Enterprise organizations will increase spending, investing in areas like threat intelligence distribution, digital risk management, and security technology integration. Credit: Flamingo Images / Shutterstock In my last CSO article, I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research, the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies.Alas, most CTI programs are far from mature, but this may change over the next few years as most enterprise organizations bolster CTI program investment. Sixty-three percent of enterprises plan to increase CTI program spending “significantly” over the next 12 to 18 months, while another 34% plan to increase CTI program spending “somewhat.”Why all this spending? Because CTI can deliver technology and business benefits. The research reveals some of the biggest influences on CTI programs include the need to learn about threats to companies earmarked for M&A, the threat of individual hackers or cyber-adversary groups planning targeted attacks, and the need to learn about adversary tactics, techniques, and procedures (TTPs) so organizations can reinforce their security defenses. Why CISOs will spend more on threat intelligenceCISOs clearly believe that further investments in threat intelligence programs can mitigate cyber-risks while improving threat prevention and detection. Over the next 12 to 24 moths: Thirty percent of organizations will prioritize sharing threat intelligence reports more readily with internal groups. This is a step in the right direction as threat intelligence has value beyond the security operations center (SOC) for alert enrichment. CISOs can use CTI to prioritize investments and validate security controls, while business managers can balance digital transformation initiatives with more thorough risk management decisions. CTI dissemination and consumer feedback are key phases of a mature threat intelligence lifecycle.Twenty-seven percent of organizations will prioritize investing in digital risk protection (DRP) services. As organizations expand their digital footprints, they need a better understanding of the accompanying risks. DRP services provide this visibility by monitoring things like online data leakage, brand reputation, attack surface vulnerabilities, and deep/dark web chatter around attack planning.Twenty-seven percent of organizations will prioritize integration with other security technologies. Beyond endpoints, email, and network perimeters, CISOs want CTI integration with cloud security tools, security information and event management (SIEM) and extended detection and response (XDR) solutions, and security service edge (SSE) tools like secure web gateways and cloud access service brokers (CASBs). More integration equates to blocking more indicators of compromise (IoCs) and developing a more comprehensive threat-informed defense.Twenty-seven percent of organizations will prioritize acquiring a threat intelligence platform (TIP) for threat intelligence collection, processing, analysis, and sharing. Once the exclusive domain of the largest enterprises, TIPs are slowly moving down market. I anticipate a lot of this spending will end up with service providers like Flashpoint, Mandiant, Rapid7 (Intsights), Recorded Future, Reliaquest (Digital Shadows), SOCRadar, and ZeroFox. The big brands like Cisco, CrowdStrike, IBM, Microsoft, and Palo Alto Networks will also get a fair slice of the pie.Twenty-six percent of organizations will prioritize developing a more formal program. Organizations realize they can no longer skate by on some open-source threat intelligence feeds reviewed by part-time threat analysts. Rather, they need staffing and processes to execute a full CTI lifecycle. While CISOs get their internal houses in order, most will rely on service providers, like those mentioned above, to do much of the real work.As the famous Sun Tzu quote states: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Organizations with mature CTI programs know themselves, know the enemy, and then use this knowledge to optimize cyber-risk mitigation and security defenses. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe