Report: Threat Intelligence is “Essential” To Strong IT Security Posture | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Threat Intelligence is “Essential” To Strong IT Security Posture

September 19, 2017
by Heather Landi
| Reprints
Click To View Gallery

Amid growing concerns of large-scale cyber attacks, information technology (IT) leaders recognize the increasing importance of threat intelligence in the detection and mitigation of cybersecurity threats, yet organizations continue to struggle with insufficient expertise, data overload and inadequate threat sharing.

Those were among the findings of the second annual Ponemon Institute study on threat intelligence in the U.S. and the U.K. The report examines trends in the benefits of threat intelligence and the challenges companies face when integrating threat intelligence with existing security platforms and technologies. Only respondents who report their organization uses threat intelligence as part of their cybersecurity program completed the survey. A total of 1,071 IT and IT security practitioners in North American and the United Kingdom participated in the survey. About 10 percent of respondents were from the health and pharmaceutical industries.

The survey findings indicate that 84 percent of organizations indicated threat intelligence is “essential to a strong security posture.” However, many organizations struggle with an overwhelming amount of threat data and lack of staff expertise, which diminish the effectiveness of their threat intelligence programs. Threat sharing remains a key priority for organizations, half of which report participating in sharing communities, but a majority of these organizations (60 percent) only receive community intelligence and do not contribute.

This year’s survey results uncovered year over year growth across several critical areas of threat intelligence usage, including increased adoption and effectiveness. Eight percent of North American organizations are currently using threat intelligence as a part of their cybersecurity program, up from 65 percent in 2016. And, 86 percent of respondents indicate threat intelligence is valuable to their security mission, up from 77 percent the previous year. In addition, 83 percent of North American respondents indicate a Threat Intelligence Platform (TIP) is necessary to maximize the value of intelligence data.

“It's abundantly clear that organizations now understand the benefits provided by threat intelligence, but the overwhelming volume of threat data continues to pose a hurdle to truly effective adoption,” Larry Ponemon, Ph.D., chairman and founder of the Ponemon Institute. “Threat intelligence programs are often challenging to implement, but when done right, they are a critical element in an organization's security program. The significant growth in adoption over the past year is encouraging as it indicates widespread recognition of the value threat intelligence provides.”

The Ponemon report revealed that despite overall improvement in threat intelligence usage, threat data overload continues to plague organizations. Sixty-nine percent of respondents indicated that threat intelligence is too voluminous and complex to provide actionable intelligence. Other respondents cited difficulty in the integration of threat intelligence platforms with other security technologies and tools (64 percent), and a lack of alignment between analyst activities and operational security events (52 percent).

Additionally, 71 percent of organizations fail to keep more than three months of historical event logs online, posing a significant challenge in identifying existing threats within the organization.

Other top reasons for threat intelligence ineffectiveness include lack of staff expertise (71 percent of respondents); lack of ownership (52 percent of respondents) and lack of suitable technologies (48 percent of respondents).

“We all see the growing cybersecurity threats, with attacks routinely making the front page. Every day cyber researchers discover thousands of new threats. Organizations need rapid access to the latest threat intelligence to detect any malicious activity in their networks,” Hugh Njemanze, CEO of Anomali, a company that sponsored the study, said in a statement. “In the face of unprecedented volumes of cyber threats, organizations must be able to quickly pinpoint active threats and mitigate them before material damage occurs. This requires a system that is able to prioritize threat data and turn it into actionable insights.”

The Ponemon Institute study also found that external threat sharing remains limited. Only 50 percent of respondents currently participate in industry-centric sharing initiatives such as Information Sharing & Analysis Centers (ISACs), which provide industry-relevant intelligence, collaboration with peers and networking with other security teams. Of those organizations, the majority (60 percent) only receive threat intelligence through ISACs but do not contribute intelligence. The biggest hurdles to outbound intelligence sharing include a lack of expertise (54 percent) followed by fear of revealing a breach (45 percent).

In response to these challenges, many organizations have successfully identified a variety of resources and techniques to help maximize the effectiveness of their threat intelligence, such as deploying a threat intelligence platform (cited by 80 percent of respondents) and integrating SIEM with a threat intelligence platform (cited by 65 percent of respondents). Survey respondents also noted that it is essential to have a qualified threat analyst on staff.



Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



ONC Roundup: Senior Leadership Changes Spark Questions

The Office of the National Coordinator for Health IT (ONC) has continued to experience changes within its upper leadership, leading some folks to again ponder what the health IT agency’s role will be moving forward.

Media Report: Walmart Hires Former Humana Executive to Run Health Unit

Reigniting speculation that Walmart and insurer Humana are exploring ways to forge a closer partnership, Walmart Inc. has hired a Humana veteran to run its health care business, according to a report from Bloomberg.

Value-Based Care Shift Has Halted, Study Finds

A new study of 451 physicians and health plan executives suggests that progress toward value-based care has stalled. In fact, it may have even taken a step backward over the past year, the research revealed.

Study: EHRs Tied with Lower Hospital Mortality, But Only After Systems Have Matured

Over the past decade, there has been significant national investment in electronic health record (EHR) systems at U.S. hospitals, which was expected to result in improved quality and efficiency of care. However, evidence linking EHR adoption to better care is mixed, according to medical researchers.

Nursing Notes Can Help Predict ICU Survival, Study Finds

Researchers at the University of Waterloo in Ontario have found that sentiments in healthcare providers’ nursing notes can be good indicators of whether intensive care unit (ICU) patients will survive.

Health Catalyst Completes Acquisition of HIE Technology Company Medicity

Salt Lake City-based Health Catalyst, a data analytics company, has completed its acquisition of Medicity, a developer of health information exchange (HIE) technology, and the deal adds data exchange capabilities to Health Catalyst’s data, analytics and decision support solutions.