Inner Circle Podcast Episode 030
My guest for this episode of the Inner Circle podcast is Jamil Jaffer, Vice President for Strategy & Business Development at IronNet Cybersecurity. We discuss a recent report from IronNet–Collective Offense Calls for a Collective Defense: A Reality Check for Cybersecurity Decision Makers–which focuses on the value of sharing threat intelligence and the challenges organizations face when it comes to cooperating with others on threat intelligence.
Have you ever done a jigsaw puzzle? When I do a jigsaw puzzle, I usually have the top of the box the puzzle came in sitting right next to me as a reference. It lets me see what the picture is that I am trying to build and makes it easier to understand–at least in some broad, general sense–where in the puzzle a given piece might be likely to fit. Now, imagine that I just hand you two or three random pieces of a puzzle, but you have no idea what the finished picture is supposed to look like. Where would you begin? With only a few pieces and no idea what the end result should be, how would you make sense of the pieces you have?
That is what threat intelligence is often like. An organization may have a number of signals or indicators that malicious activity is occurring, but no idea what other indicators they’re missing or any idea what the goal or purpose of the threat is. By cooperating with other organizations–sharing and collaborating on the random puzzle pieces each one has–it is possible to get a better view of what the threat is and how to effectively defend against it.
There are a number of interesting key findings from the IronNet report, such as:
Organizations Are Ready for Collective Defense
- The vast majority (94 percent) of respondents’ organizations currently subscribe to or invest in some form of collective defense, including threat sharing of IPs, file hashes, domains, and other signature-based indicators.
- 94 percent of respondents stated that their organization would be willing to increase the level of threat sharing with their industry peers if it demonstrably improved their ability to detect threats.
- Similarly, 92 percent say their organization would be willing to increase sharing with the government if it enabled the government to use political, economic, cyber, or other national-level capabilities to deter cyber attacks.
There’s a Disconnect Between Confidence Levels and Actual Vulnerability and System Maturity
- 55 percent of IT decision makers noted that they are confident that their cybersecurity capabilities are advanced and stated they are in better shape than others in their industry.
- 85 percent of respondents are most likely to rate their organization’s cybersecurity technology, systems, and tools as advanced.
- In a 12 month span, respondents on average experienced 4 attacks on their organization, with 20 percent of respondents being hit 6 or more times.
- Nearly a quarter of respondents identified that they are facing issues with each of the following: lack of real-time visibility across industrial control systems and IoT (27 percent), lack of timely threat intelligence information (25 percent), and too many cybersecurity tools and poor integration between them (24 percent).
- Almost 8 in ten respondents stated their organization has had a cybersecurity incident so severe, it has required a C-level/Board meeting after.
AI and ML Investment is Robust, but Maturity is Key to ROI
- Three-quarters (73 percent) of respondents state that their organization has invested in Artificial Intelligence (AI) or Machine Learning (ML) in the past 12 months.
- Of the 27 percent of respondents who hadn’t invested in AI or ML in the past 12 months, 35 percent said their reason was that they were simply unsure of the value.
Check out this episode of the Inner Circle podcast and feel free to comment below to share additional thoughts or ask question on this topic.