Enterprise Management Associates (EMA) has published a new research report, ‘Cyber Threat Intelligence – Transforming Data Into Relevant Intelligence’. This shows that many organizations struggle with effectively leveraging cyber threat intelligence (CTI).
Until recent years, cyber threat intelligence was extremely expensive and only the largest organizations with budgets that allowed for such investment adopted it. However, in recent years, CTI has become much more affordable and accessible, with tools dedicated to processing and distributing CTI. Combined with CTI sharing partnerships and information sharing and analysis centers (ISACs), CTI is now more accessible than ever, even for small businesses that were previously financially restricted from accessing this important cyber security tool.
However, this sharing and accessibility presents new challenges. Increased CTI data must be analyzed for relevance and processed within the organization; and integrating CTI data with cyber security tools, such as SIEM, XDR, or network and endpoint protection, is also a challenge. What was once a rare occurrence with signatures that users could input to these tools manually now requires constant data streams that automatically update tools with the latest threat indicators.
Key findings include:
CTI methods and tools
- 94 percent of organizations have a dedicated CTI team
- 75 percent of organizations without a dedicated CTI team spend up to 25% percent of their time processing and responding to CTI.
Leveraging threat intelligence
- 84 percent of organizations focus on proactively providing CTI to the rest of their organization
- 30 percent of organizations state that their primary challenge with CTI is useless ‘noise’.
Impact and results
- 72 percent of organizations believe more CTI sharing is needed through mutual partnerships
- 12 percent of organizations do not have sufficient staff to analyze and respond to CTI.