The good news: More organizations are using threat intelligence to detect and then mitigate potential cybersecurity incidents.
The bad news: There is so much threat data being generated and so few skilled security personnel to address these concerns that the overall effectiveness of threat intelligence is diminished.
This good news/bad news paradox is among the findings of a new study from Anomali and the Ponemon Institute. "The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies" found that 80 percent of North American organizations are currently using threat intelligence as a part of their cybersecurity program, up from 65 percent in 2016, but 69 percent of respondents indicated that threat intelligence is too voluminous and complex to provide actionable intelligence. This led Larry Ponemon, chairman and founder of the Ponemon Institute, to say in a formal statement:
It's abundantly clear that organizations now understand the benefits provided by threat intelligence, but the overwhelming volume of threat data continues to pose a hurdle to truly effective adoption. Threat intelligence programs are often challenging to implement, but when done right, they are a critical element in an organization's security program.
In that same statement, Hugh Njemanze, CEO of Anomali, added that organizations need to improve their ability to quickly pinpoint active threats and mitigate them before material damage occurs.
One way to do that is by having more skilled staff on hand who are prepared to understand the threat intelligence gathered and to actively work on solutions to address the problems. Yes, I know the stories about the security skills shortage. I’ve written about the security skills shortage. However, the security help that you need might be lurking within your organization already. An (ISC)² study found that companies aren’t doing enough to empower the employees inhouse to gain security skills needed or to train security advocates throughout different departments to be able to recognize and prevent security threats. According to the report, IT professionals, in particular, are underutilized in the battle against cybersecurity threats. After all, IT staff are the ones already working with the infrastructure and have a better understanding of the organization’s mission than other employees, and many already do frontline cybersecurity defense or mitigation as part of their regular duties. At the same time, we should also recognize the talents of other, non-technical professionals who may be more adept at people-reading skills who could play a role to stop social-engineered threats. As (ISC)² CEO David Shearer pointed out in a formal statement:
Our findings suggest too many organizations overlook a tremendous pool of cybersecurity talent already on staff and intimately familiar with their infrastructure and processes. The quickest way for many organizations to bolster their cyber defense is through continuous security education and empowerment of their IT team. Security is a shared responsibility across any enterprise or government agency. Unless IT is adequately trained and enabled to apply best practices across all systems, even the best security plan is vulnerable to failure.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba