Nearly half of companies that responded to a Ponemon Institute survey have suffered a breach in the past two years that compromised their business network or data.
While three-quarters of respondents to the survey believe threat intelligence is necessary to protect against such breaches, information sharing hasn't helped as much as the companies expected, according to the survey, which was sponsored by threat intelligence firm Internet Identity.
The survey found significant problems with current business approaches to threat intelligence and information sharing. While most companies participate on some level in the exchange of threat intelligence with industry peers, two-thirds of professionals are not satisfied with the timeliness of the data.
"We still have not crossed that gap on how to best use it, or to put it to best effect," Mark Foege, vice president of IID, told eWEEK. "I think we, as vendors, have a ways to go. As consumers, they have to be better about putting threat intelligence to work."
Threat intelligence is a broad category of information that encompasses freely available blacklists and Internet reputation data as well as deep analysis of online threats and actors. A large number of service providers gather data on Internet threats, analyze the data and sell the resulting information as threat intelligence, but companies also exchange informaton with industry peers.
More companies are participating in informal groups set up to exchange information on threats. More than 70 percent of survey respondents participated in such groups, compared to 60 percent in 2014, according to the Ponemon survey. In 2015, slightly more survey respondents felt that threat intelligence could help secure their companies, 65 percent compared to 61 percent in 2014.
Overall, the lion’s share of companies agreed that exchanging threat intelligence with peers helped improve their security and would help protect critical infrastructure. While two-thirds of companies used free sources, 39 percent lacked confidence in the information. Only 45 percent paid a vendor for threat-intelligence services.
The most important attribute of threat intelligence is how quick it is delivered to the right people. While 78 percent of respondents argued that intelligence has to be delivered in minutes to be considered "fresh," only 9 percent of companies received threat information in that time scale.
Recently proposed legislation could help spur more sharing of information. Liability is a concern for 62 percent of companies that are only partially participating in threat intelligence exchanges. Yet, a variety of other concerns likely overshadows the concern about potential liability, including a lack of trust in the intelligence source, a lack of resources and the slow sharing process, according to the Ponemon report.
"If the legislation is signed, I don't think that those organizations will suddenly change," Foege said. "There are many reasons that cut across industries and companies as to why they don't share."