By Rob Starr, Content Manager Big4.com
More than half of the respondents to a recent PwC survey say they actively monitor and analyze threat intelligence, but don’t understand how to pivot toward the kind of integrated platform for real-time information sharing that works in today’s environment.
This is one of the biggest takeaways from PwC’s new analysis, “Toward new possibilities in threat management; How businesses are embracing a modern approach to threat management and information sharing.” The research looks at the need for threat intelligence to become increasingly predictive and how sharing information is one of the pegs this new version of cybersecurity needs to hang its hat on to be successful. This research is the second instalment springing from PwC’s Global State of Information Security® Survey 2017 (GSISS 2017) released in October.
Christopher O’Hara, US Co-leader, Cybersecurity and Privacy, began by explaining this required reactive to proactive shift in a historical context.
“When our country was formed, we protected it by putting big brick forts at the edge of the river,” he said. “ That way, we knew who was coming in and out and could protect ourselves. That’s how cybersecurity began. When you put the firewalls up , you put the moats in.”
He goes on to say the variety of intelligence sources organizations can draw on today like military , local law enforcement and even private citizens, allows for a steady stream of real-time data not seen before that’s analyzed and correlated in large quantities.
“We believe that cybersecurity is going to need to make a pivot where they listen to that information coming in from multiple sources, analyze it to figure out what’s relevant and real, understand the impact and determine an appropriate course of action. That’s the future,” he says.
A decade ago, cybersecurity had a decidedly reactive focus whereby prevention and analysis focused on known threats. Today, many organizations are seeing the benefits of being proactive and including new elements like dynamic information sharing. Case in point. Among GSISS respondents detecting a security incident in 2008, 42% didn’t know the source; recently, those numbers are below 10%.
While the need is clear, the challenges to implementing a real-time threat-intelligence and information-sharing program are present and at least partially about corralling in the data. O’Hara explains.
“It’s challenging because there’s so much of it out there,” he says. “ We’ve got paid subscriptions for threat intelligence, there are nation states publishing information, there are information sharing organizations,” he says adding that for the scale of threat management needed for large scale organizations, innovations like the cloud infrastructure works well.