The impact of weak threat intelligence on organizations
A new Ponemon Institute study, which includes a survey of more than 700 respondents from 378 enterprises, defines what “live threat intelligence” is; how global enterprises are using it defend against compromises, breaches and exploits; and the financial damage that slow, outdated and insufficient threat intelligence is inflicting on them.
Following are the most salient findings that came out of the enterprises represented in the research. According to respondents:
- They spent an average of $10 million in the past 12 months to resolve the impact of exploits.
- If they had actionable intelligence about cyber attacks within 60 seconds of a compromise, they could reduce this cost on average by $4 million (40 percent).
- Those that have been able to stop cyber attacks say they need actionable intelligence 4.6 minutes in advance to stop them from turning into compromises.
- 60 percent were unable to stop exploits because of outdated or insufficient threat intelligence.
- Those not successful in detecting attacks believe 12 minutes of advanced warning is sufficient to stop them from developing into compromises.
- 57 percent believe threat intelligence currently available to most companies is often too stale to enable them to grasp and understand the strategies, motivations, tactics and location of attackers.
- Only 10 percent know with absolute certainty that a material exploit or breach to networks or enterprise systems occurred.
The report also points out that traditional “real-time” threat intelligence, which delivers delayed-response capabilities at best, is no longer able to provide information at the speed needed to defend against advanced cyber attacks. Readers will learn about a new breed of live threat intelligence available now that observes cyber attacks as they happen, analyzing threat data and delivering actionable intelligence to enterprises within milliseconds rather than hours, days, or weeks as is the case with many of today’s threat intelligence services.
Also in the report were a number of other findings about the state of cyber security within the participating enterprises:
- 72 percent believe that in order to defend against an attack, it is important to essential to know the geo-location of attack sources.
- 69 percent believe that future attacks are most likely to come from China, but 71 percent said they were seeing most of their current attacks originating in the U.S.
- 57 percent of say Advanced Persistent Threats (APTs) are their greatest concern; 54 percent say they are most concerned about root kits; 45 percent say SQL and code injection is their biggest worry.
- 35 percent rely on IT security teams’ “gut feel” to determine whether or not an attack will occur.
- 34 percent believe that criminal syndicates pose the biggest threat to their enterprise; 19 percent said state-sponsored attackers were the greatest threat.
- 9 percent cannot determine whether or not they are compromised.
- A wide range of technologies is used to gather threat intelligence, ranging from SIEM to IDS to IAM to Big Data analytics and firewalls. On a one-to-10 scale of effectiveness, only 22 percent rate these technologies between a seven and a 10, and 78 percent rate them between a one and a six.
The complete report is available (registration required).