IID, the source for clear cyber threat intelligence, today announced the immediate availability of the IID and Ponemon Institute survey entitled, “Exchanging Cyber Threat Intelligence: There Has to Be a Better Way.”
The second annual survey includes insight from 692 IT and IT security professionals from both global businesses and government agencies, who answered more than three-dozen questions around threat intelligence sharing. The majority of organisations where those employees work have more than 1,000 employees.
When asked, “Did your company have a material security breach in the past 24 months,” 47 per cent of those surveyed said yes. Survey participants also asserted that threat intelligence–information that has been analysed and refined so that it is useful in hindering cyber threats–could have prevented those cyber attacks. Specifically, 65 per cent said that they believed threat intelligence could have prevented or minimised the consequences of a cyber attack they had suffered in the last 24 months. When asked the same question in the 2014 survey, 61 per cent said yes.
“It is becoming more and more apparent that raw threat data is not effective. Just like the bad guys share ways to carry out their attacks, organisations must also share actionable and timely ways to stop threats,” said Larry Ponemon, Chairman and Founder of the Ponemon Institute. “It is also clear that it is impossible for one organisation to harvest that threat intelligence on their own as evidenced by the fact that 83 per cent of people we surveyed exchange threat intelligence.”
Other key findings in the survey include:
- Exchanging threat intelligence is imperative and good for the U.S.
Seventy-five per cent of respondents believe exchanging threat intelligence improves their organisation’s security posture and 63 per cent say it’s good for the United State’s critical infrastructure.
- Timeliness is the most important threat intelligence quality
Respondents said timeliness makes threat intelligence the most actionable followed by the ability to prioritise and trustworthiness of the source. Despite 89 per cent believing threat intelligence has a shelf life of hours or less, 79 per cent refresh their data in increments of daily or longer.
- Most using free sources, but not confident in data
The biggest source of threat intelligence is free sources. Yet 46 per cent say they cannot prioritize threats with, 39 per cent they have no confidence in and 35 per cent they have no context with free sources.
- Issues are still stopping the exchange of threat intelligence
The main inhibitors for exchanging threat intelligence are potential liability issues, lack of trust in sources and lack of resources.
“The amount of large organisations that have been breached online is eye opening, but what is equally interesting is the fact that IT and security professionals know what they need to stop those cyber attacks yet they are not doing so,” said IID Vice President of Marketing Mark Foege. “We must continue to work together as an industry to make threat intelligence as timely, relevant and actionable as possible or else the bad guys will continue to infiltrate large businesses and governments worldwide.”
To download the complete survey findings, go to internetidentity.com.
The post Survey Finds 47% of Companies and Government Agencies Have Been Breached in Last Two Years appeared first on IT SECURITY GURU.
Image source: Shutterstock/Ungor