Survey Reveals Critical Trends in Geopolitical Impact, AI Adoption, and Threat Hunting within Cyber Threat Intelligence Teams
SANS Institute, has published the 2024 Cyber Threat Intelligence (CTI) Survey, authored by renowned cybersecurity experts, SANS Certified Instructor Rebekah Brown and SANS Instructor Candidate Andreas Sfakianakis. With a dramatic rise in covert activities, cloud breaches, and AI-driven attacks, the insights from this survey are vital for CISOs, CIOs, and security professionals looking to stay ahead of adversaries. Understanding the latest trends and preparing for emerging threats can help organizations protect their digital assets and maintain trust with customers and stakeholders.
As cyber threats continue to evolve in complexity and sophistication, this year’s survey highlights pivotal insights that are essential for organizations aiming to bolster their defenses with groundbreaking insights into the evolving threat landscape, with a focus on the significant influence of geopolitical events, the burgeoning role of artificial intelligence, and the emerging dominance of threat hunting within CTI teams.
Geopolitical and Regulatory Influences
Geopolitics and new regulations are profoundly shaping Cyber Threat Intelligence team activities. “The increasing frequency and complexity of global conflicts have made it essential for CTI teams to broaden their focus beyond internal issues,” said Brown. “Our survey shows that 77.5% of respondents recognize the significant impact of geopolitics on their intelligence requirements, highlighting the need for adaptive and informed responses to external threats.” Additionally, 74% of respondents emphasize the importance of adapting to new regulations, underscoring the necessity for CTI teams to stay compliant with evolving legal landscapes.
Rise of Threat Hunting
For the first time, threat hunting has emerged as the top use case for Cyber Threat Intelligence. This proactive approach to detecting unidentified threats has seen substantial reliance on the MITRE ATT&CK framework, with over 95% of respondents utilizing it for categorizing and communicating tactics, techniques, and procedures (TTPs). “The prominence of threat hunting reflects a strategic shift in how organizations are leveraging CTI,” Sfakianakis noted. “This approach not only enhances detection capabilities but also strengthens overall security posture.”
Impact of Artificial Intelligence
AI is making significant inroads in Cyber Threat Intelligence, with nearly one-quarter of respondents already leveraging AI in their programs and another 38% planning to adopt it. “Artificial intelligence is becoming a crucial tool for CTI teams, helping analysts prioritize and process vast amounts of information through advanced scoring and summarization techniques,” said Brown. However, she also highlighted the growing concern about the adversarial use of AI, stressing the importance of preparing for AI-driven threats.
Integration via Threat Intelligence Platforms (TIPs)
The survey highlights the critical role of Threat Intelligence Platforms (TIPs) in integrating Cyber Threat Intelligence into the security stack. A notable 58% of participants reported incorporating CTI into their detection and response controls through TIPs’ built-in integration capabilities. “The mature state of TIPs demonstrates their effectiveness in disseminating threat intelligence across security tools, enhancing the overall efficiency of Cyber Threat Intelligence programs,” Sfakianakis explained.
Cyber Threat Intelligence in Vulnerability Management
The role of CTI in vulnerability management has seen a significant increase, with 66% of respondents now using Cyber Threat Intelligence to pinpoint actively exploited vulnerabilities. This marks a rise from 54% in 2017, demonstrating CTI’s pivotal role in prioritizing patches and supporting vulnerability remediation efforts. “Our findings highlight the growing reliance on CTI for operational purposes in vulnerability management, with 83% of respondents considering it essential for identifying and addressing critical vulnerabilities,” Brown stated.
