When all else fails, organizations realize they must share threat intel
A large majority of security IT decision makers are ready and willing to share valuable threat intelligence data to help the collective industry make better, more informed decisions when it comes to cyber attacks, an IronNet Cybersecurity report reveals.
To compile the “Collective Offense Calls for a Collective Defense: A Reality Check for Cybersecurity Decision Makers” report, IronNet commissioned survey firm Vanson Bourne to interview 200 U.S. security IT decision makers across many industries including technology, telecommunications, retail, financial services, government, media and utilities.
The survey polled respondents—more than half of whom serve in C-level positions—on issues ranging from confidence and efficacy around their cybersecurity solutions and perceived vulnerabilities to Artificial Intelligence (AI) and Machine Learning (ML) investment decisions and attitudes on collective defense and threat sharing.
Organizations are ready for collective defense
- The vast majority (94%) of respondents’ organizations currently subscribe to or invest in some form of collective defense, including threat sharing of IPs, file hashes, domains, and other signature-based indicators.
- 94% of respondents stated that their organization would be willing to increase the level of threat sharing with their industry peers if it demonstrably improved their ability to detect threats.
- Similarly, 92% say their organization would be willing to increase sharing with the government if it enabled the government to use political, economic, cyber, or other national-level capabilities to deter cyber attacks.
There’s a disconnect between confidence levels and actual vulnerability and system maturity
- 55% of IT decision makers noted that they are confident that their cybersecurity capabilities are advanced and stated they are in better shape than others in their industry.
- 85% of respondents are most likely to rate their organization’s cybersecurity technology, systems, and tools as advanced.
- In a 12 month span, respondents on average experienced 4 attacks on their organization, with 20% of respondents being hit 6 or more times.
- Nearly a quarter of respondents identified that they are facing issues with each of the following: lack of real-time visibility across industrial control systems and IoT (27%), lack of timely threat intelligence information (25%), and too many cybersecurity tools and poor integration between them (24%).
- Almost 8 in ten respondents stated their organization has had a cybersecurity incident so severe, it has required a C-level/Board meeting after.
AI and ML investment is robust, but maturity is key to ROI
- Three-quarters (73%) of respondents state that their organization has invested in AI or ML in the past 12 months.
- Of the 27% of respondents who hadn’t invested in AI or ML in the past 12 months, 35% said their reason was that they were simply unsure of the value.
According to the report, “It no longer takes a nation-state to mount a nation-state-grade cyber attack. Threat actors are increasingly sharing techniques and best (or worst) practices to make their attacks more profitable for themselves and more damaging to organizations. Collective offense is testing the integrity of cyber defenses everywhere.”