ThreatQuotient has announced the results of the 2021 SANS Cyber Threat Intelligence survey. The spike in cyber breaches in the past year, compounded by COVID-related attacks, has only increased the importance of Cyber Threat Intelligence (CTI) in the past year. The survey, sponsored by ThreatQuotient, explores the state of play in the global use of CTI and outlines why the difficulties of the past year have contributed to the continued growth and maturity of CTI.
“CTI is a key tool that can help regional businesses understand the intent of threat actors as they plan and conduct malicious cyber activities. CTI helps security professionals understand how threat actors are targeting systems, information, and people. This contextual information once built up can help organisations proactively respond to threats and risks, and design better cyber defenses,” explained Firas Ghanem, Regional Director, Middle East and Pakistan, ThreatQuotient.
Almost 20% of respondents indicated their implementation of CTI changed as a result of the pandemic, as adversaries took advantage of the disruption, with a sharp rise in COVID-related phishing and ransomware attacks targeting organizations across all industries. The mass shift towards remote working expanded the attack surface of organizations, as employees left the confines of their organisations’ cyber protections.
Respondents identified work-from-home threats such as phishing, lost or stolen devices, home networking equipment, malware, accidental release of sensitive data information, and employees having unauthorized access to business assets, as playing a big part in how their implementation of CTI changed.
“While CTI is vital for regional enterprises, the shortage in skilled resources continues to be a primary obstacle, according to 53% of respondents. Trained analysts are required to make CTI relevant for an enterprises’ specific needs. The survey also found that organizations are taking charge in the management of their CTI functions, with in-house teams growing and hybrid models decreasing,” added Ghanem.
The findings show remote working changed the way CTI, incident response and security operations center teams communicate, with both positive and negative impacts. With responses demonstrating that remote working helped teams be more focused and collaborative, while the use of text-based platforms helped facilitate communication between teams. However, some respondents identified the loss of face-to-face conversations as inhibiting sharing between teams.
Organisations also reported an increase in awareness of how the crisis impacted their employees, fostering an understanding that while many enjoyed working from home, CTI analysts found it difficult to shut down and take breaks when the office is your home. CTI and security professionals have also seen a benefit from working virtually in the ability to attend virtual events, conferences or meetings, not only overcoming barriers of travel and spend, but it has also led to greater intelligence and threat sharing.
As CTI tools and processes are becoming more automated, analysts are able to spend more time working on more important and engaging activities, rather than mundane collection and processing tasks. With the demand higher than ever on CTI analysts to integrate or process more information from government sources into their analysis, and processing often the most automation relevant task, there is a widespread organisational need for better CTI tools and processes.
Discussion about this post