Cyber Security Survey: Intelligence is Key (CDSA)

By Chris Tribbey

Intelligence driven cyber defense may be the best approach against hackers and other cyber criminals, according to a new IT leadership survey, but it’s a strategy that eludes many companies, due to a lack of expert personnel and budget constraints.

Interviewing nearly 700 American IT security practitioners familiar with their organizations’ defense against cyber security attacks, Lockheed Martin and the Ponemon Institute found that most companies have a below-average ability to implement an intelligence driven cyber defense (defined as the ability of an organization to thwart an attacker’s offensive maneuvers while maintaining a defensive position).

The report (“Intelligence Driven Cyber Defense”) found that understanding the attacker’s weak spots is probably the most important feature of a security intelligence tool, less important than technology that slows down or halts the attacker’s computers or technology that utilizes big data analytics to thwart attacks.The report also found that the greatest cyber threats continue to come from within organizations, with 36% of respondents saying negligent insiders, and 25% saying malicious insiders, are the greatest sources of cyber security risk.

The most negative consequence of any cyber attack continues to be the loss of intellectual property, followed by damage to an organization’s reputation and disruption to business processes. Advanced persistent threats (APT), phishing and social engineering ranked tops among the most common problems facing cyber security experts inside companies.

“Organizations are not prepared to deal with severe and frequent cyber attacks,” the report reads. “Seventy-five percent of respondents say they see an increase in the severity of cyber attacks experienced by their organizations and 68% of respondents say they are more frequent. However, a smaller percentage of respondents (53%) say launching a strong offensive against hackers and other cyber criminals is very important to their organizations’ security strategy.”

But, despite evidence of the threat posed by hackers and other cyber criminals, there continues to be a lack of vigilance inside companies, as well as a lack of money dedicated to heading off cyber attacks, the report found. Less than 50% of respondents said their organization is vigilant in monitoring cyber attacks, and only 27% said they believe their security budget is sufficient for mitigating most cyber attacks.

Still, even when implementing an intelligence-driven cyber defense strategy, some companies struggle to disseminate intelligence to key stakeholders in a timely fashion, and there’s a high false positive rate facing an organization’s use of cyber threat intelligence, the survey found.

“Other negatives are intelligence is too old to be actionable (67% of respondents), often inaccurate and incomplete (66%), activities are too difficult to manage (64%), [it] does not integrate with various security technologies (59%) and complexity (56%) [is a problem],” the report reads.