Threat intelligence fails to deliver on its promise

A new study by the Information Security Forum (ISF), an independent authority on cyber security and information risk management, reveals that threat intelligence isn't delivering the expected business objectives.

While 82 percent of ISF Members surveyed have a threat intelligence capability, with the remaining 18 percent planning to implement one in the next twelve months, only 25 percent of those surveyed believe their capability is fully delivering.

"While organizations continue to rely on well-established security practices, many are seeking additional ways to keep pace with the increasing torrent of attacks," says Steve Durbin, managing director of ISF. "To efficiently manage cyber risks, organizations must build an accurate view of the threats they face -- their capabilities, intentions and actions -- and respond accordingly. Many organizations are looking to threat intelligence for this view of their adversaries, but often find it to be ill-defined, costly to buy or produce, and difficult to integrate into decision making. This leads to a failure to deliver the expected business aims."

Other issues include the lack of a common definition of threat intelligence, with 90 percent saying they would benefit from one. Only eight percent are able to find all the skills required for their threat intelligence capability, with the largest gaps being in identifying business implications and performing analysis.

Organizations are struggling to integrate threat intelligence into their decision making too, with only seven percent having achieved considerable integration and none having done so 'fully'. They're also struggling to manage their threat intelligence capability, with only 32 percent using a formal process.

You can find out more about the report's findings on the ISF website.

Image credit: gearstd / depositphotos.com