Today we released our findings from the Ponemon Study, “The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies." The Ponemon Institute surveyed over a thousand IT security professionals on a range of threat intelligence topics. Results show that organizations are rapidly incorporating threat intelligence into their security programs, with 80% of North American respondents using threat intelligence (up from 65% in 2016). Whether or not their organization currently has a threat intelligence program, 84% of participants agreed that threat intelligence is “essential to a strong security posture.”
Despite increased adoption, many of the challenges of threat intelligence remain the same. 69% of respondents indicated that threat intelligence data is too voluminous and complex to provide actionable intelligence. Other top reasons for threat intelligence ineffectiveness include:
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, commented on these challenges, stating, “It’s abundantly clear that organizations now understand the benefits provided by threat intelligence, but the overwhelming volume of threat data continues to pose a hurdle to truly effective adoption. Threat intelligence programs are often challenging to implement, but when done right, they are a critical element in an organization’s security program. The significant growth in adoption over the past year is encouraging as it indicates widespread recognition of the value threat intelligence provides.”
Respondents identified a few key factors to successfully establishing a threat intelligence program, including:
Many organizations choose to leverage a threat intelligence platform (TIP) because they are useful for automating tasks, weeding out false positives, adding context, and integrating with existing security solutions. Threat intelligence platforms also prove critical for threat intelligence sharing, which remains a challenging task for security professionals. Only 50% of respondents currently participate in industry-centric sharing initiatives such as Information Sharing & Analysis Centers (ISACs), which provide industry-relevant intelligence, collaboration with peers, and networking with other security teams. Of those organizations, the majority (60 percent) only receive threat intelligence through ISACs but do not contribute intelligence. The biggest hurdles to outbound intelligence sharing include a lack of expertise (54 percent) followed by fear of revealing a breach (45 percent).
The study also uncovered an interesting disparity in threat intelligence sharing between U.K. organisations and their U.S. counterparts:
To learn more, download the free report or listen to a podcast interview with the author of the report, Larry Ponemon