ThreatQuotient-sponsored 2021 SANS Cyber Threat Intelligence survey reveals impact of COVID

Respondents to the survey indicate their usage of CTI changed significantly during 2020, influenced by sharp rise in COVID-related phishing and ransomware attacks.

ThreatQuotient™, a leading security operations platform innovator,  announced the results of the 2021 SANS Cyber Threat Intelligence survey. The spike in cyber breaches in the past year, compounded by COVID-related attacks, has only increased the importance of Cyber Threat Intelligence (CTI) in the past year. The survey, sponsored by ThreatQuotient, explores the state of play in the global use of CTI and outlines why the difficulties of the past year have contributed to the continued growth and maturity of CTI.

“CTI is a key tool that can help regional businesses understand the intent of threat actors as they plan and conduct malicious cyber activities. CTI helps security professionals understand how threat actors are targeting systems, information, and people. This contextual information once built up can help organizations proactively respond to threats and risks, and design better cyber defenses,” explains Firas Ghanem as Regional Director – Middle East & Pakistan at ThreatQuotient.

Almost 20% of respondents indicated their implementation of CTI changed as a result of the pandemic, as adversaries took advantage of the disruption, with a sharp rise in COVID-related phishing and ransomware attacks targeting organizations across all industries. The mass shift towards remote working expanded the attack surface of organizations, as employees left the confines of their organizations’ cyber protections.

Respondents identified work-from-home threats such as phishing, lost or stolen devices, home networking equipment, malware, accidental release of sensitive data information, and employees having unauthorized access to business assets, as playing a big part in how their implementation of CTI changed.

“While CTI is vital for regional enterprises, the shortage in skilled resources continues to be a primary obstacle, according to 53% of respondents. Trained analysts are required to make CTI relevant for an enterprises’ specific needs. The survey also found that organizations are taking charge in the management of their CTI functions, with in-house teams growing and hybrid models decreasing,” adds Ghanem.

The findings show remote working changed the way CTI, incident response and security operations center teams communicate, with both positive and negative impacts. With responses demonstrating that remote working helped teams be more focused and collaborative, while the use of text-based platforms helped facilitate communication between teams. However, some respondents identified the loss of face-to-face conversations as inhibiting sharing between teams.

Organizations also reported an increase in awareness of how the crisis impacted their employees, fostering an understanding that while many enjoyed working from home, CTI analysts found it difficult to shut down and take breaks when the office is your home. CTI and security professionals have also seen a benefit from working virtually in the ability to attend virtual events, conferences or meetings, not only overcoming barriers of travel and spend, but it has also led to greater intelligence and threat sharing.

As CTI tools and processes are becoming more automated, analysts are able to spend more time working on more important and engaging activities, rather than mundane collection and processing tasks. With the demand higher than ever on CTI analysts to integrate or process more information from government sources into their analysis, and processing often the most automation relevant task, there is a widespread organizational need for better CTI tools and processes.