Building a Threat Intelligence Program

Similar documents
2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

THE CYBERSECURITY LITERACY CONFIDENCE GAP

U.S. State of Cybercrime

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

ACHIEVING FIFTH GENERATION CYBER SECURITY

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

THE STATE OF CLOUD & DATA PROTECTION 2018

CYBERSECURITY RESILIENCE

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

THE POWER OF TECH-SAVVY BOARDS:

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Combating Cyber Risk in the Supply Chain

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

CYBERSECURITY AND THE MIDDLE MARKET

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks. How to Address Incident Response Challenges

FOR FINANCIAL SERVICES ORGANIZATIONS

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

ISE Cyber Security UCITS Index (HUR)

Cybersecurity Perspectives 2018 THE DATA BREACH EFFECT

CYBER SOLUTIONS & THREAT INTELLIGENCE

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Toward an Automated Future

The State of Cloud Monitoring

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

THE ACCENTURE CYBER DEFENSE SOLUTION

The Cyber War on Small Business

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Cybersecurity, Trade, and Economic Development

2015 VORMETRIC INSIDER THREAT REPORT

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

2017 THALES DATA THREAT REPORT

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

The State of Cybersecurity and Digital Trust 2016

Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise

Skybox Security Vulnerability Management Survey 2012

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

CRITICAL INFRASTRUCTURE AND CYBER THREAT CRITICAL INFRASTRUCTURE AND CYBER THREAT

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Cyber Security in Smart Commercial Buildings 2017 to 2021

REPORT. proofpoint.com

with Advanced Protection

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

TRUSTED MOBILITY INDEX

Security-as-a-Service: The Future of Security Management

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

A CFO s Guide to Cyber Security in the Coming Year

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

mhealth SECURITY: STATS AND SOLUTIONS

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Intelligent Building and Cybersecurity 2016

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

If you were under cyber attack would you ever know?

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Technology Priorities SURVEY. Exclusive Research from CIO magazine

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Fiscal year 2017: TÜV Rheinland continues growth strategy with investments in future-oriented topics

Sales Presentation Case 2018 Dell EMC

Altitude Software. Data Protection Heading 2018

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

Sage Data Security Services Directory

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

THREAT HUNTING REPORT

CLOSING IN FEDERAL ENDPOINT SECURITY

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Supporting The Zero Trust Model Of Information Security: The Important Role Of Today s Intrusion Prevention Systems

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

VARONIS CASE STUDY. Kirton McConkie. A Financial Services Design And Distribution Firm

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

RightScale 2018 State of the Cloud Report DATA TO NAVIGATE YOUR MULTI-CLOUD STRATEGY

Reducing Cybersecurity Costs & Risk through Automation Technologies

CompTIA Security Research Study Trends and Observations on Organizational Security. Carol Balkcom, Product Manager, Security+

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Abstract. The Challenges. ESG Lab Review InterSystems IRIS Data Platform: A Unified, Efficient Data Platform for Fast Business Insight

HEALTH CARE AND CYBER SECURITY:

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

State of Cloud Survey GERMANY FINDINGS

IT Security: Managing a New Reality

Must Have Items for Your Cybersecurity or IT Budget in 2018

Cyber Security. June 2015

Vulnerability Management Trends In APAC

PAIN AND PROGRESS THE RSA CYBERSECURITY AND BUSINESS RISK STUDY

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Transcription:

WHITE PAPER Building a Threat Intelligence Program Research findings on best practices and impact www.

Building a Threat Intelligence Program 2 Methodology FIELD DATES: March 30th - April 4th 2018 351 total responses from cybersecurity decision makers in the United States Survey respondents were provided by Branded Research. Branded has a global reach of over 3 BILLION RESPONDENTS. APPROXIMATELY 15 MINUTE ONLINE SURVEY instrument (53 total questions) Overall margin of error +/- 5 POINTS at a 95% confidence interval

Building a Threat Intelligence Program 3 Major Themes Those who describe their threat intelligence program as more mature than their competitors are often utilizing threat intelligence platforms to aggregate and monitor data in one place. Organizations with threat intelligence programs in place indicate sharing of information is key. Healthy organizations have threat intelligence infrastructure in place. The majority of decision makers say their organizations plan to invest more in threat intel programs in the coming year. Demographics 100% Work full-time in IT departments; and are decision makers for cybersecurity services, technologies, or solution purchases within their organizations of respondents...

Building a Threat Intelligence Program 4 28% Approximately how many employees are in your company at all locations worldwide? 15% 17% 23% 16% 50 to 249 250 to 499 500 to 999 1,000 to 4,999 5,000 or more 7% 10% Less than 1 year How long have you been employed in your current role? 27% 57% 1 to 3 years 4 to 10 years 11 to 20 years 20 years or more In your best estimate, what was your organization s total revenue for last year? 10% 15% 20% 13% 14% 19% 5% 4% 100,001 to less than $5 million $5 million to less than $50 million $50 million to less than $250 million $250 million to less than $500 million $500 million to less than $1 billion $1 billion to less than $5 billion $5 billion to less than $10 billion Greater than $10 billion

Building a Threat Intelligence Program 5 Current Trends In organizations that have fully-mature threat intelligence programs, nearly half (46%) experienced significant revenue growth within the last year. More than half of all organizations with threat intelligence programs say their organizations programs have prevented: Those who describe their threat intelligence program to be more mature (69%) than competitors are often utilizing threat intelligence platforms to aggregate and monitor data in one place... 67% Phishing Attacks 58% Ransomware Attacks And, there is little disagreement on the most effective infrastructure for threat intelligence programs among cybersecurity decision makers. Those who describe their threat intelligence program to be more mature (69%) than competitors are often utilizing threat intelligence platforms to aggregate and monitor data in one place, compared to those who describe their threat intelligence program to be onpar (35%) with industry competitors. 60% Breach of Customer Data 57% Insider Threats Organizations that are experiencing significant or strong growth have threat intelligence infrastructure in place. Organizations with fully-mature threat intelligence programs are more likely to experience significant or strong revenue growth (94%) than those organizations that don t have fully-mature threat intelligence programs in place (88%) Those with fully-mature threat intelligence programs in place are reaping the rewards. Cybersecurity decision makers surveyed in this group say that their organizations threat intelligence programs prevented phishing attacks (72%), ransomware attacks (65%) and business email compromise (67%). 55% Business Email Compromise 49% Supply Chain Attacks Furthermore, threat intelligence programs have proven a necessity for organizations both large and small. More than half of all organizations with threat intelligence programs say their organizations programs have prevented phishing attacks (67%), ransomware attacks (58%), breach of customer data (60%), insider threats (57%), business email compromise (55%), and supply chain attacks (49%).

Building a Threat Intelligence Program 6 More than 70% of all respondents agree at some level that they do not have the staff or resources to monitor all cybersecurity threats. Even of those with fully-mature threat intelligence programs, still 29% of cybersecurity decision makers said they don t have the staff or resources to monitor all cybersecurity threats that face the business. Efforts to attribute such threats remain a challenge for all cybersecurity decision makers 53% agree they are rarely ever able to use breach data to identify where a cybersecurity threat is from. Most cybersecurity decision makers within organizations with threat intelligence programs in place, say they are able to obtain information pertaining to the location the cyber attack originated from (74%) and the types of cyber weapons used (67%) during or after an attack. Even though a compelling 82% of cybersecurity decision makers from organizations with a threat intelligence program in place agreed their programs are sophisticated enough to handle any cybersecurity threat, more than fourin-five (84%) said that their organization should be investing more in its threat intelligence program. Most cybersecurity decision makers within organizations with threat intelligence programs in place, say they are able to obtain information pertaining to the location the cyber attack originated from (74%) and the types of cyber weapons used (67%) during or after an attack.

Building a Threat Intelligence Program 7 Impact on Business Organizations that have threat intelligence programs have saved an average of 8.8 million dollars in the last twelve months. Nearly four-in-five (78%) cybersecurity decision makers with threat intelligence programs said that their organizations have successfully used those programs in the last year to block threats that otherwise would have cost the business a significant sum of money. Cybersecurity professionals that felt they had leading threat intelligence programs (84%) compared to their competitors reported that they had blocked threats to the business within the last twelve months that would have cost the business a significant sum of money, compared to 70% from organizations who say that their threat intelligence programs are on-par with industry competitors. Surprisingly, only about one-in-ten (12%) organizational leaders considered the ability to avoid embarrassing, public disclosures of information to be a top-three factor when evaluating the success of a threat intelligence program. When asked about the most important factors for evaluating the success of threat intelligence programs, the majority of cybersecurity decision makers cite protecting personal client information (67%), removing risks faced from cybercrime activities (59%), and protecting monetary assets of the organization (53%) as primary considerations. Organizations that have threat intelligence programs have saved an average of 8.8 million dollars in the last twelve months. Surprisingly, only about one-in-ten (12%) organizational leaders considered the ability to avoid embarrassing, public disclosures of information to be a top-three factor when evaluating the success of a threat intelligence program.

Building a Threat Intelligence Program 8 When it comes to preventing threats, not all industries are having similar success. In companies that have threat intelligence programs, cybersecurity decision makers in telecom and communications (90%), retail and consumer product goods (86%), hi-tech (79%), and banking and finance (71%) said that their organizations threat intelligence programs blocked threats within the last year that otherwise would have cost a significant sum of money. Compared to only 63% in utilities and 58% in manufacturing that say the same. When it comes to future threats, nearly three-in-five (57%) cybersecurity decision makers surveyed say their organizations are more susceptible to cybersecurity threats in 2018 than they were in 2017. When it comes to future threats, nearly three-in-five (57%) cybersecurity decision makers surveyed say their organizations are more susceptible to cybersecurity threats in 2018 than they were in 2017.

Building a Threat Intelligence Program 9 Growing the Program Cybersecurity decision makers overwhelmingly agree that their organizations should be investing more in their threat intelligence programs. More than half (52%) of the cybersecurity decision makers surveyed agree that their organizations do not have the staff or resources necessary to monitor all cybersecurity threats that their organizations face. 83% indicated that their organizations should be investing more in their threat intelligence programs. Over the next twelve months, the majority (61%) of cybersecurity decision makers surveyed say their organizations plan to invest more into threat intelligence programs. Fewer than two-in-five (37%) say their organizations plan to invest about the same as last year in their threat intelligence programs. Companies that are experiencing the most success financially are also investing heavily in their threat intelligence programs. More than three-quarters of companies experiencing significant revenue growth plan to invest more in their threat intelligence programs over the next twelve months (78%). 83% indicated that their organizations should be investing more in their threat intelligence programs. O XX OO More than three-quarters (78%) of companies experiencing significant revenue growth plan to invest more in their threat intelligence programs over the next twelve months. While organizational leaders say they are committed to expanding the capabilities of their programs, their teams do not feel that message. More than three-in-five (70%) C-Suite leaders in organizations surveyed said they plan to invest more in their organizations threat intelligence programs in the next twelve months while fewer Director and VP level employees (57%) say the same.

Building a Threat Intelligence Program 10 Managing the Program Organizations with threat intelligence programs in place are constantly digesting data more than two-in-five (41%) cybersecurity decision makers say their organization monitors or interacts with threat intelligence data 24 hours a day. The majority of cybersecurity decision makers from organizations with threat intelligence programs in place, report they have implemented tools such as a: firewall (76%), threat intelligence platform (67%), log management (63%), intrusion prevention/protection (60%), end-point detection and response (59%), and indicator feed/blocklists (54%). For some, threat intelligence programs are specifically tailored to information obtained in previous, well-known cyberattacks. At least one-in-three cybersecurity decision makers surveyed said that the following threats prompted their organizations to change their threat intelligence programs: CryptoLocker (44%), Cloudbleed (37%), WannaCry (33%), and TeslaCrypt (33%). The largest enterprise firms surveyed indicate programmatic changes due to well-known threats more-so than smaller organizations, including the cyberthreats known as: Cloudbleed 46% vs. 37% The largest enterprise firms surveyed indicate programmatic changes due to well-known threats more-so than smaller organizations, including the cyberthreats known as: Cloudbleed (46% vs. 37%), TeslaCrypt (40% vs. 31%), WannaCry (40% vs. 31%), Heartbleed (37% vs. 27%), and Stuxnet (35% vs. 20%). Sharing threat intelligence is a concern for many. More than four-in-five (81%) cybersecurity decision makers agree that, given all of the additional cyber threats that surface each day, coordinating data sharing with governments is one of the priorities for their threat intelligence programs. Organizational leaders (87%) strongly echo this sentiment. TeslaCrypt 40% vs. 31% WannaCry 40% vs. 31% Heartbleed 37% vs. 27% Stuxnet 35% vs. 20%

Building a Threat Intelligence Program 11 Threat Intel Sharing Two-in-three (66%) cybersecurity decision makers in organizations with threat intelligence programs said their business looks to the government for information or data on cyber threats. Cybersecurity decision makers with threat intelligence platforms are significantly less likely (66%) than competitors with no threat intelligence programs (80%) to look to the government for information or data on cyber threats. Cybersecurity decision makers with threat intelligence platforms are significantly less likely (66%) than competitors with no threat intelligence programs (80%) to look to the government for information or data on cyber threats. Roughly two-in-five (41%) cybersecurity decision makers with threat intelligence programs in place, report that sharing information with governments and other NGO groups is integral to their program development. More than two-in-three (68%) cybersecurity decision makers indicate that the government has programs designed to assist companies combating cybersecurity threats. More than one-in-three (36%) cybersecurity decision makers surveyed say that their organizations currently shares threat intelligence data with a government group. Roughly two-in-five (41%) cybersecurity decision makers from organizations with threat intelligence programs in place, report that sharing information with governments and other NGO groups is integral to their threat intelligence program development. Only 15% of cybersecurity decision makers from organizations with threat intelligence programs saw no benefit in sharing information with government or NGO groups.

Building a Threat Intelligence Program 12 Additionally, 40% of cybersecurity decision makers in organizations with threat intelligence programs said that their organizations do not share threat intelligence data with any external group. Cybersecurity decision makers from organizations with fullymature threat intelligence programs (55%) find sharing information with governments or NGO groups an integral component to their threat intel programs. This is even more than the previously mentioned 41% of all cybersecurity decision makers with threat intel programs who say the same. 55% Cybersecurity decision makers from organizations with fully-mature threat intelligence programs find sharing information with governments or NGO groups an integral component to their threat intel programs.

Building a Threat Intelligence Program 13 More than two-in-five cybersecurity decision makers within organizations with a threat intelligence program, report sharing malware data (55%), general threat data (49%), ransomware data (42%), and specific threat attribution (44%) data with governments and NGO groups. Slightly fewer indicated they share real-time threat data (41%), after-the-fact incident data (40%), attribution data (40%), or APT data (35%). More than four-in-five (84%) cybersecurity decision makers surveyed agree that a better relationship with government groups would foster a better environment for exchanging threat intelligence data. Nine-in-ten (90%) organizational leaders agree that a better relationship with government groups would foster a better environment for exchanging threat intelligence data. Governments and NGO groups prove to be a vital and desired component of many threat intelligence programs. Nearly three-in-four (72%) cybersecurity decision makers surveyed agree that governments do an excellent job of providing real-time threat data to help their organizations when a threat is occurring. Yet, there are still ways in which governments and NGO s could make sharing threat intelligence a more valuable endeavor to private enterprise. When it comes to specific changes, nearly one-in-two cybersecurity decision makers said that governments could help by creating and distributing defensive tools and techniques to help combat known cyber-attacks (48%), creating industry groups that are tasked with working on cybersecurity threats specific to their industry (48%), and by providing regular briefings for cybersecurity employees about the most recent trends in cyber-attacks (48%). Designed by analysts but built for the entire team (security operations, threat intelligence, incident response and security leadership), ThreatConnect s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. Centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness in one place. To learn more about our threat intelligence platform (TIP) or security orchestration, automation, and response (SOAR) solutions, visit www.. Copyright 2019 ThreatConnect, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback