Only 42% of cybersecurity professionals use shared threat intelligence

intel security report

Intel Security released McAfee Labs Threats Report on cyber threat intelligence.

The survey of 500 cybersecurity professionals found that only 42 percent of respondents use shared threat intelligence, despite a rise in cyber threats as indicated in the Q4 threat statistics.

Almost all respondents using shared threat intelligence believe that it enables them to provide better protection for their company.

More than half, 59 percent, of survey respondents find such sharing to be “very valuable” to their organizations, while 38 percent find sharing to be “somewhat valuable.”

“Given the determination demonstrated by cybercriminals, CTI sharing will become an important tool in tilting the cybersecurity balance of power in favor of defenders,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs group.

“But our survey suggests that high-value CTI must overcome the barriers of organizational policies, regulatory restrictions, risks associated with attribution, trust and a lack of implementation knowledge before its potential can be fully realized.”

Survey findings

Industry-specific intelligence

A near unanimous 91 percent of respondents voice interest in industry-specific cyber threat intelligence, with 54 percent responding “very interested” and 37 percent responding “somewhat interested.”

Intel said sectors such as financial services and critical infrastructure stand to benefit most from such industry-specific CTI.

Willingness to share

With regard to the willingness to share threat intelligence, 63 percent of respondents indicated they may be willing to go beyond just receiving shared CTI to actually contributing their own data, as long as it can be shared within a secure and private platform.

However, the idea of sharing their own information is met with varying degrees of enthusiasm, with 24 percent responding they are “very likely” to share while 39 percent are “somewhat likely” to share.

Types of data to share

When asked what types of threat data they are willing to share, 72 percent of respondents said behaviour of malware followed by 58 percent saying URL reputations, 54 percent external IP address reputations, 43 percent certificate reputations  and file reputations 37 percent.

Barriers to CTI

When asked why they have not implemented shared CTI in their enterprises, 54 percent of respondentssaid corporate policy as the reason. It was followed by industry regulations with the percentage of respondents at 24.

The remainder of respondents whose organizations do not share data report being interested but need more information (24 percent), or are concerned shared data would be linked back to their firms or themselves as individuals (21 percent). These findings suggest a lack of experience with, or knowledge of, the varieties of CTI integration options available to the industry, as well as a lack of understanding of the legal implications of sharing CTI.

Intel Security also released Q4 2015 threat statistics.

According to it, ransomware accelerated again by the end of 2015, after slowing slightly midyear. Compared to the third quarter, new ransomware increaswed 26 percent.

McAfee said open-source ransomware code and ransomware-as-a-service continued attacks. The Teslacrypt and CryptoWall 3 campaigns continue to extend their reach, and ransomware campaigns continue to be financially lucrative.

Fourth quarter data also showed that mobile malware jumped 72 percent over the third quarter as malware authors appear to have produced new malware faster.

[email protected]