One such platforms study showed that the pandemic-driven surge in cyberattacks had motivated even the smaller businesses to consider Cyber Threat Intelligence (CTI).

A threat intelligence platform has released data showing that the increased likelihood of cyberattacks during that global pandemic has caused more firms to consider Cyber Threat Intelligence (CTI) programs to build a proactive defence posture.

The data was gleaned from a global survey of security professionals predominantly made up of those holding Security Analysts & Response (60.5%%) and CISO/CSO/C-Suite roles (7.9%). Some 40.1% of respondent organizations had operations in Asia and 25.1% in Australia & New Zealand, in industries including: Cybersecurity (17.4%), Banking & Finance (16.7%), the Government (12.6%), Technology (12.2%), and Manufacturing (6.4%). No other methodology details were disclosed.

Four key findings of the survey commissioned by ThreatQuotient include:

  1. The pandemic changed how organizations implement CTI programs:
    Impact of WFH: 20% of respondents said the mass move to WFH and sharp rise in COVID-related phishing and ransomware attacks forced their organization to get proactive in their cyber response.

    Increased attack surface: Employees leaving the confines of their organizations’ cyber protection faced threats included phishing, lost or stolen devices, home networking equipment, malware, accidental release of sensitive data information, and employees having unauthorized access to business assets. These threats played a big part in how the organization implemented CTI.
  2. Small to medium-sized enterprises increasingly saw value in CTI:
    CTI no longer for the top 1% of organizations: 24% of respondents worked in organizations with under 500 employees and 47% in companies of less than 5,000 employees across Cybersecurity, Banking & Finance, Government and Technology the leading industries. When asked about the usefulness of CTI, 63% of respondents said CTI provided them with timely and relevant threat information about adversary groups in their industry and location, while 50.7% said CTI provided them with information about who the threat actors are or who performed the attack—up 2.7% from the previous year’s survey.

    CTI Improved response capabilities: 77% said CTI improved their detection and response capabilities, 78% labelled CTI data and information as being leveraged to detect threats and attacks, with 70% using CTI in helping to block threats and 66% for supporting their incident response.

    Measuring CTI effectiveness more important: 38% of respondents said they measured effectiveness, up from 4% in 2020, showing how the value of CTI functions is continuing in organizations of all sizes.
  3. ISACs and government intel-sharing provided significant value:
    Community-focused intel sharing: Almost 50% of respondents said they were a part of an information sharing and analysis center (ISAC) or other government intel sharing group since 2020. Security practitioners saw the value in interacting with ISACs, with 48.3% of respondents doing so, and/or their organization is a member of one.

    Government intel sharing: 61% of respondents reported they utilized government CTI, and 49% said they found this intel valuable, providing insight they did not get from other open source or commercial sources.

    Value-add of ISAC membership: The survey revealed increases in three specific areas in intel sharing: advocacy in the community for security (50%), member meetups and events (50%), and training & conferences (47%). This shows the role of ISACs and government intel sharing has become more widespread, increasing the necessity for organizations to utilize a threat intelligence platform (TIP) to manage and make sense of these intel feeds.
  4. Automation continued to free up analysts’ time and resources:
    Automation vs efficiency: 65% of respondents reported they were overall satisfied with the automation and integration of CTI information with detection and response systems, compared to the 2020 survey’s 62%.

    Lack of trained personnel blocked effective CTI implementation: The importance of automation was further compounded by the shortage of trained staff, which continued to be one of the biggest obstacles to the implementation of CTI, according to 53% of respondents.

    In-house cyber response teams increased: The trend toward hybrid-model teams over the past five years has shifted back, with organizations taking charge of the management of their CTI functions, with in-house teams growing 5% from 2020 to 37%, and hybrid models decreasing 5% from 2020, to 56% in 2020.

Anthony Stitt, APJC Regional Director, ThreatQuotient, said the survey offers evidence that CTI is increasing in adoption by a greater number of organizations of all sizes. “When threat intelligence is effectively collected, integrated, automated, prioritized and shared between analysts and wider stakeholders, organizations become more agile and effective at addressing the threats they face” from the uncertain cyber and physical environment and new threats emerging out of the pandemic.