Security professionals are willing to share intel with their peers and the government if such sharing improved their ability to detect cyber threats, according to an IronNet survey.
Cybersecurity professionals face difficult challenges and obstacles just keeping up with the latest threats. Those challenges are especially great if security pros at organizations are working in isolation to try to detect and prevent threats. That’s why a collective defense is something many see as important, according to a study released Wednesday by IronNet.
In a survey of 200 US security IT decision makers commissioned by IronNet and conducted by independent research firm Vanson Bourne, 94% said their company would be willing to increase the level of threat sharing with their industry peers if that process demonstrably improved their ability to detect threats.
SEE: Essential reading for IT leaders: 10 books on cybersecurity (free PDF) (TechRepublic)
The willingness to share goes beyond fellow companies. Some 92% of respondents said they would increase their threat sharing with the government if doing so enabled the government to use its political, economic, cyber, or other national-level capabilities to deter cyber attacks.
Sharing intel about security threats is hardly a new or untested concept. Many of the organizations surveyed already share certain information with others. Among the respondents, 94% said they currently subscribe to or invest in some type of collective defense. They reported sharing such threats as malicious IP addresses, file hashes, domains, and other signature-based indicators.
The idea of sharing threat information sounds like a good one. But are current efforts working effectively? No, not quite, according to IronNet. Companies typically focus on sharing information about existing threats, but are failing to detect variations of such threats, as well as threats and attacks where no indicators are available. Further, sharing of intel can take weeks or months, giving attackers ample time to wield the same tactics on additional targets. IronNet called today’s efforts at threat sharing “snapshots and bandages that cover yesterday’s attacks but don’t fully protect you from tomorrow’s threats.”
Security professionals acknowledge that their current strategies for sharing threat information are not doing the job. Half of the people surveyed said that their threat sharing tool could be improved. Specifically, some 46% saw a need for better sharing of cyber attacker tools, tactics, and procedures (TTP) with the same percentage looking to more quickly share raw intelligence.
Beyond threat sharing, many respondents are looking to artificial intelligence (AI) and machine learning to help them in their cybersecurity efforts. A full 73% of those surveyed said their organization has already started to explore using AI or machine learning cyber defense in the past 12 months. Of those, some 69% said that this initial exploration has already exceeded their expectations.
Finally, the survey revealed a disconnect between confidence levels about cybersecurity defenses and actual security incidents. A full 85% of respondents rated their organization’s cybersecurity technology, systems, and tools as advanced. However, almost eight in 10 respondents revealed that their company has had a cybersecurity incident so severe that it required a meeting of C-level or board executives. Further, over a 12-month span, respondents on average said their organizations were hit by four cyber attacks, with 20% of them reported being attacked six or more times.
To conduct the survey for IronNet, Vanson Bourne interviewed 200 U.S. security IT decision makers in January and February of 2019. Among the respondents, 107 people serve in C-level roles, while 67% work in organizations with 5,000 or more employees. The top three sectors represented were IT, technology, and telecoms (30%); retail, distribution, and transport (29%); and financial services (28%).