When you write about IT security, you see a lot of threat reports. They come quarterly; they come annually. They are the best snapshot possible to understand what is happening in security – who is being targeted, what attack method is being used, and so on.
Security writers and experts aren’t the only ones who see value in these threat reports. According to a recent survey conducted by Solutionary, a significant number of organizations and businesses are using these threat reports to shape their network security strategies and security budgets.
According to the report, 83 percent use the reports to devise a security plan and 80 percent use reports to justify security resource and budget requests to reduce risks. In response to those numbers, Rob Kraus, Solutionary Security Engineering Research Team director, stated in a release:
This survey is encouraging; it shows that businesses of all types and sizes are using solid research and threat intelligence to strengthen defenses and reduce risk. It also shows that security providers can do more than just provide intelligence about the latest attacks and malware in the wild. We can make an impact that gets business decision makers to understand just how important security is and to commit to supporting it.
I think Kraus is spot on. I can’t think of a better way to begin outlining a security strategy than by recognizing what the threats are and how they can affect your particular organization. You also know that your strategy is built based on current threats, as opposed to what may have been threats in the past. Or, in other words, your security strategy is as current as possible instead of stagnant.
Because many threat reports come out quarterly, they give you the opportunity (or the nudge) to regularly review the plan you have and how it can be tweaked or updated. You can watch trends over the course of a year, and when it comes to setting the next budget, you have a better idea of how to structure it.
I’m a firm believer that security needs to be proactive, not reactive, and following the trends in the threat reports allow you to be just that.