The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Mandiant: Organizations Are Not Getting the Maximum ROI from Threat Intelligence

Posted By on Feb 14, 2023

The threat intelligence provider, Mandiant, says almost all cybersecurity leaders are happy with the threat intelligence they are consuming, but that intelligence is not always considered when they develop their cyber strategies and make purchasing decisions. The failure to effectively use threat intelligence data prevents organizations from getting the maximum ROI on their investment and reduces the effectiveness of their cybersecurity strategies.

Mandiant commissioned a survey of 1,350 cybersecurity decision-makers at organizations with at least 1,000 employees, across 18 sectors in 13 countries to gain a global perspective on how organizations are leveraging threat intelligence to navigate the global cybersecurity threat landscape. The survey confirmed that organizations typically receive threat intelligence from multiple sources, and 96% of cybersecurity leaders say they are happy with the threat intelligence they were receiving; however, 47% of respondents said they struggle to effectively apply threat intelligence throughout their organization and almost all respondents (98%) said they need to be faster at implementing changes based on the threat intelligence they receive.

A majority of respondents (79%) admitted to making purchasing decisions based on current cyberattack trends, without gaining insights into the attackers that are actually targeting their industry and the tactics they are using. For instance, security teams often implement defenses against advanced persistent threat actors (APT), when these nation-state actors do not actually pose a threat to their organization or sector. Security teams receive huge numbers of alerts about software vulnerabilities yet fail to use threat intelligence to identify which vulnerabilities are actually being exploited by the threat actors targeting their sector, or if the threat actors would even be able to exploit the vulnerabilities. While more than 85% of security leaders appreciate the importance of identifying attackers, their tools and techniques, and motivations, only 34% said they consider the source of a potential attack when they test their cybersecurity defenses.

If threat intelligence is not factored into purchasing decisions, solutions may be purchased that fail to provide the optimum level of protection against the most pertinent threats to their sector, which could weaken their cybersecurity strategy. Organizations that factor threat intelligence into purchasing decisions and cybersecurity strategies can achieve optimal protection against the tactics, techniques, and procedures used by the threat actors that are actually targeting their organization.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Even though security decisions are made without insights into the threat actors that are attacking them, security decision-makers were still confident in their cybersecurity defenses, especially against financially motivated threats such as ransomware. 91% of respondents were confident about their ability to protect against ransomware attacks, 89% were confident about defending against attacks by hacktivists, 83% were confident about defending against nation-state threat actors, and almost all respondents (95%) were confident they could prove to their senior leadership that they had a moderate to highly effective cybersecurity strategy.

More than two-thirds of cybersecurity decision-makers said they believe their senior leadership teams underestimate the cyber threat posed to their organization and 68% said their organization needs to improve its understanding of the threat landscape. While security teams understand the importance of threat intelligence, 79% of respondents admitted that they could focus more time and energy on identifying critical trends. The survey also revealed threat intelligence is not shared frequently enough throughout the organization. For example, Cybersecurity is only discussed on average once every four or five weeks with various departments within organizations, and only 38% of security teams share threat intelligence with a wider group of employees for risk awareness.

“A conventional, check-the-box mindset isn’t enough to defend against today’s well-resourced and dynamic adversaries. Security teams are outwardly confident, but often struggle to keep pace with the rapidly changing threat landscape. They crave actionable information that can be applied throughout their organization,” said Sandra Joyce, Vice President, Mandiant Intelligence at Google Cloud. “As our ‘Global Perspectives on Threat Intelligence’ report demonstrates, security teams are concerned that senior leaders don’t fully grasp the nature of the threat. This means that critical cyber security decisions are being made without insights into the adversary and their tactics.”

One of the problems highlighted by the survey is information overload. Organizations receive vast amounts of threat data that needs to be processed and there is concern that important information may be missed. 84% said they were concerned that they may be missing vital threat intelligence due to the number of alerts and data they have to process, and 69% of respondents said they feel overwhelmed by the threat intelligence data they receive. In healthcare, 79% of respondents said they feel somewhat or completely overwhelmed by the amount of data and alerts they have to deal with.

Mandiant offers several suggestions that can help security leaders maximize their investment and effectively operationalize their cyber threat intelligence. Organizations should regularly evaluate the data received to make sure it is timely, trustworthy, and accurate. It is important to learn about the threat actors that are actually targeting the organization and sector, adapt defenses accordingly, then test defenses and the organization’s response to the attack tactics that have been identified and track improvements over time. Threat intelligence also needs to be leveraged across all security systems and processes to proactively protect against all potential threats. Organizations should also ensure that threat intelligence is communicated effectively with stakeholders to allow that intelligence to be factored in when making purchasing decisions.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist