How to Assess Your Threat Intelligence Maturity

Good Threat Intelligence Takes Introspection

Imperfect information, the fog of war, hypocognition — whatever you want to call it, the problem of incomplete knowledge plagues security professionals of every stripe. Cyber threats in particular continue to grow more pernicious, with attacks that seem to come without warning, are difficult to attribute, and sometimes cause devastating damage.

The goal of threat intelligence is to provide external knowledge and context that helps keep you safe from these cyberattacks. But the effective application of threat intelligence also takes a good deal of introspection. Before focusing on getting a hold of intelligence that you can take action on, it’s necessary to understand your organization’s goals, resources, and capabilities.

Developing the right level of self-awareness is hard, though, especially when it comes to measuring your own ability to deal with ambiguous risks. Mastering the basics of threat intelligence sometimes leads organizations to believe that they’re prepared for bigger threats, too — an often erroneous assumption that can lead to catastrophe.

Managing Ambiguous Risks

An in-depth study by the Harvard Business Review found that some of the most damaging events came out of circumstances where the warning signs were ambiguous and their potential for harm was unclear. In those cases, and across many fields, managers often adopted a more conservative approach to remediation.

In other words, they didn’t do enough.

Whether through confirmation bias or overconfidence, it’s common for organizations that do not have a well-thought-out emergency response plan to fail to appropriately judge the severity of threats.

According to that same study, organizations that successfully navigate ambiguous threats “do not improvise during a recovery window; rather, they rigorously apply a set of detection and response capabilities that they have developed and practiced beforehand.”

Preparedness shouldn’t be taken as a synonym for rigidity, however. It’s actually often the case that organizations respond most rigidly to threats when they don’t have enough data and practice. “In the face of vague evidence,” it’s noted in the study, “we often escalate our commitment to existing courses of action, particularly when we have invested considerable time and money to them.”

Grading Your Threat Intelligence Capabilities

That’s why it’s so important to determine ahead of time how effectively your organization is using its threat intelligence — the more you are able to leverage your intelligence into effective action, the more flexibly and swiftly your team will be able to head off and respond to real threats when they happen. Recorded Future customers, for example, are able to identify threats 10 times faster using real-time threat intelligence.

We’ve developed a threat intelligence grader to tell you exactly how you’re doing. Whether you’re just starting to integrate threat intelligence into your organization’s cybersecurity efforts or you’ve already got an advanced program in place, it should help you determine what your strengths are and what areas you need to focus on. We ask questions like:

• Who in your organization is consuming threat intelligence?
• How does your organization collect technical, open web, and dark web sources?
• How is your organization generating finished threat intelligence reports?

The assessment is quick, but both the final score and the questions themselves will help you more critically examine the parameters we mentioned above — your organization’s goals, its resources, and its capabilities.

To evaluate the maturity of your organization’s threat intelligence, try our Grader today.