Does access to timely, accurate and actionable cyber threat intelligence1 make a difference in blocking or preventing external attacks? Are companies using cyber threat intelligence effectively to make informed decisions about how to respond to a menace or hazard?
Ponemon Institute is pleased to present The Importance of Cyber Threat Intelligence to a Strong Security Posture, sponsored by Webroot. The purpose of the study is to understand how companies are using, gathering and analyzing threat intelligence as part of their IT security strategy. We surveyed 693 IT and IT security practitioners in the United
States who are familiar with their company’s security strategy or approach to cyber threat intelligence. Sixty-one percent of respondents are in the Fortune 1,000, Global 2,000 and the Forbes List of the Largest Private Companies.
The organizations represented in this research have one or more staff members dedicated to threat intelligence... 67 percent of respondents believe the use of threat intelligence provides benefits that outweigh the cost. However, as revealed in this research, improvements are needed to make threat intelligence more timely, accurate and actionable in order to strengthen an organization’s security posture.
Following are reasons why respondents believe cyber threat intelligence supports a strong security posture:
* On average, organizations report since using threat intelligence 35 cyber attacks that eluded traditional defenses were uncovered.
* Real-time reputation intelligence is an effective way to detect and respond to malicious IPs the moment they appear within their infrastructure, according to 60 percent of respondents.
* Monitoring the good and bad of IPs, URLs, files and mobile apps that are related to an unknown object is an effective way to predict if they pose a security risk, according to 53 percent of respondents.
* Continual monitoring and tracking of changes in IPs, URLs, files and mobile apps in real time is essential to decreasing security incidents, according to 54 percent of respondents.
* Those companies using threat indicators say the following information is most useful: software vulnerability patch updates (67 percent of respondents), indicators of malicious IP addresses (57 percent of respondents) and indicators of malicious malware (55 percent of respondents).
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program