- Almost 4 in 5 organizations are making cybersecurity decisions without any insight into the attackers they are facing off with, according to a report from Mandiant, a unit of Google Cloud.
- Nearly all of the 1,350 global cybersecurity decision makers in the survey said they were satisfied with the quality of intelligence they were receiving. But almost half of respondents said their greatest challenge was to effectively apply that intelligence across their security organization.
- Two-thirds of respondents said senior leadership teams still underestimate the cyberthreats targeting their organizations.
The report, conducted by the market research firm of Vanson Bourne, examines the value and implementation of threat intelligence across global organizations. The respondents span 13 countries and 18 industries, including financial services to healthcare and government.
Effective threat intelligence can impact detections, inform incident response and help guide network defenders proactively hunt for threats, according to Luke McNamara, Mandiant principal analyst, Google Cloud. Threat intelligence can also help the C-suite and board members gain a better understanding of the threat landscape and how that may impact operations.
“Ultimately, threat intelligence is an input into the security function of an organization, that when properly used and disseminated to the right stakeholders within the organization, helps mitigate business risk,” McNamara said via email.
Oftentimes threat actors are hiding for weeks and months within an organization’s computer systems and if their techniques and behavior patterns are unknown, they can often do tremendous damage before a security team even understands what has taken place.
For example, the SolarWinds supply chain attacks were first disclosed in December 2020, however subsequent research found the threat actors were quietly lurking inside the systems of government agencies and private organizations for more than a year before the attack was officially discovered.
The Mandiant report indicates companies may not always have regular communication with their leadership about current developments.
Cybersecurity is discussed on average every four to five weeks within organizations, including with the C-suite, board members and other senior stakeholders. Cybersecurity discussions are less frequent with other groups, such as investors, taking place on average every seven weeks.
Correction: This article has been updated to reflect the supply chain attacks targeting SolarWinds took place in 2020.