- Threat intelligence isn’t universally valuable, particularly for organizations that don’t have the wherewithal to translate threat insights into action. Analysts from various Google business units addressed this challenge Wednesday during a Google Cloud security virtual event.
- While reports detail the tactics, techniques and procedures adversaries employ to bypass controls, most cybersecurity professionals are dealing with common threats. Insights are only useful when organizations do something different based on the knowledge they gain from threat intelligence, said Jayce Nichols, director of adversary operations.
- “If you don’t have a way to incorporate that into your business and security processes, then spend that money on something else because you’re not really going to get the benefit from intelligence,” Nichols said.
Google has a vested interest in threat intelligence, especially since it bought Mandiant for $5.4 billion last year.
Soon after the acquisition closed, Mandiant CEO Kevin Mandia pledged to automate the human-intensive process of understanding threat actors to help organizations find the proverbial needle in the haystack.
Most security teams don’t have the time to read a 10-page report, determine what their organization should do with that intelligence and put it into practice. Organizations have much more tactical needs, Nichols said.
Business email compromise, phishing, vulnerabilities and zero-days have a much greater impact on organizations than advanced persistent threats, for example.
Phishing remained the top initial access vector for security incidents last year with more than 2 in 5 of all incidents involving phishing as the pathway to compromise, according to IBM Security X-Force’s annual threat intelligence report released last month.
Threat intelligence is a multibillion-dollar industry, but just a fraction of the $219 billion IDC expects organizations to spend on cybersecurity software, hardware and services this year.
The downside risk organizations could confront from cyberattacks is also high. The total potential loss from cyberattacks in 2022 surpassed $10.2 billion, according to the FBI Internet Crime Complaint Center’s annual report released earlier this month.
“Threat intel, even in sort of anecdote nuggets, can provide a teachable moment,” said Kristen Dennesen, reporting analyst at Google’s Threat Analysis Group. The story behind the threat can inspire action and inform how people act to keep themselves safe, Dennesen said.