ThreatQuotient, announced results of 2022 SANS Cyber Threat Intelligence survey. This year representatives from more than 200 organizations participated in the SANS 2022 Cyber Threat Intelligence Survey. Two major cybersecurity events over the past 12 months, have showcased the role of cyber threat intelligence in network security operations: SolarWinds software supply chain attack and the Log4j vulnerability response process.
The 2022 SANS Cyber Threat Intelligence survey shows that many cyber threat intelligence programs can meet the challenge associated with this type of threats.
“An increasing number of respondents are reporting they are early in their cyber threat intelligence journey and going through the same growing pains that many companies who now have robust cyber threat intelligence programs previously faced,” says Firas Ghanem, Regional Director, Middle East & Pakistan at ThreatQuotient.
“While some programs are just getting started due to growing, complex threat environment, organizations can rely on cyber threat intelligence providers to fill in gaps as their programs mature,” adds Ghanem.
Collaboration between cyber threat intelligence teams and business operations groups, have been in decline since the shift to remote work in response to the pandemic. Organizations find coordination that was already not as intuitive when organizations were primarily in person, even more difficult now.
21% respondents said they could not measure whether their cyber threat intelligence program was useful to their organizations
“Cyber threat intelligence requires both collaboration and communication. Although it appears that shift to remote work, increased threats, and high workloads, has impacted collaboration over the past two years, organizations can address these factors by both processes and tools,” continues Ghanem.
Amongst the other findings, 21% respondents said they could not measure whether their cyber threat intelligence program was useful to their organizations. This result highlights the need for better ways to measure the effectiveness of cyber threat intelligence programs.
Threat intelligence platforms are still not the main tool used by cyber threat intelligence teams, with spreadsheets and emails leading the way once again, while one out of two respondents still prefers homegrown cyber threat intelligence platforms.
Vendors can certainly improve analysts’ experiences by continuing to understand use cases and share more of the requirements between practitioners and vendors. However, the encouraging trend in response to this is the continuous adoption’s increase of automation and integration of commercial and open-source cyber threat intelligence management platforms.