Are you confident that you understand your company’s cyber security posture?
This past year has reinforced the challenge of confidently predicting the future. What we know for sure, however, is that the future for senior leadership and their information security teams will feature difficult conversations about the state of their cyber security.
Because these cyber security discussions can be complex, it may be difficult for stakeholders to feel confident in their decisions. Indeed, a recent survey of US and UK cyber security professionals found that 70% lacked confidence in their organisation’s security posture.
However, senior leadership teams make challenging decisions all the time. There is no reason why they shouldn’t have the same comfort discussing their cyber security posture as they do other core elements of their business. So, what's driving their insecurity?
Ask someone what “cyber threat intelligence” is and they will probably point you in the direction of a shiny piece of software that costs a lot of money. Ask them what it does, and they’ll likely tell you that it searches the dark web, provides real time threat information, and helps prevent incidents before they happen. It all sounds really impressive – and in many ways it is – but, ask that same person what they are trying to achieve with their threat intelligence programme, or even how they measure its success, and the crickets will start to chirp.
This would not be their fault. The landscape of cyber threat intelligence is confused right now, and it is exceedingly difficult to cut through the noise and work out how to add value to your cyber security initiatives. Part of the reason for this, is that the industry seems to have prioritised selling flashy subscriptions over helping organisations identify and understand their intelligence objectives.
Ask someone what “cyber threat intelligence” is and they will probably point you in the direction of a shiny piece of software that costs a lot of money. Ask them what it does, and they’ll likely tell you that it searches the dark web, provides real time threat information, and helps prevent incidents before they happen. It all sounds really impressive – and in many ways it is – but, ask that same person what they are trying to achieve with their threat intelligence programme, or even how they measure its success, and the crickets will start to chirp.
This would not be their fault. The landscape of cyber threat intelligence is confused right now, and it is exceedingly difficult to cut through the noise and work out how to add value to your cyber security initiatives. Part of the reason for this, is that the industry seems to have prioritised selling flashy subscriptions over helping organisations identify and understand their intelligence objectives.