In the past few years, CTI has evolved from small, ad hoc tasks performed disparately across an organisation to, in many cases, robust programmes with their own staff, tools and processes that support the entire organisation, according to the latest SANS 2020 CTI Survey.
“In the past three years, we have seen an increase in the percentage of respondents choosing to have a dedicated team over a single individual responsible for the entire CTI programme,” said survey author and SANS instructor Robert M. Lee.
The survey, which was conducted by SANS Institute, also highlighted that just under 50 percent of respondents’ organisations have a team dedicated to CTI, up from 41 percent in 2019. In total, more than 84 percent of organisations reported having some kind of resource focusing on CTI. While the number of organisations with dedicated threat intelligence teams is growing, results also demonstrate a move toward collaboration, with 61 percent reporting that CTI tasks are handled by a combination of in-house and service provider teams.
“We continue to see an emphasis on partnering with others, whether through a paid service provider relationship or through information-sharing groups or programs,” said Lee. “Collaboration within organisations is also on the rise, with many respondents reporting that their CTI teams are part of a coordinated effort across the organisation.”
Another sign of maturity is the definition and documentation of intelligence requirements. The number of organisations reporting a formal process for gathering requirements increased 13 percent from last year, to almost 44 percent in 2020. This makes the intelligence process more efficient, effective and measurable – keys to long-term success.
When asked which inhibitors were holding their organisation back from implementing CTI effectively, the highest response – by 57 percent of respondents – was a lack of trained staff or lack of skills needed to fully utilise CTI, while 52 percent named a lack of time to implement new processes, and 48 percent said the issue was a lack of funding.
The report also looked at where CTI team members are drawn from within the organisation, the types of information used for intelligence gathering and the sources used for gathering that intelligence.
The 2020 SANS Cyber Threat Intelligence (CTI) Survey received 1006 responses from a wide-ranging group of security professionals from various organisations. There was good representation from small, medium and large organisations and from across the globe, with 327 respondents coming from organisations headquartered in EMEA.