With an eye toward gaining intel about attacks from adversaries, the vast majority of companies have threat intelligence in place but only a quarter are achieving the desired business goal, according to a report released today by the Information Security Forum (ISF).
As a result, the ISF offers up nine steps to help companies achieve their goals and sidestep five of the most common problems in hitting the mark. The ISF Threat Intelligence: React and Prepare report notes that 82% of its members surveyed have threat intelligence capabilities, but only 25% are satisfied with the results.
One problem includes a lack of a single definition of threat intelligence, another is finding people with skills to identify the threats and analyze the impact to business. Another issue: integrating threat intelligence into the way a company makes decisions, the report found.
In identifying the steps needed to help companies manage their threat intelligence capabilities, ISF offers up these nine recommendations: develop a prioritized list of threat intelligence requirements; select sources to support threat intelligence analysis; process information from sources; analyze the information; share the intel with the user; make a decision; take action; and circle back with a review and revise strategy, the report advises.
Read more about the ISF report here.