Introduction Cyber threat intelligence: bringing clarity or adding confusion? Lhe mYrcet offerk mYfy \iffereft \ekcrihtiofk of cyber threYt ifteddi_efce ;LA!$ Yf\ moktdy theke comhrike of \iffereft tyhek of ifformYtiof fee\k thYt Yre fot fecekkYridy Ydi_fe\ to Yfy hYrticmdYr or_YfirYtiof or if\mktry& 9t itk heYrt$ Yfy kort of threYt ifteddi_efce ik kimhdy Ykkekke\ ifformYtiof$ Yf\ cYf ofdy be mf\erktoo\ if the coftept oithif ohich it ik creYte\ Yf\ the hrohoke\ hmrhoke of itk mke& Lhe hmrhoke ik mkmYddy to ifcreYke YoYrefekk of \eÔfe\ kitmYtiofk Yf\ efnirofmeftk Yf\ to Yi\ if \ecikiof% 36% mYcif_$ Yt either Yf oherYtiofYd$ tYcticYd or ktrYte_ic dened& of ?ISS 2016 respondents say it is Therefore, it is necessary for organizations to understand how threat intelligence can increase unlikely they would be able to detect a sophisticated attack your understanding of relevant situations, and which decisions it can contribute to. Without this thinking and framing of purpose, organizations will not know which questions to ask of all the available information whether internally or epternally sourced! to reÕne the collection of information and help direct the analysis, nor how to incorporate the intelligence in decision-making processes. For cybersecurity, much of this thinking and prioritization is incorporated into systems that are programmed to collect and monitor information, but the human analysis component remains crucial. In general, organizations do not yet fully understand what to ask of CTI, or how to understand the different “levels.” For more operational roles, e.g., those associated with a security operations center (SOC), CTI will be very technical and closely related to vulnerability information; while to the CEO, “cyber threat intelligence” may equate exclusively to headlines or reports they receive on various cyber events, which may not help them understand how they could be relevant to their organization. From EY’s point of view, this lack of understanding and/or the limited application currently associated with CTI means that many organizations are missing out on one of the most powerful opportunities of the digital age — the chance to get ahead of the cyber criminal. A robust CTI program can shed light on a multitude of strategic business concerns and risks, while providing highly technical actions, countermeasures, and metrics to the cybersecurity program at large. It can potentially provide answers to questions like: Results shown in this report are What are the most signiÕcant threats facing our organization? based on Õndings from EY’s ?lobal • Information Security Survey 2015 — What assets are (potentially) being targeted, and by whom? ey.com/giss2015 • How can our organization protect against these cyber threats? • How can our organization use intelligence to augment and improve our security and • business operations? By building a CTI program, organizations are able to simultaneously mature existing cybersecurity processes and develop overarching insight into their speciÕc threat landscape. @oo \o yom Ôf\ the crimifYdk before they commit the cybercrime? — A close look at cyber threat intelligence | 1