Nearly 50% of companies plagued by inaccurate or stale cyber threat intel: survey
A new approach is needed due to blindspots, dark web knowledge gaps, poor data quality and lack of context, according to Israel's Cybersixgill
Cybertech
| 08/03/2021
Photo: Bigstock
Many companies are struggling with a large knowledge gap regarding deep and dark web intelligence collection, the importance of intel freshness, the speed and rate of collections, as well as their overall impact on an organization's cybersecurity programs and posture, according to a recently-released survey.
However, the 2021 State of Threat Intelligence report, produced by threat intelligence solution company Cybersixgill in partnership with Dark Reading, also found that the area of deep and dark threat intelligence is gaining traction across the cybersecurity industry, Cybersixgill said.
According to the findings, 77% of organizations have at least one dedicated threat intelligence analyst, and 54% have more than five. Yet 48% of organizations struggle with inaccurate data and 46% with stale data. More than half state they don't have access to closed and invite-only forums, and nearly a third said they don't receive intelligence from deep and dark web sources, said the Israeli company.
"The deep and dark web is the world's third largest economy after the US and China. In other words, if you're a cyber criminal - you have to be there," said Meira Primes, CMO of Cybersixgill. "Organizations are drowning in irrelevant data, false positives and lack of 'big picture' understanding. Those who fail to adapt and act accordingly will not be able to advance their cyber defense strategy and protect their organization against cyber threats."
According to the company, additional findings include:
-Multiple Breaches: 25% of organizations have experienced six or more security breaches in the previous 12 months.
-Long time to action: 35% of organizations say it takes 12 hours or more to supplement new threat intelligence data with enough research to begin escalating and remediating incidents.
-Drowning in data: 35% of organizations use seven or more threat feeds at a time.
-Time wasted on false Positives: 95% of organizations waste anywhere from one hour to five days per week per analyst on false positives.
-Obsolete data impacting almost half of the organizations: 48% of organizations struggle with inaccurate threat intelligence data and 46% with stale data.
-Lack of context: 40% of organizations cite lack of context as the biggest source of dissatisfaction in threat intelligence.
The report suggests that cybersecurity professionals might have to shift the way they approach threat intelligence and implement a modern methodology that includes automating collection, analysis, research, and response in order to minimize the amount of manual labor it takes to truly operationalize threat intelligence, Cybersixgill said.
In addition, the report recommends a set of baseline criteria for enterprises evaluating threat intelligence feeds. Intelligence, the research shows, should be continuous, iterative, contextual, and operationally integrative, according to the company.
The report was said to have been based on a survey of 106 cybersecurity executives at large enterprises, covering various aspects of threat intelligence.
A new approach is needed due to blindspots, dark web knowledge gaps, poor data quality and lack of context, according to Israel's Cybersixgill
Photo: Bigstock
Many companies are struggling with a large knowledge gap regarding deep and dark web intelligence collection, the importance of intel freshness, the speed and rate of collections, as well as their overall impact on an organization's cybersecurity programs and posture, according to a recently-released survey.
However, the 2021 State of Threat Intelligence report, produced by threat intelligence solution company Cybersixgill in partnership with Dark Reading, also found that the area of deep and dark threat intelligence is gaining traction across the cybersecurity industry, Cybersixgill said.
According to the findings, 77% of organizations have at least one dedicated threat intelligence analyst, and 54% have more than five. Yet 48% of organizations struggle with inaccurate data and 46% with stale data. More than half state they don't have access to closed and invite-only forums, and nearly a third said they don't receive intelligence from deep and dark web sources, said the Israeli company.
"The deep and dark web is the world's third largest economy after the US and China. In other words, if you're a cyber criminal - you have to be there," said Meira Primes, CMO of Cybersixgill. "Organizations are drowning in irrelevant data, false positives and lack of 'big picture' understanding. Those who fail to adapt and act accordingly will not be able to advance their cyber defense strategy and protect their organization against cyber threats."
According to the company, additional findings include:
-Multiple Breaches: 25% of organizations have experienced six or more security breaches in the previous 12 months.
-Long time to action: 35% of organizations say it takes 12 hours or more to supplement new threat intelligence data with enough research to begin escalating and remediating incidents.
-Drowning in data: 35% of organizations use seven or more threat feeds at a time.
-Time wasted on false Positives: 95% of organizations waste anywhere from one hour to five days per week per analyst on false positives.
-Obsolete data impacting almost half of the organizations: 48% of organizations struggle with inaccurate threat intelligence data and 46% with stale data.
-Lack of context: 40% of organizations cite lack of context as the biggest source of dissatisfaction in threat intelligence.
The report suggests that cybersecurity professionals might have to shift the way they approach threat intelligence and implement a modern methodology that includes automating collection, analysis, research, and response in order to minimize the amount of manual labor it takes to truly operationalize threat intelligence, Cybersixgill said.
In addition, the report recommends a set of baseline criteria for enterprises evaluating threat intelligence feeds. Intelligence, the research shows, should be continuous, iterative, contextual, and operationally integrative, according to the company.
The report was said to have been based on a survey of 106 cybersecurity executives at large enterprises, covering various aspects of threat intelligence.
