Over the past year, Yahoo revealed the largest data breaches in history,and nation-state hacking activity was suspected in tampering with the U.S. presidential election. More vulnerabilities are being found (and exploited) in mobile and Internet of Things (IoT) platforms, and the first true IoT botnet (Mirai) became a threat that was operationalized to take down Deutsche Telecom, KCOM and Irish telco Eir in December 2016. The attacks continue to spread through different types of IoT devices and target more businesses, types of routers, and other devices they can use to wreak havoc on the businesses they target.
Malware is more sophisticated in avoiding detection, and ransomware has become the top threat affecting organizations,4 according to the SANS 2016 Threat Landscape Survey. IT security teams are struggling just to keep up, as they have throughout Internet history, let alone get ahead of the attackers. Cyber threat intelligence (CTI) shows promise in making these types of threats easier to detect and respond to, according to our recently conducted survey on cyber threat intelligence. In this, our third survey on CTI, 60% of organizations overall are using CTI, while another 25% plan to. As we might expect, small organizations with fewer than 2,000 employees are less likely to plan to use CTI. Of those using CTI, 78% felt that it had improved their security and response capabilities, up from 64% in our 2016 CTI survey.
CTI adopters are also facing challenges. In this survey, their biggest challenges to the effective implementation of CTI are a lack of trained staff, lack of funding, lack of time to implement new processes, and lack of technical capability to integrate CTI, as well as limited management support. Those challenges indicate a need for more training, as well as easier, more intuitive tools and processes to support the ever-growing use of CTI in today’s networks.
These and other trends and best practices are covered in this report.