As healthcare interest in threat intelligence grows, lack of expertise is limiting use
While there’s been a steady increase in interest in threat intelligence within the healthcare industry, a recent Ponemon study found a lack of staff expertise is hindering the ability of security experts from getting the most value from the tool.
Ponemon Institute surveyed over 1,000 IT and IT security professionals from the U.S. and U.K. to determine whether or how threat intelligence is used within their organization’s cybersecurity program.
Eighty-six percent of respondents said threat intelligence was valuable to their organization’s security mission, and 84 percent said the tool was essential to a strong security posture.
Despite this interest, only 51 percent of respondents said incident responders are using threat intelligence to respond to threats, although that number has increased 5 percent since last year.
The number one reason threat intelligence is often ineffective is due to lack of expertise, according to the report. In fact, it’s the primary reason companies opt not to deploy a threat intelligence platform. Another reason pointed to was that the threat intelligence data was too voluminous and complex.
In fact, only 41 percent of respondents rated their organizations as highly effective in this area. Although the number has risen substantially from the 27 percent in 2016.
The first challenge for organizations to figure out the intelligence available and determine how to incorporate it into the environment, explained Hugh Njemanze, CEO at Anomali, which sponsored the survey.
“That’s the place to start: Be on a platform that let’s you consume intelligence, point to sources that are relevant to field and the rest is automated,” said Njemanze. “The next step of sophistication is to look at the tools monitoring these logs.”
Threat intelligence is designed to leverage evidence-based data pulled from data pools already collected within an organization, about existing or emerging threats. The use of threat intelligence allows an organization to make informed decisions about how to deal with the threat.
To Njemanze, the most important thing is to deliver threat intelligence into the tools that leverage it to make the data useful. ISACS -- member-driven organizations that deliver all-hazards threat and mitigation data to organizations -- are crucial to improving how threat data is delivered and made useful.
But while half of organizations are sharing threat data with its trusted security vendors, only 39 percent of organizations are sharing data within the industry -- to groups like ISACs or ISAUs. And another 37 percent of respondents said their organization isn’t externally sharing threat intelligence.
Fortunately, awareness is increasing, as the majority of respondents said their organization is or is planning to participate with ISACs or ISAUs in the near future.