Security Professionals Suffer ‘Threat Overload’ Due to Volume of Cyberthreat Data

The amount of information available to organizations on cyberthreats is considerable. Unfortunately processing all the information is problematic. 70% of organizations face information overload and are swamped by cyberthreat data, according to a recent survey by the Ponemon Institute.

So much threat data is available that it can be difficult to identify the most pertinent information, while much of the information is too complex to provide actionable insights into the most significant threats. It is therefore no surprise that 73% of respondents said they were unable to use threat data effectively to identify cyberthreats.

Even though cybersecurity is now a business priority, many security professionals are still not sharing cyberthreat information with C-suite executives and board members. Under a third of organizations share information about critical security risks with key stakeholders. 43% of respondents said threat data is not used to drive decision making within their security operations center, while 49% said their IT department didn’t even receive or look at threat intelligence reports.

There are many reasons why organizations struggle to effectively interpret and use threat intelligence data. According to the study, 69% of respondents claimed one of the key problems was a lack of staff expertise in interpreting threat data. Just over half of respondents felt they needed a qualified threat analyst in order to maximize the value of threat intelligence. 58% said lack of ownership was a key issue, while 52% of respondents claimed they did not have suitable technology to process threat data.

53% of organizations said prioritizing malicious threats was very difficult with even with a threat intelligence platform and when threat data is shared, standardized communication protocols are often not used which makes it difficult to understand reports.

While threat data can be invaluable, organizations that receive too much data can easily become swamped, which can be just as bad as having insufficient information. The same is true if threat data is presented in the wrong way.

According to Hugh Njemanze, CEO of Anomali, “The number of threat indicators is skyrocketing and organizations simply cannot cope with the volume of threat intelligence data coming their way. It’s clear that what businesses need is a system that pinpoints the threats they must take notice of and that gives them actionable and relevant insights.” If such a system is not in place, organizations face “threat overload.”

According to Larry Ponemon, chairman and founder of the Ponemon Institute, “Security providers do a great job of gathering and storing data. Now, they need to simplify it and make it actionable so that security teams and top executives can make decisions that protect their businesses from surging attacks.”

It may prove difficult to interpret threat data, but 78% of respondents agreed that receiving threat intelligence was an important part of developing a robust cybersecurity posture. 70% of respondents said they are planning on improving threat intelligence efficiency in the near future, while two thirds of respondents said they will be deploying a threat intelligence platform.

The Ponemon study was conducted on 1,072 respondents in the United Kingdom and United States. The survey was sponsored by threat intelligence platform provider Anomali.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.