In the past few years, CTI has evolved from small, ad hoc tasks performed disparately across an organisation to, in many cases, robust programs with their own staff, tools and processes that support the entire organisation. This is according to the SANS 2020 CTI Survey, the latest report by the global leader in cybersecurity training and certifications, SANS Institute.
“In the past three years, we have seen an increase in the percentage of respondents choosing to have a dedicated team over a single individual responsible for the entire CTI program,” says survey author and SANS instructor Robert M. Lee.
In fact, survey results indicate that just under 50 per cent of respondents’ organisations have a team dedicated to CTI, up from 41 per cent in 2019. In total, more than 84 per cent of organisations reported having some kind of resource focusing on CTI.
While the number of organisations with dedicated threat intelligence teams is growing, results also demonstrate a move toward collaboration, with 61 per cent reporting that CTI tasks are handled by a combination of in-house and service provider teams.
“We continue to see an emphasis on partnering with others, whether through a paid service provider relationship or through information-sharing groups or programs,” continues Lee. “Collaboration within organisations is also on the rise, with many respondents reporting that their CTI teams are part of a coordinated effort across the organisation.”
Another sign of maturity is the definition and documentation of intelligence requirements. The number of organisations reporting a formal process for gathering requirements increased by 13 per cent from last year to almost 44 per cent in 2020. This makes the intelligence process more efficient, effective and measurable – keys to long-term success.
When asked which inhibitors were holding their organisation back from implementing CTI effectively, the highest response – by 5 per cent of respondents – was a lack of trained staff or lack of skills needed to fully utilise CTI, while 52 per cent named a lack of time to implement new processes, and 48 per cent said the issue was a lack of funding.
The report also looked at where CTI team members are drawn from within the organisation, the types of information used for intelligence gathering and the sources used for gathering that intelligence.
The 2020 SANS Cyber Threat Intelligence (CTI) Survey received 1006 responses from a wide-ranging group of security professionals from various organisations. There was good representation from small, medium and large organisations and from across the globe, with 327 respondents coming from organisations headquartered in EMEA.
Do you have a story that you think would interest our readers? write to us firstname.lastname@example.org