Knowledge is power? Businesses struggling to act on threat intel

Most organizations still lack the resources to leverage data

Organizations around the world continue to integrate threat intelligence solutions in an effort to protect their infrastructure, but a lack of security staff is rendering this data all but useless, a new report finds.

Threat intelligence has become a firm fixture in the defense toolkit of organizations everywhere, with the majority of businesses now citing it as extremely important to their company’s infrastructure.

That’s according to a survey published last week (registration required) by Cybersecurity Insiders, which found that 58% of companies were using threat intelligence to detect and prevent attacks on their systems.

However, while the perceived value of threat intel has grown considerably over recent years, 57% of those surveyed by Cybersecurity Insiders said that a lack of security staff made any information obtained nearly impossible to leverage.

Crowdsourcing security

Threat intelligence data is intended to help an organization understand, prepare, and defend against cyber intrusions.

“An example of the value of threat intelligence comes from a source that has identified a particular attack and deployed methods of protection against it, like network signatures,” explains Adam Kujawa, director of Malwarebytes Labs.

Speaking to The Daily Swig, Kujawa said how information collected from a spear-phishing campaign against some organizations, for instance, could help others beef up their defenses and help stop the same threat actors.

“The lessons, signatures, [and] indicators of compromise are shared with the rest of the members of the threat intel group so that they may deploy the same defenses without having to first experience this attack,” Kujawa said.

Low-hanging fruit

While Kujawa notes that automated threat intelligence tools can now be obtained and integrated at relatively little expense, he stressed that these solutions are not a silver bullet to an organization’s security woes.

“A big problem with threat intel is the assumption that because organization A got hit in a certain way, organisation B would have the same issue,” he said. “When in reality, many sophisticated attacks we’ve observed take a lot of things into consideration, like location, what applications are running, or what business the target is in before launching the more damaging attacks.”

Kujawa added: “It’s unlikely that threat intel would prevent a dedicated and clever adversary, but it’s great for taking out low-hanging fruit and identifying possible vulnerable points of entry in your organization.

“At the end of the day, threat intelligence is valuable to all organizations, but specifically those who deal with data security, who can use the lessons of others to protect their own networks from specialized attacks,” said Kujawa.