Cyber Threat Intelligence: Analysts Undertrained, Unsupported
2020 CTI report, sponsored by Authentic8, cites a shocking lack of training, tools and oversight
REDWOOD CITY, Calif., March 19, 2020 /PRNewswire/ -- 85% of Cyber Threat Intelligence (CTI) professionals have received little or no training for online activities critical to ensure corporate and public safety, according to the new 2020 Cyber Threat Intelligence Report.
The report, which was introduced today, is based on a survey among 338 CTI analysts and practitioners. It is published by market research firm Cybersecurity Insiders and sponsored by Authentic8, the leading provider of web isolation and research solutions with managed attribution for security teams in public and commercial sectors.
The report provides a rare glimpse into the world of cyber threat intelligence production and management. CTI researchers rely to a high degree on collection and analysis of Open Source Intelligence (OSINT) - data and insights gathered from publicly available sources.
Conducting CTI research, whether on behalf of a Network Security Operations Center, fraud investigation department, or public safety team, carries inherent risks. 83% of cyber threat intelligence analysts use a web browser as their primary tool for conducting research, the report shows, yet how they access to the web remains both insecure and attributed to the organization.
The survey results reveal that most CTI practitioners lack training, tools and internal oversight. Highlights from the report include:
- 34% of respondents didn't have any prior experience with OSINT-related research;
- 85% reported they received little or no training in OSINT techniques and risk prevention from their current employer;
- 55% are venturing into the Dark Web as part of their OSINT activity 10 or more times per month;
- 38% do not use managed attribution tools to mask or hide their online identities or personas;
- 29% report no oversight procedures to ensure that tools are not being abused by analysts.
"We wanted to understand how well organizations prepare their researchers to explore the web," said Scott Petry, Co-founder and CEO of Authentic8. "These findings show that they are ill-equipped for their mission. Individuals may have some prior experience, but as a group, they're not trained, equipped, or tasked sufficiently. Analysts are at the front lines, and if they're not equipped properly, their actions can put organizations at risk."
CTI professionals are frequently exposed to websites harboring online exploits, such as malware, as well as to attribution, de-anonymization, and counterintelligence efforts by adversaries.
As more organizations are realizing that proper risk management requires external assessment of the threats they are facing, they are turning to primary information analysis functions for better situational awareness.
CTI professionals conduct their research in dark corners of the internet. Many are regularly exposed to websites harboring online exploits. Additionally, adversaries with control over the destination websites where research is conducted can perform de-anonymization and counterintelligence actions which expose identity and intent of the researcher - and that's a growing problem, according to Petry.
"It's surprising that so many organizations - almost 30% - don't even monitor their CTI employees as they traverse the web," added the Authentic8 CEO. "That's a compliance violation or abuse of resources waiting to happen."
The field is evolving, according to Holger Schulze, CEO and Founder of Cybersecurity Insiders: "We're excited to see how rapidly CTI is turning into a pillar of security and public safety functions across the board in a variety of industries. Our report reflects that dynamic."
"This new data comes as a timely reality check," commented Jake Williams, a SANS Institute Analyst and President and Co-Founder of Renditions Infosec, who helped design the survey. "Lessons learned from this survey can be building blocks for improving operational security and collaborative efficiency on CTI teams."
About Authentic8
Authentic8 enables anyone, anywhere, on any device to experience the web without risk. Founded by the principals from Postini, acquired by Google in 2007, Authentic8's Web Isolation Platform, Silo, brings a "trust nothing" stance toward the underlying systems and resources we interact with online daily.
The Silo Web Isolation Platform separates the things you care about like apps, data and devices, from the things you cannot trust like external websites, users and unmanaged devices. Silo executes all web code in a secure, isolated environment that is managed by policy, to provide protection and oversight.
Today, the world's most at-risk organizations rely on Silo to deliver trust where it cannot be otherwise guaranteed. Learn more at www.authentic8.com.
SOURCE Authentic8
Share this article