3 min

More than three-quarters of companies make security decisions without properly using information from their threat intelligence systems. This is according to researchers from Mandiant in a recent study. This is despite the fact that companies are often satisfied with the amount of threat intelligence they have.

According to the recent global Global Perspectives on Threat Intelligence survey by Google subsidiary Mandiant, companies often do not yet use all the information they get from their threat intelligence systems when making security decisions. This can lead to a less efficient security strategy or unnecessary purchases of security solutions and applications.

The report found that more than three-quarters of the companies surveyed indicated that they often make their security decisions without a good understanding of exactly which attack or attacker is involved. This is in stark contrast to the opinion of almost all companies that they are very satisfied with the quality of their threat intelligence. Also, almost all companies agree that threat intelligence helps them make changes to their security strategy more quickly.

There’s simply too much data

Speaking with CRN, John Hultquist, vice president of intelligence analysis at Mandiant, indicates that the main reason for this contradiction is that companies are getting too much information from their threat intelligence systems. They are simply unable to process all this information for good decisions. Nearly half of the respondents indicated that one of the biggest challenges is implementing threat intelligence within the security organization.

Similarly, APT threats still receive a lot of attention. These types of threats often come from cybercriminals operating on behalf of nation states. These types of threats are not a major concern for every company, according to Mandiant, so they do not need to focus on them and make decisions for them. What can affect them, however, is a ransomware attack. Companies know this because they receive a lot of information about it through their threat intelligence, Hultquist said.

Another example is the large amount of software vulnerabilities that companies receive. It is important for companies to focus on patching the highest-risk vulnerabilities. Threat intelligence can help determine which risks are most important, and companies can therefore better conduct their risk analysis, according to the Mandiant expert.

More management attention needed

The survey further found that more than half of respondents indicated that senior management still often underestimates cyber threats against the company. In addition, more than half of the companies surveyed also feel that understanding about the threat landscape needs to be improved. Just over half of the respondents can show their management that the company has an effective security strategy.

Cybersecurity would also be discussed only once every four weeks with the various business units, including the board of directors, various executives and other stakeholders. A company’s security position would be discussed with investors only once every seven weeks. Only 38 percent of respondents share security insights with the rest of the company for security awareness.

Positive note

Despite the fact that there are clearly many areas for improvement and that threat intelligence could be put to better use, respondents are also quite positive about the effectiveness of their security strategy. In particular, they believe they are well prepared to counter financially targeted attacks, such as ransomware. To a large extent, they also feel they are well prepared to deal with so-called hacktivists and cybercriminals operating on behalf of nation states, the survey indicates.