Security Professionals Overwhelmed by Threat Intelligence Data, Increasing Vulnerability to Cyberattacks

Security pros drowning in threat-intel data

Too many threats, too much data, and too few skilled security analysts are making companies more vulnerable to cyberattacks, according to the IT and security leaders tasked with protecting these organizations from digital threats. Google Cloud commissioned a study that had Forrester Consulting query 1,541 director-level and above tech professionals in January. All of the respondents came from companies with at least 1,000 employees, across 12 industries and eight countries: the US, UK, Singapore, Canada, Canada, Australia, Japan, Germany, and France The survey found that security and IT execs and directors are drowning in threat intelligence data feeds, with 61 percent saying that their teams are overwhelmed by the sheer volume of information. Meanwhile, 60 percent said that they don't have enough skilled security personnel to analyze all of this information, with 59 percent responding that it's difficult to verify the validity and relevancy of threats and an equal percentage saying that they struggle with making this data actionable. All of this makes it increasingly difficult for organizations to take a proactive approach to security. 72 percent of respondents said "my organization is mostly reactive when it comes to cybersecurity threats." Looking at the responses by industry, manufacturing is the most worried about missing real threats due to too much data and alerts, with 89 percent of respondents saying that they are "concerned" or "very concerned." They have good reason to be concerned. According to the FBI's latest Internet Crime Complaint Center (IC3) annual report, ransomware gangs hit manufacturing especially hard last year, with 218 reported infections, making this industry the second most attacked of America's critical infrastructure sectors. Healthcare and public health (249 ransomware attacks) took the top spot on the list. The report authors opine that operational technology challenges may play a role in manufacturers' concerns: Another interesting industry-specific statistic: while most (80 percent) of all respondents agreed that their senior leadership team underestimated their company's cyberthreats, that percentage is highest among technology and tech services firms, with 84 percent saying this is the case within their organizations. "This could be due to leaders prioritizing innovation and speed to market over security and/or this industry being less regulated than others," the report authors suggest. When it comes to the threats that respondents are most concerned about over the next 12 months, phishing and credential theft (46 percent) tops the list, with ransomware/multifaceted extortion (44 percent) coming in second. AI prompt injections (34 percent) ranked third, with quantum computing breaking encryption and supply chain threats tying for fourth at 41 percent. Insider threats (29 percent), distributed denial of service (27 percent), nation-state attacks (21 percent), cryptomining (18 percent), and espionage (17 percent) round out the list. The study also offers a handful of recommendations for security leaders struggling with the influx of threats and data, and reframing "threat intelligence as a capability, not a feed," is key among these. "Mistaking raw data for insights leads to an overwhelming number of indicators with little context or the ability to act on them," the report authors wrote. "Security leaders can extract the true value of threat intelligence by treating it as a process, rather than a product; they must leverage skilled resources for activities like analysis, enrichment, contextualization, and alignment with real-world threats." Similarly, the report recommends that you don't just use more threat-intel tools and services without first identifying intelligent requirements and use cases specific to your business. Doing this helps "answer the 'so what' of intelligence rather than 'reporting the news.'" ®

Security overload is leaving admins with too much alert data to comprehend - which makes things even more dangerous

The security field is suffering from a skills shortage, putting firms at risk Security professionals have long been reporting high levels of stress and burnout, which is only compounded by a skills shortage in the industry, and new research claims the sheer volume of threats, as well as the data those threats produce, is putting firms at risk. Research from Google Cloud found threat notifications aren't the helpful tool they could be, and in fact can be overwhelming security teams, with nearly two-thirds (61%) of security practitioners saying they think there are, 'too many threat intelligence data feeds', and 60% believing there are too few threat analysts to sift through the data efficiently. "Rather than aiding efficiency, myriad [threat intelligence] feeds inundate security teams with data, making it hard to extract useful insights or prioritize and respond to threats. Security teams need visibility into relevant threats, AI-powered correlation at scale, and skilled defenders to use actionable insights, enabling a shift from a reactive to a proactive security posture," the study argued. Too much data leads to analysts stuck in 'reactive mode', with 86% of respondents saying their organisation has gaps in its understanding of the threat landscape, as well as 85% saying more focus could be put on emerging threats, and 72% are mostly reactive to threats, not able to get ahead of trends. Adjacent research from SentinelOne shows that a large proportion of Cloud security alerts are false positives (not relevant to the organisation). The majority of respondents (53%) say that over half of the alerts they receive are a false positive, outlining just how real the 'alert fatigue' is. This makes securing cloud environments difficult, say 92% of respondents, with too many point solutions leading to management and integration issues, creating more alerts, lower quality alerts, and therefore slower reactions to attacks thanks to the confusion. Perhaps unsurprisingly, both sets of research have one suggestion to solve this issue - and it's not investing in better training and support to address the skills shortage. Instead, you guessed it, it's AI. AI can help ease the pressure by improving an organisation's ability to operationalise threat intelligence, generating 'easy-to-read summaries' and recommending next-steps to 'uplevel junior analysts', Google's research says. "We believe the key is to embed threat intelligence directly into security workflows and tools, so it can be accessed and analyzed quickly and effectively," noted Jayce Nichols, Google Cloud Director, Intelligence Solutions. "AI has a vital role in this integration, helping to synthesize the raw data, manage repetitive tasks, and reduce toil to free human analysts to focus their efforts on critical decision-making."