Mar 10, 2021
Two-thirds (69% in META) of threat intelligence (TI) analysts are involved in professional communities, but 44% of all those working in IT and cybersecurity roles are not allowed to share threat intelligence artifacts discovered through those communities.
This is among the findings from a new Kaspersky report, “Managing your IT security team”.
The research found that respondents with TI analysis responsibilities, in particular, are likely to participate in specialised forums and blogs (48%), dark web forums (32%) or social media groups (28%).
But when it comes to sharing their own findings, only 49% of respondents have actually made their discoveries public.
Conversely, in companies where external sharing is allowed, 81% of security analysts did so. In 8% of cases, security analysts even shared TI findings despite it being prohibited by the organisation they work at.
The Russian anti-malware vendor compiled its latest report,
Managing Your IT Security Team, from interviews with over 5200 IT business decision-makers across 31 countries in June 2020.
It revealed that two-thirds (66%) of threat intelligence analysts participate in a professional community, in order to gain access to the most up-to-date and actionable information to help them protect their organization.
This includes subscriptions to vulnerability databases (61%), taking part in professional forums and blogs (45%) and receiving threat intelligence from paid (42%) and free (33%) feeds.
However, employers are usually against these same analysts sharing their own intelligence with external communities. Over half (52%) claimed they do not allow such activity.