Just connect

2021 SANS Cyber Threat Intelligence survey

ThreatQuotient-sponsored 2021 CTI

2021 SANS Cyber Threat Intelligence survey

ThreatQuotient™, a leading security operations platform innovator, announced the results of the 2021 SANS Cyber Threat Intelligence survey. In the past year, the spike in cyber breaches, compounded by COVID-related attacks, has only increased the importance of Cyber Threat Intelligence (CTI). The survey, sponsored by ThreatQuotient, explores the state of play in the global use of CTI and outlines why the past year’s difficulties have contributed to the continued growth and maturity of CTI.

“CTI is a key tool that can help regional businesses understand the intent of threat actors as they plan and conduct malicious cyber activities. CTI helps security professionals understand how threat actors are targeting systems, information, and people. This contextual information, once built up, can help organizations proactively respond to threats and risks and design better cyber defences,” explains Firas Ghanem as Regional Director – Middle East & Pakistan at ThreatQuotient.

Almost 20% of respondents indicated their implementation of CTI changed due to the pandemic, as adversaries took advantage of the disruption, with a sharp rise in COVID-related phishing and ransomware attacks targeting organizations across all industries. The mass shift towards remote working expanded the attack surface of organizations, as employees left the confines of their organizations’ cyber protections.

Respondents identified work-from-home threats such as phishing, lost or stolen devices, home networking equipment, malware, accidental release of sensitive data information, and employees having unauthorized access to business assets as playing a big part in how their implementation of CTI changed.

“While CTI is vital for regional enterprises, the shortage of skilled resources continues to be a primary obstacle, according to 53% of respondents. Trained analysts are required to make CTI relevant for an enterprises’ specific needs. The survey also found that organizations are taking charge of managing their CTI functions, with in-house teams growing and hybrid models decreasing,” adds Ghanem.

The findings show remote working changed the way CTI, incident response and security operations centre teams communicate, with both positive and negative impacts. With responses demonstrating that remote working helped teams be more focused and collaborative, text-based platforms helped facilitate communication between teams. However, some respondents identified the loss of face-to-face conversations as inhibiting sharing between teams.

Organizations also reported an increase in awareness of how the crisis impacted their employees, fostering an understanding that while many enjoyed working from home, CTI analysts found it difficult to shut down and take breaks when the office is your home. CTI and security professionals have also benefited from working virtually in the ability to attend virtual events, conferences or meetings, not only overcoming barriers of travel and spending, but it has also led to greater intelligence and threat sharing.

As CTI tools and processes are becoming more automated, analysts can spend more time working on more important and engaging activities than mundane collection and processing tasks. With the demand higher than ever on CTI analysts to integrate or process more information from government sources into their analysis and often the most automation relevant task, there is a widespread organizational need for better CTI tools and processes.

[email protected]

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More