Cyware Survey Highlights How Untapped Threat Intelligence Weakens Cybersecurity

ISAC Aug 2, 2024

A recent survey conducted by Cyware at the Infosecurity Europe 2024 exhibition shines a spotlight on a critical issue: many organizations are stuck in silos, unable to fully tap into the potential of their threat intelligence due to disjointed teams and disparate data and technology.

Collaboration in Cyber Defense

It's no secret that collaboration and information sharing are key to a proactive security posture. An overwhelming 91% of survey respondents emphasized their importance, yet many organizations still find themselves struggling to effectively share threat intelligence. Seventy percent of respondents admitted their organizations could do better in this area, with 19% feeling they could share a lot more.

A major roadblock in this information flow is the underutilization of Information Sharing and Analysis Centers (ISACs). More than half of the respondents (53%) said their organizations don’t make use of these invaluable resources, highlighting a significant gap in threat intelligence strategies. Even more concerning, over a quarter (28%) of respondents weren’t even aware of ISACs and their crucial role in managing cyber risk across various industries. This calls for a serious boost in industry-wide awareness and education.

What’s Holding Back Threat Intelligence Sharing?

The survey digs deeper into the barriers to effective threat intelligence sharing and collaboration. It turns out that the real hurdle is human—over half (51%) of respondents pointed to people as the main barrier. Processes and technologies also play a part, cited by 21% and 11% of respondents, respectively. These challenges are compounded by the difficulty nearly half of the respondents (49%) face in synthesizing actionable insights from various security tools, such as threat intelligence platforms, SIEM systems, asset management, and vulnerability management platforms.

The disconnection between teams and the compartmentalized use of security tools creates a significant roadblock to delivering actionable threat intelligence. To combat this, Cyware advocates for establishing virtual and distributed Cyber Fusion Centers (CFCs), which integrate traditionally siloed security functions. CFCs enable organizations to scale and integrate their security operations, combining high-fidelity threat intelligence with threat operations for rapid threat response.

How AI is Changing the Game

In this landscape of challenges, artificial intelligence (AI) has the potential to make a meaningful difference in how organizations get value from threat intel. The survey reveals that 65% of respondents believe AI will boost their organization’s ability to share threat intelligence, with over a third (35%) already witnessing its impact. AI has the potential to streamline processes, enhance data analysis, and facilitate more efficient information sharing, ultimately strengthening an organization’s cybersecurity posture.

Key Insights and Takeaways

  • Threat Intelligence Sharing: 70% of respondents feel their organizations could amp up threat intelligence sharing, while only 23% think they’re hitting the mark. A mere 2% feel they’re oversharing.

  • Inter-Team Collaboration: When it comes to sharing, respondents said DevOps teams are the most tight-lipped (31%), followed by Security Ops (17%), Threat Intelligence (16%), and IT Ops (15%).

  • Frequency of Sharing: Only 23% of teams share threat intelligence daily, with 21% doing so in real-time, 17% weekly, and 14% monthly.

A Call to Action for Proactive and Unified Cyber Defense

In the face of evolving cyber threats, the Cyware survey underscores a pivotal truth: effective threat intelligence sharing is no longer optional—it's essential. The time has come for organizations to shift from isolated efforts to integrated solutions.

Terrence Driscoll, Cyware’s Chief Information Security Officer, underscores the need for a proactive approach, stating, “The disconnect between teams and the siloed approach taken around the use of security tools poses a serious threat to the delivery of threat intelligence, and by definition, the ability of organizations to protect themselves against today’s cybersecurity risks. What’s required instead is the proactive approach offered by creating virtual and distributed Cyber Fusion Centers where traditionally siloed security functions are scalable and integrated, combining high-fidelity threat intelligence with threat operations for rapid threat response.”

As organizations navigate the complexities of cybersecurity, the key to success lies in breaking down the barriers that hinder collaboration. By fostering a culture of openness and leveraging technologies like AI, businesses can unlock the full potential of their threat intelligence capabilities.

Related Blogs