making it hard to extract useful insights or prioritize and respond to threats. Security teams need visibility into relevant threats, AI-powered correlation at scale, and skilled defenders to use actionable insights, enabling a shift from a reactive to a proactive security posture,โ said the study.
Among suggestions by Google Cloud: define your ‘crown jewels’, and regularly ask your incident response (IR) and security operations centre (SOC) teams about the threat intelligence that could have helped them prevent, detect, and respond faster to recent incidents. Their answers can be used to refine priorities. The tech firm says that using AI, Google Threat Intelligence provides visibility into threats.
Comment
Graeme Gordon, CEO of cyber and IT services firm IFB.net, said: โItโs asking a lot for organisations to effectively run security internally. Firstly, itโs a full-time job, secondly, protections must run 24/7, while thirdly, there are often far too many threat alerts for small teams to manage. But these important alerts cannot be ignored, because one missed threat could lead to a full scale breach.
“The world has recently witnessed major attacks on some of the globeโs largest retailers, and many people have been surprised by the impact these have had. Food suppliers have been disrupted, sales figures have dropped to record lows, while the shopping habits of consumers have also been directly hit. These incidents highlight the dangerous world of cyber crime today. It only takes one successful phishing scam and attackers can change everything.
“These figures highlight that organisations are clearly struggling to find the resources in house to manage security, which could be increasing their vulnerability to attacks. For organisations that fall into this category, it may be time to consider working with a partner that can alleviate the task of security from internal teams. Gambling with security is no longer an option. If an organisation recognises a problem with its internal defences, don’t ignore it, fix it.โ
