The State of Threat Intelligence: Eliminating Noise and Creating Actionable Insight

By Nisos and Vanson Bourne

The State of Threat Intelligence: Eliminating Noise and Creating Actionable Insight

By Nisos and Vanson Bourne

Executive Summary

Organizations are grappling with significant intelligence challenges at a time when geopolitical and economic dynamics are increasingly treacherous. 98% of security leaders report significant shortcomings in the threat intelligence solutions available to them on the market. The lack of direct organizational relevance of most intelligence data is among the leading failures of current solutions.

Businesses now realize that their threat intelligence needs are broader than only cyber risk. The convergence of cybersecurity with physical, organizational, platform, reputational, and supply chain drives a greater need for intelligence to provide a holistic view of the entire security and risk landscape.

Organizations today must rely on multiple, disparate threat data solutions to get the breadth of coverage they need while lacking the time and in-house expertise to turn threat data into actionable intelligence. Even with advanced intelligence platforms, threat data quickly becomes a wall of noise. Organizations are overwhelmed by the amount of information they need to sift through to avert a crisis.

As a result, organizations must allocate more and more resources to extract reliable, finished intelligence from their expensive feeds. Without timely, relevant, and actionable intelligence, organizations will continue to expose themselves to threats putting themselves, employees, and their business at risk.

Based on responses from 300 senior security decision-makers from the United States, this report offers a real-world perspective on the intelligence challenges organizations are facing today and provides a vision for the future of managed threat intelligence.

Key Findings of Senior Security Decision Makers

The Intelligence Landscape

 
The intelligence landscape is complex and it’s about more than just cyber risk. Cyber risk constitutes a significant portion of an organization’s threat landscape, but it only makes up part of their broader threat environment. 84% of surveyed senior security decision makers agree they should focus more on threat intelligence rather than just cybersecurity.

With too much focus on cybersecurity threats, organizations risk missing other threats that could be just as detrimental to the business. The convergence of cyber and physical risks means intelligence must support organizational privacy, safety, and trust, as well as the common cybersecurity goals of confidentiality, integrity, and availability.

Security leaders recognize this, with 56% agreeing their specific organizations don’t have a full picture of all threats they face. This is especially true for smaller organizations where 72% report this. 86% of these smaller organizations also struggle to stay ahead of an ever-accelerating threat landscape. If organizations cannot anticipate threats, it can leave them in a vulnerable and exploitable position.

Our study shows intelligence is used across the enterprise in different ways. Intelligence for the purpose of strategic security analysis (40%), fraud detection/prevention (34%), and reactive security support (32%) are among the leading use cases revealed. In order to support these varying needs, organizations currently manage an average of six different threat intelligence sources.

While having access to multiple threat intelligence data feeds seems like it would benefit the organization, 70% of senior security decision-makers report feeling overwhelmed by the threat data they receive.

Threat Data

Shortcomings of Threat Intelligence Offerings

 
There is no shortage of threat data available on the market, however, 61% of security leaders report difficulty deriving value and actionable insights from their threat intelligence sources. Even 8% report that deriving meaning from the data provided is “impossible.”

This lack of actionability is compounded by the fact that 75% of organizations struggle to stay ahead of an ever-changing threat landscape. Struggling to be proactive is likely why 82% of security leaders feel that their organization’s approach to threat intelligence is very reactive, indicating that threats often catch organizations off guard.

Continued difficulty staying ahead is also an indictment of Artificial Intelligence and Machine Learning-based intelligence platforms, which promise to make keeping pace with the speed and diversity of data types easy. 47% of security leaders believe an over dependence on ML and AI is a major shortcoming of threat intelligence solutions on the market today.

Physical Security Teams Feel the Pain

 

  • Intelligence challenges are especially impactful for Physical Security teams, with 68% reporting difficulty staying ahead of threats.
  • This department uses more threat intelligence sources, on average than other departments (seven sources on average), but struggles the most out of all surveyed when it comes to developing insights.
  • 86% of security leaders find it difficult and 19% saying it’s impossible to derive meaning and actionability.
  • Part of this difficulty arises from the speed and volume of physical security threats businesses face.

Determining the Value from Threat Intelligence

 

When selecting intelligence solutions, 53% of security leaders place the most importance on the speed of intelligence sources. At the same time, 29% of security leaders believe a shortcoming of threat intelligence solutions currently on the market is that the intel sources do not include enough context to make the intelligence actionable.

This suggests that for some security teams keeping up with the latest threats provides less security value than focusing on specific threats targeting their business.

Evidence for this contradiction can be found in how security teams measure the ultimate success of their intelligence efforts. Critical measures of overall success and the criterion for informing strategy are formed by tracking the number of threats identified that are directly targeting the organization (36%) and instances of re-prioritization (34%).

Tactically, security leaders look for measures of ROI that quantify timeliness and accuracy (49%), the relevance of the intel to the organization (47%), and remediation actions driven by the intel (40%).

Threat Data 2

Threat Intelligence: An Acute Staffing Burden

Organizations are flooded with data and lack the tools to extract vital threat intelligence. This leads to hiring and retention issues and ultimately requires buy-in from not only executives but from the entire organization.

To handle the full range of their threat intelligence needs, organizations require a staff of considerable size.

On average, they need 30 people performing various intelligence functions to be successful.

According to large enterprise security leaders, a typical workday consists of reviewing dashboards of prepopulated threat data (51%), working with raw threat data (47%), and firefighting unexpected problems (39%).

Average number of people performing intelligence functions
Over a third (35%) report they are wasting money on threats that aren’t important and the same proportion confess that threat intelligence challenges are causing team members to want to leave. 40% report their teams are reaching the point of burnout as employees likely become disengaged with threat intelligence activities.

Even without specific identified problems, three-quarters of respondents agree that their organization finds it challenging not only to hire threat intelligence staff (75%) but also to retain them (71%). Those working in risk, fraud, compliance, and governance teams are the most likely to experience not only recruitment challenges (91%) but also retention challenges (82%).

Problems Caused by Threat Intelligence Challenges

Aligning Intelligence Needs with Organizational Goals

The majority of surveyed security leaders recognize that their organizations would benefit from intelligence-driven decision making (86%). This realization is supported by their selection of updating security policies’ as a top goal in the next 12 months. While cyber threats are a major concern, improved protection for people (41%), assets, and locations (37%), is a slightly higher priority than avoiding ransomware and phishing (36%).
Cybersecurity has become a boardroom issue and the importance of intelligence for threats beyond cyber is starting to be understood by leadership. Problems with knowledge sharing and coordination (40%) make getting the full picture of a threat difficult and security leaders note executive visibility and support (44%) as one of the biggest challenges they face. This suggests organizations are struggling to operationalize intelligence and make it consumable for an executive audience.
Threat Intel Challenges

Managed Intelligence™: A New Way Forward

 
Developing threat data into actionable intelligence takes time, skill, experience, and the right tools. Just as Managed Security Services Providers (MSSPs) help teams manage their cybersecurity, managed intelligence allows organizations to offload resource intensive threat intelligence tasks to an experienced partner.

A managed intelligence provider can take the responsibility of handling threat intelligence and provide organizations with actionable intel as necessary. The value of a managed intelligence provider is easily understood by respondents. Key benefits they would expect are: access to more experienced analysts (39%), access to broader datasets (34%), and cost savings vs. in-house (33%).

Leading Drivers for Managed Intelligence Adoption

Access to Rare Skillsets

Despite massive investment in tools and technology, 88% of security leaders agree that threat intelligence in their organization needs more human input to maximize the value of intelligence. Security talent is difficult to find, with hundreds of thousands of openings in the United States alone. One of the leading appeals of working with a managed intelligence provider is access to more experienced analysts (39%) and the overwhelming majority (95%) of security leaders agree that direct consultation with a threat intelligence analyst would be valuable to their organization.

Clearer Intel and Deeper Investigations

The rapidity of threats an organization faces make it difficult for security teams to fully investigate issues as they arise. Security leaders make it clear that they need help connecting data and telemetry with real-world threats. Threat actor attribution is a specific area of need, with 66% of IT leaders expecting to gain this benefit from a managed intel provider if possible. Clarity of intelligence reports is also important to 30% of security leaders who need to be able to translate sometimes obscure threat information into risk assessments that can be understood by non-technical audiences.

Broader Data Sets and Multi-Source Intelligence

It’s not just headcount challenges. Once you’ve hired a team, you need to equip them with the intel collection tools they need to do their jobs. Here again, security leaders recognize that a managed intelligence provider would offer intel sourced from a broader range of data sets and tools than they could manage in-house. With breadth of coverage being important for 30% of security leaders, it’s clear that managed intelligence providers can provide organizations meaningful savings AND improved intelligence.

Most Important When Considering a Threat Intelligence Provider

Conclusion

 
Organizations are battling a barrage of threat data. They need access to a wide range of risk information including cyber, physical, organizational, and supply chain. The number of sources required to cover this scope often results in an environment where organizations are overwhelmed with data. Combined with the fact that companies continue to struggle to hire and retain top talent, many teams are burdened with threat intelligence that is more reactive than proactive.

It’s no surprise that organizations are craving threat intelligence that is quick, actionable, and accurate. It must cover a wide range of threat intelligence sources but most importantly, it needs to be insightful and digestible. Access to a wide range of deep data sources is only part of the process. Organizations need to be able to process analyzed data and take action quickly and efficiently. If they can’t, they will be left vulnerable, unable to protect themselves from the threats that endanger their business.

Organizations using a managed intelligence provider for outsourced threat intelligence collection, curation, and analysis can remove this burden. They can offload the associated work and reallocate scarce resources for other critical tasks. The threat intelligence they receive from the managed intelligence provider will have clear, actionable results. Organizations that harden their defenses will be better protected from threats and have the time and resources necessary to work on other important initiatives.

Methodology

Nisos commissioned independent market research agency Vanson Bourne to conduct research into the threat intelligence landscape. The study surveyed 300 senior security decision-makers in July 2022 from organizations with 1,000 or more employees across all public and private sectors. All interviews were conducted using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.

About Vanson Bourne

Vanson Bourne is an independent specialist in market research for the technology sector. Their reputation for robust and credible research-based analysis is founded upon rigorous research principles and their ability to seek the opinions of senior decision-makers across technical and business functions in all business sectors and all major markets. For more information, visit: www.vansonbourne.com

About Nisos

Nisos is the Managed Intelligence Company®. Our analyst-led approach provides customized insight on material security risks to your organization and people. Powered by our experts and multi-domain cyber and OSINT collection, Nisos provides corporate intelligence investigations, ongoing threat monitoring, and response to events. With

Nisos, you can rely on credible, accurate intelligence. For more information, visit: nisos.com