Businesses still rely on old threat methods as AI speeds up attacks
Threats are getting harder for organizations to deal with because attackers now have access to generative AI, faster tools, and a growing criminal marketplace that keeps pushing new tactics into the wild.
Plenty of companies still lean on older threat intelligence processes that just weren’t built for this pace. ISACA’s new white paper, Building a Threat-Led Cybersecurity Program with Cyberthreat Intelligence, lays out practical steps to help teams move toward a setup that’s easier to use day to day.
The paper explains that a threat-led approach starts with understanding which attackers matter most to the business. That means creating a realistic threat model, looking at how those attackers usually work, and linking that behavior to the systems and processes that would hurt the business most if compromised.
From there, teams can set clear intelligence priorities that spell out what information they need, why they need it, and how it should guide monitoring, detection, response, and governance.
ISACA points out that the main problem often isn’t a lack of data, but rather too much of it. Many teams juggle disconnected tools, overlapping feeds, and manual tasks that can slow everything down.
Dealing with threats
The paper says organizations need to take a thoughtful approach when picking a platform instead of rushing to add another tool to the pile. It suggests looking at the gaps first, bringing the right people into the decision, and judging vendors not just on their feature lists, but on how easy their systems are to use and integrate. Once a platform is in place, the focus can shift to building workflows and automation so intelligence flows directly into everyday work.
AI-supported methods also come up in the guidance. Automation can surface breached identity data faster, summarize huge amounts of dark-web material, and help confirm whether leaked credentials are real. Indicator feeds still matter, but they need to be tuned so analysts aren’t drowning in noise.
"An effective threat intelligence program is the cornerstone of a cybersecurity governance program. To put this in place, companies must implement controls to proactively detect emerging threats, as well as have an incident handling process that prioritizes incidents automatically based on feeds from different sources. This needs to be able to correlate a massive amount of data and provide automatic responses to enhance proactive actions," says Carlos Portuguez, Sr. Director BISO, Concentrix, and member of the ISACA Emerging Trends Working Group.
"In order for companies to achieve this, though, they need to overcome challenges like data overload, integration with cybersecurity products, knowledge and experience limitations within their cybersecurity teams, lack of automation initiatives and slow adoption of best practices and security frameworks," he added.
What do you think about ISACA’s guidance on building threat-led security programs? Let us know in the comments.
Image credit: Aleksandar Ilic/Dreamstime.com