Cybersecurity teams today face increasingly sophisticated attacks powered by artificial intelligence (AI), automation, and advanced persistent threats (APTs), making traditional reactive security measures insufficient. To effectively counter these evolving dangers, organisations must adopt a proactive approach that leverages threat intelligence (TI). By anticipating potential threats, detecting malicious activities early, and mitigating risks before they escalate, businesses can strengthen their defenses and maintain resilience in a rapidly changing environment. This shift from reactive to proactive security strategies is essential for staying ahead of cybercriminals and safeguarding critical assets.
In its recent study, Kaspersky surveyed IT professionals across industries and regions to understand how businesses use threat intelligence to bolster their defenses. The findings reveal that while an overwhelming majority (81%) of organisations in the Middle East, Turkiye, and Africa (META) region and 80% in South Africa, are satisfied with their available threat intelligence, there is still significant room for improvement – particularly in integration, speed, and relevance.
The critical role of threat intelligence
Threat intelligence goes beyond data collection, it provides actionable insights into adversary tactics, techniques and procedures (TTPs). By studying attacker behaviour, security teams can detect threats earlier, refine defensive strategies and respond more effectively both during and after incidents. The study highlights that 37% of companies in the META region and 35% in South Africa rely on specialised TI vendors for curated intelligence, while close to a third (31% and 28% respectively) engage in threat data exchanges with other organisations. Another 30% in the META region and 35% in South Africa gather intelligence from open sources, demonstrating the widespread recognition of TI’s value.
The importance of TI in cybersecurity cannot be overstated, as it helps organisations stay ahead of evolving threats and adapt their defenses accordingly. It enables proactive risk management and enhances the ability to anticipate potential attacks before they occur. The most effective threat intelligence must be timely, reflecting the latest threats, a priority for 40% of respondents in the META region. It must also be actionable, seamlessly integrating into security workflows, which is a key concern for 40% of professionals in the META region. Additionally, 36% of respondents emphasised the need for better analysis, including prioritisation and de-duplication, to make intelligence truly usable in real-world scenarios.
Key areas for improvement
While most organisations already benefit from TI, experts have identified several areas where enhancements could make a substantial difference. The single most pressing need, cited by 24% of respondents in the META region, is easier integration into existing processes, which would allow threat intelligence to be more seamlessly incorporated into daily security operations. 12% highlighted the importance of better analysis to improve accessibility, meaning that intelligence should be easier to interpret and act upon for security teams. Meanwhile, 8% called for more robust comparative threat analysis across different systems, enabling organisations to better understand the context and relationships between various threats. Speed is another critical factor, with 12% emphasising the need for faster intelligence delivery to ensure timely responses to emerging threats.
Beyond these integration and usability concerns, professionals also prioritise quality and accuracy. 32% surveyed in the META region stress the importance of high-quality intelligence, which is precise, relevant, and reliable, to avoid false positives and missed threats. Additionally, 32% seek more comprehensive coverage to ensure no critical threats slip through the cracks, emphasising the need for a broader scope of intelligence sources and insights to maintain a strong security posture.
Navigating today’s threat landscape demands reliable, expert-curated intelligence. While many organisations recognise its value and are satisfied with their current capabilities, they are searching for significant opportunities for improvement – particularly in areas such as integration, speed, and relevance. By investing in these key areas, organisations can enhance their ability to respond swiftly and accurately to emerging threats, ultimately reducing risk and strengthening their security posture. Partnering with trusted providers like Kaspersky, which offers expert-curated insights and real-time intelligence, empowers businesses to navigate today’s challenging threat landscape with confidence.
To enable your InfoSec professionals to gain in-depth visibility into cyber threats targeting your organisation, use Kaspersky Threat Intelligence, which provides rich and meaningful context across the entire incident management cycle and helps identify cyber risks in a timely manner.
