We know that when an account is breached, the most damage occurs within the first few minutes. However, according to a new survey by the Ponemon Institute and NorseCorp, if a company has the right threat intelligence, it can take as little as 4.6 minutes to prevent an attack. When you compare those minutes before an attack versus the minutes after an attack, the savings can be in the millions of dollars.
The problem is that most IT organizations focus more on the post-attack scenarios when what they should pay attention to is improving their live threat intelligence. As the Ponemon 2013 Live Threat Intelligence Impact Report states:
While enterprises certainly need to defend against these attack vectors, this research reveals the connection between thwarting compromises and the need to have access to the most immediate threat intelligence available, or what is becoming known as ‘live threat intelligence.’ The research also shows that enterprises experiencing the highest number of compromises and breaches are reliant on slow, outdated and insufficient intelligence.
The report defines “live threat intelligence” as data about actual cyberattacks that are happening now with no delay, as opposed to in real time, which does have a slight delay. Dark intelligence, though, is the information found in the Internet’s seedy underworld and includes honey pots and proxies. Having this type of intelligence, the report found, makes a huge difference in how IT can approach cybersecurity.
In this survey of 700 respondents, Ponemon and Norse were able to learn how enterprise defines live threat intelligence and how global enterprises are using it defend against compromises. But perhaps the most important information revealed was how slow, outdated and insufficient threat intelligence is, and how it is inflicting serious financial damage. For instance, 57 percent of respondents believe threat intelligence currently available to most companies is often too stale to enable them to grasp and understand the strategies, motivations, tactics and location of attackers. The study also found that with live threat intelligence, an IT organization could discover an attack within 60 seconds of a compromise, which could reduce the cost of a breach on average by $4 million (40 percent).
Though most respondents agree about the value of live threat intelligence, the majority also states that they don’t have the infrastructure in place to institute the gathering of live threat intelligence. And with a lack of sufficient security funding, they don’t see a fix for their current situation. But in this case, the solution could be just changing their current strategy to be more preventive instead of responsive. As Sam Glines, NorseCorp CEO, said in a release:
Enterprises are conditioned to believe that after-the-fact threat intelligence is all that is available, a perception that is leaving them open to compromises and data breaches that are costing them millions.