Singapore organisations struggle to operationalise threat intelligence

Organisations in Singapore were satisfied with the quality of their threat intelligence, but many struggled to operationalise the information in their efforts to fend off cyber attacks.

That was one of the key findings of a global study commissioned by Mandiant, which found that 96% of senior Singapore IT and cyber security leaders were either satisfied or very satisfied with the quality of their threat intelligence.

“Singapore organisations felt that their intelligence feeds were good, but 85% of them felt that decisions were being made without insights on actors that were targeting their organisations,” said Steve Ledzian, Mandiant’s chief technology officer in Asia-Pacific and Japan.

In addition, 70% of Singapore respondents felt their threat intelligence could be put to better use. They also faced operational roadblocks, such as disseminating threat intelligence to stakeholders who might not share the same sentiment towards cyber security.

According to the study, which was conducted by Vanson Bourne, a market research firm, 76% of Singapore respondents felt that their senior leadership team had underestimated the threat of cyber attacks and continued to maintain a “it won’t happen to us” mentality.

This comes at a time when Asia-Pacific saw more cyber attacks than any other region over the past year, with 39% of organisations reporting a significant security breach, compared with 23% in North America and 32% in Europe, Middle East and Africa.

In Singapore, 60% of Singapore respondents reported that they had suffered a severe breach over the past 12 months.

Out of the factors that could limit a successful cyber programme, the lack of integration with other security tools posed the greatest challenge to organisations in Singapore at 49%, followed closely by talent shortage at 47%.

“There’s a talent gap in all cyber specialisations, including threat intelligence, and having the right people who are experienced to be able to process that information is a challenge,” Ledzian said. “Another challenge we see in security operation centres is the influx of alerts and data which organisations are trying to manage.”

There were also challenges associated with trying to secure all of an organisation’s digital assets. “Cyber security can be a very large and unbounded problem, but most organisations don’t have unbounded resources and that means they need to focus on what matters most. Sometimes, that’s a hard pill for them to swallow because they feel like something is left unaddressed.

“But the reality is that if you do an even peanut butter spread of your security resources, you’re not paying attention to what matters most and you’re not using informed decisions to do proper prioritisation,” Ledzian said.

When it came to security threats, 7% of Singapore organisations were primarily concerned about threats posed by rogue nation-states. Compared to threats posed by hacktivists and financially motivated attacks, fewer Singapore companies felt fully prepared to combat an espionage-style attack by a rogue nation.

Out of the countries deemed likely to perform espionage-style activities, Russia topped the list of concern for Singapore companies, with 54% of respondents feeling less likely to be able to defend themselves from an attack by Russian operatives. This was followed by China at 49%.

Ledzian said it was important for organisations to understand specific threats targeted at them and their industry.

“One of the ways we help our clients is to do a cyber threat profile,” he said. “It’s an exercise where we sit down with a client to understand the technologies they have, their crown jewel digital assets and who the actors are, informed by threat intelligence. That serves as a map for organisations to prioritise their cyber resources, which can lead to better outcomes.”