In the previous few years, CTI has advanced from small, ad hoc tasks carried out disparately throughout an organization to, in many cases, strong programs with their own staff, equipment and techniques that support the whole organization. This is in accordance to the SANS 2020 CTI Survey, the current report via the global leader in cyber security training and certifications, SANS Institute.

In the previous three years, we have seen an increase in the percentage of respondents deciding on to have a devoted crew over a single person responsible for the whole CTI program, says survey author and SANS instructor Robert M. Lee.

In fact, survey results point out that just fewer than 50% of respondents organizations have a team devoted to CTI, up from 41% in 2019. In total, more than 84% of organizations stated having some type of resource focusing on CTI. While the number of organizations with devoted threat intelligence groups is growing, results also exhibit a move towards collaboration, with 61% reporting that CTI tasks are dealt with by a combination of in-house and service provider teams.

We continue to see an emphasis on partnering with others, whether via a paid service provider relationship or via information-sharing groups or programs, continues Lee. Collaboration within organizations is also on the rise, with many respondents reporting that their CTI groups are part of a coordinated effort throughout the organization.

Another sign of maturity is the definition and documentation of intelligence requirements. The number of organizations reporting a formal method for gathering necessities accelerated 13% from previous year, to almost 44% in 2020. This makes the intelligence process more efficient, effective and measurable keys to long-term success.

When asked which inhibitors have been holding their organization back from enforcing CTI effectively, the highest response by 57% of respondents was a lack of trained workforce or lack of abilities wanted to completely utilize CTI, while 52% named a lack of time to enforce new processes, and 48% stated the issue was a lack of funding.
The report also looked at where CTI team members are drawn from inside the organization, the kinds of data used for intelligence gathering and the sources used for gathering that intelligence.

The 2020 SANS Cyber Threat Intelligence (CTI) Survey received 1006 responses from a wide-ranging crew of security experts from a number of organizations. There was good representation from small, medium and giant organizations and from throughout the globe, with 327 respondents coming from organizations headquartered in EMEA.

For a copy of the published results paper developed by SANS analyst and cyber intelligence expert, Robert M. Lee, please contact sleatherbarrow@sans.org.