Yesterday I talked about the glimmer of good news, in that organizations are doing more to prepare for potential data breaches and manage overall security.
Improvements are good, but other research shows just how far we have to go to implement effective security plans, and just how difficult it is to keep up with cybersecurity threats.
For example, last month, the Information Security Forum (ISF) released its report, Threat Intelligence: React and Prepare, which found that threat intelligence is often failing organizations.
Threat intelligence should be able to provide a clear picture about past, present and predicted attacks against an organization. However, according to the report:
threat intelligence is failing to deliver on its promise: while 82 percent of ISF Members surveyed have a threat intelligence capability, with the remaining 18 percent planning one in the next twelve months, only 25 percent believe their capability is fully delivering the expected business aims.
ISF said five common problems are causing this threat intelligence letdown:
- No common understanding/definition of threat intelligence
- Very few able to identify all of the skills required for their threat intelligence capabilities, with large gaps in business implications
- The ability to integrate threat intelligence into decision making
- Management of threat intelligence capabilities
- Uncertainty of how practical considerations, like the use of technologies or collaborations, affect threat intelligence
As Steve Durbin, managing director with ISF, explained in a formal statement:
To efficiently manage cyber risks, organizations must build an accurate view of the threats they face – their capabilities, intentions and actions – and respond accordingly. Many organizations are looking to threat intelligence for this view of their adversaries, but often find it to be ill-defined, costly to buy or produce, and difficult to integrate into decision making. This leads to a failure to deliver the expected business aims.
Durbin went on to say that managing threat intelligence capabilities requires three important elements: the production, content and use of threat intelligence. However, there is also the question of how prepared employees are to grasp the concepts and capability of threat intelligence. CompTIA released a study looking at the IT skills gap and found it is getting wider, at a time when new technologies are emerging and requiring more proficiency and more security.
So what can you do to make threat intelligence work for you? The ISF report has a straightforward list of nine steps that include developing a prioritized list of threat intelligence requirements and clear communications about threat intelligence to the users. But will you have someone on board who can understand the intelligence presented?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba