- While more organizations are likely looking for the best options to combat evolving cybersecurity threats, a recent study found that the majority of security professionals are overwhelmed by the amount of cyberthreat data that they receive.
An Anomali study, conducted by Ponemon, found that 70 percent of security industry professionals find that their received threat intelligence is typically too voluminous and/or complex to provide actionable insights.
For the study, "The Value of Threat Intelligence: A Study of North American and United Kingdom Companies," Ponemon interviewed over 1,000 individuals in the United Kingdom and North America.
Respondents were in various industries, including financial services, health and pharmaceutical, and the public sector.
Less than one-third of respondents - 27 percent - said that they believe their organizations are very effective in utilizing threat data to pinpoint cyber threats.
A lack of staff expertise, a lack of ownership, and a lack of suitable technologies were the top three reasons why companies believe they are ineffective in using threat data.
Even so, 42 percent of those surveyed reported that their organization uses a threat intelligence platform. Twelve percent said they will deploy one in the next 12 months, while 10 percent stated they will deploy a threat intelligence platform more than 12 months from now. However, approximately one-third of respondents - 36 percent - said they have no plans to deploy a threat platform.
"Every industry knows that threat intelligence is a key component of any effective defense strategy and, as this survey points out, it has become too overwhelming to deal with," Ponemon Chairman and Founder Dr. Larry Ponemon said in a statement. "Security providers do a great job of gathering and storing data. Now, they need to simplify it and make it actionable so that security teams and top executives can make decisions that protect their businesses from surging attacks."
When asked why they do not want to deploy a threat intelligence platform, 56 percent stated it was due to a lack of staff expertise. Nearly half - 48 percent - said they were not deploying because of the cost of prevailing solutions, while 40 percent said it was due to a lack of suitable technologies.
The report also found that the reporting process may hinder how organizations are able to properly read cyberthreat data.
Specifically, 56 percent of respondents said their companies do not use standardized communication protocols. When standardized protocols are utilized, 59 percent said that it is in a format that is difficult to understand, such as unstructured PDFs or CSVs.
Anomali CEO Hugh Njemanze explained in a statement that many companies find themselves in “threat overload,” when too much data is delivered in the incorrect way.
"The number of threat indicators is skyrocketing and organizations simply cannot cope with the volume of threat intelligence data coming their way,” Njemanze said. “It's clear that what businesses need is a system that pinpoints the threats they must take notice of and that gives them actionable and relevant insights."
For healthcare cybersecurity threats, this is where standard privacy and security frameworks could be beneficial. The Healthcare Information Management Systems Society (HIMSS) recently called for this approach in a cybersecurity position statement.
The healthcare industry must implement a universal healthcare information privacy and security framework, create a cybersecurity leadership role at the Department of Health and Human Services (HHS), and resolve the shortage of qualified cybersecurity professionals, according to HIMSS.
“A proactive approach to security must be the norm, not the exception, to enable trust in, and facilitate collaboration and cooperation amongst, organizations,” the letter stated. “By becoming more difficult to infiltrate, the health sector will become less of a target by cyber criminals.”
Image Credit: Ponemon