The Majority of Business Cyber Security Decisions are Made Without Insight into the Attacker, According to New Mandiant Report

Mandiant Inc. unveiled the findings of its “Global Perspectives on Threat Intelligence” report, which provides new insight into how organizations navigate the increasingly complex threat landscape. The report is based on a global survey of 1,350 cyber security decision makers across 13 countries and 18 sectors – including financial services, healthcare and government.

Operationalizing intelligence: an identified challenge

Despite the widespread belief that understanding the cyber threat actors who could be targeting their organization is important, 79% of respondents stated that their organizations make the majority of cyber security decisions without insights into the threat actor that is targeting them.

While the report found that nearly all respondents (96%) were satisfied with the quality of threat intelligence their organization is using, respondents declared effectively applying that intelligence throughout the security organization to be one of their greatest challenges (47%). Further, almost all (98%) of those surveyed said they need to be faster at implementing changes to their cyber security strategy based on available threat intelligence.

Recommended AI: Philips Speech and Sembly AI Launch SmartMeeting As Answer To New Meeting Culture

Underestimating the threat

According to the survey, 67% of cyber security decision makers believe senior leadership teams still underestimate the cyber threat posed to their organizations, while more than two-thirds (68%) agree their organization needs to improve its understanding of the threat landscape.

However, despite these concerns, security decision makers remain optimistic regarding the effectiveness of their cyber defenses. When asked about confidence in whether their organization is fully prepared to defend itself against different cyber security events, respondents felt most confident in tackling financially motivated threats, such as ransomware (91%), followed by those conducted by a hacktivist actor (89%) and nation-state actor (83%). When asked to rank which countries their organization would be unable to fully defend itself against, more than half of respondents (57%) said Russia, followed by China (53%), North Korea (52%) and Iran (44%).

Recommended AI: UTB Bot Unveils a New Way to Leverage Automation and Cryptocurrencies

Further, just over half of respondents (53%) felt they could prove to their senior leadership team that their organization has a highly effective cyber security program.

• Cyber security is only discussed on average once every four or five weeks with various departments within organizations, including the board, members of the C-suite and other senior stakeholders. This cadence is even less frequent for groups such as investors, where the average lowers to once every seven weeks.
• Only 38% of security teams share threat intelligence with a wider group of employees for risk awareness.
• A majority (79%) of respondents relayed that their organization could focus more time and energy on identifying critical trends.

Recommended AI: AI Smart Chain Ecosystem Launches, Bringing Artificial Intelligence to Crypto Space

[To share your insights with us, please write to sghosh@martechseries.com]