Cyber Threat Intelligence: Lack of Training, Tools, Oversight

Cybersecurity Insider’s 2020 Cyber Threat Intelligence Report cites a problematic lack of training, tools, and oversight that could come back to haunt their employers.


Did you know that 85% of Cyber Threat Intelligence (CTI) professionals have received little or no training for online activities critical to ensure corporate and public safety?

This is just one of the surprising findings of the just-released 2020 Cyber Threat Intelligence Report. It is based on a survey among 338 CTI analysts and practitioners and sponsored by Authentic8.

The survey results provide a rare glimpse into the world of cyber threat intelligence production and management.

CTI researchers rely to a high degree on collection and analysis of Open Source Intelligence (OSINT) – data and insights gathered from publicly available sources. Conducting CTI research, whether on behalf of a Network Security Operations Center, fraud investigation department, or public safety team, carries inherent risks.

Primary CTI Tool: The Web Browser

83% of cyber threat intelligence analysts use a web browser as their primary tool for conducting research, the report shows. Yet how they access the web remains both insecure and attributed to the organization.

Illistration: 2020 Cyber Threat Intelligence Report Cover

The 2020 Cybers Threat Intelligence survey reveals that most CTI practitioners lack training, tools, and internal oversight. Highlights from the report include:

  • 55% are venturing into the Dark Web as part of their OSINT activity 10 or more times per month;
  • 38% do not use managed attribution tools to mask or hide their online identities or personas;
  • 29% report no oversight procedures to ensure that tools are not being abused by analysts.

As a leading provider of web isolation and research solutions with managed attribution for security teams in public and commercial sectors, Authentic8 wanted to understand better how well organizations prepare their researchers to explore the web.

“These findings show that they are ill-equipped for their mission,” said Scott Petry, Co-founder and CEO of Authentic8.

“Individuals may have some prior experience, but as a group, they’re not trained, equipped, or tasked sufficiently,” said Petry. “Analysts are at the front lines, and if they’re not equipped properly, their actions can put organizations at risk.”

CTI professionals are frequently exposed to websites harboring online exploits, such as malware, as well as to attribution, de-anonymization, and counterintelligence efforts by adversaries.

As more organizations realize that proper risk management requires an external assessment of the threats they are facing, they are turning to primary information analysis functions for better situational awareness.

CTI professionals conduct their research in dark corners of the internet. Many are regularly exposed to websites harboring online exploits.

“Abuse or Compliance Violation Waiting to Happen”

Additionally, adversaries with control over the destination websites where research is conducted can perform de-anonymization and counterintelligence actions that expose the identity and intent of the researcher – and that’s a growing problem, explains Petry.

“It’s surprising that so many organizations – almost 30% – don’t even monitor their CTI employees as they traverse the web,” added the Authentic8 CEO. “That’s a compliance violation or abuse of resources waiting to happen.”

The field is evolving, according to Holger Schulze, CEO and Founder of Cybersecurity Insiders: “We’re excited to see how rapidly CTI is turning into a pillar of security and public safety functions across the board in a variety of industries. Our report reflects that dynamic.”

“A Timely Reality Check”

“This new data comes as a timely reality check,” commented Jake Williams, a SANS Institute Analyst and President and Co-Founder of Renditions InfoSec, who helped design the survey. “Lessons learned from this survey can be building blocks for improving operational security and collaborative efficiency on CTI teams.”


Get the report and gain new insights that will help you to efficiently leverage CTI and OSINT without exposing your organization to legal, reputational, or regulatory risk


*** This is a Security Bloggers Network syndicated blog from Authentic8 Blog authored by A8 Team. Read the original post at: