Security pros drowning in threat-intel data • The Register

Too many threats, too much data, and too few skilled security analysts are making companies more vulnerable to cyberattacks, according to the IT and security leaders tasked with protecting these organizations from digital threats.

Google Cloud commissioned a study that had Forrester Consulting query 1,541 director-level and above tech professionals in January. All of the respondents came from companies with at least 1,000 employees, across 12 industries and eight countries: the US, UK, Singapore, Canada, Canada, Australia, Japan, Germany, and France

The survey found that security and IT execs and directors are drowning in threat intelligence data feeds, with 61 percent saying that their teams are overwhelmed by the sheer volume of information.

Meanwhile, 60 percent said that they don’t have enough skilled security personnel to analyze all of this information, with 59 percent responding that it’s difficult to verify the validity and relevancy of threats and an equal percentage saying that they struggle with making this data actionable.

All of this makes it increasingly difficult for organizations to take a proactive approach to security. 72 percent of respondents said “my organization is mostly reactive when it comes to cybersecurity threats.”

Looking at the responses by industry, manufacturing is the most worried about missing real threats due to too much data and alerts, with 89 percent of respondents saying that they are “concerned” or “very concerned.” 

They have good reason to be concerned. According to the FBI’s latest Internet Crime Complaint Center (IC3) annual report, ransomware gangs hit manufacturing especially hard last year, with 218 reported infections, making this industry the second most attacked of America’s critical infrastructure sectors. Healthcare and public health (249 ransomware attacks) took the top spot on the list.

The report authors opine that operational technology challenges may play a role in manufacturers’ concerns:

Another interesting industry-specific statistic: while most (80 percent) of all respondents agreed that their senior leadership team underestimated their company’s cyberthreats, that percentage is highest among technology and tech services firms, with 84 percent saying this is the case within their organizations. “This could be due to leaders prioritizing innovation and speed to market over security and/or this industry being less regulated than others,” the report authors suggest.

When it comes to the threats that respondents are most concerned about over the next 12 months, phishing and credential theft (46 percent) tops the list, with ransomware/multifaceted extortion (44 percent) coming in second. AI prompt injections (34 percent) ranked third, with quantum computing breaking encryption and supply chain threats tying for fourth at 41 percent. Insider threats (29 percent), distributed denial of service (27 percent), nation-state attacks (21 percent), cryptomining (18 percent), and espionage (17 percent) round out the list.

The study also offers a handful of recommendations for security leaders struggling with the influx of threats and data, and reframing “threat intelligence as a capability, not a feed,” is key among these.

“Mistaking raw data for insights leads to an overwhelming number of indicators with little context or the ability to act on them,” the report authors wrote. “Security leaders can extract the true value of threat intelligence by treating it as a process, rather than a product; they must leverage skilled resources for activities like analysis, enrichment, contextualization, and alignment with real-world threats.”

Similarly, the report recommends that you don’t just use more threat-intel tools and services without first identifying intelligent requirements and use cases specific to your business. Doing this helps “answer the ‘so what’ of intelligence rather than ‘reporting the news.'” ®