Is Cyber Threat Intelligence Worthless?
Matthew Rosenquist
CISO at Mercury Risk. - Formerly Intel Corp, Cybersecurity Strategist, Board Advisor, Keynote Speaker, 190k followers
I was recently asked “What do intelligence reports do?? They appear worthless!”
I found the question both funny and ironic.? Unfortunately, I had to gently deliver some uncomfortable news.
There is a fundamental difference between intelligence and the ability to apply it effectively to make better decisions.? Intelligence is the distillation and organization of data that is analyzed and assessed to draw meaningful conclusions.? These insights often highlight risks and opportunities, serving as a foundation for better decisions.
However, intelligence alone doesn’t guarantee action or success.? It takes someone with knowledge and experience to interpret these insights within a specific context, align them with goals, and uncover actionable strategies to address potential risks or opportunities. This process enables smarter decisions and often provides a competitive edge advantage.
Simply put: “Intelligence is useless without the wisdom to meaningfully apply it.”
In this case, the person dismissing threat intelligence as “worthless” failed to understand how to use it. Intelligence reports don’t necessarily dictate actions—they empower decision-makers with the information they need to act. The value lies not in the report itself, but in the expertise to leverage it.
Top 20 Women In Cybersecurity in Canada | Cybersecurity Consultant | Decision Strategy Manager | People Manager | Business Process Optimizer | Researcher | Academic | Educator
7 小时前?? Cyber intelligence often seem worthless due to the disconnect in implementation noted to result from a disconnect with DM. I’d emphasize partnership with leadership for decision making is key. A big bottleneck often overlooked, is the institutionalised HUMAN RISK. Cyber Intelligence applications often kick off a review of impacted Business segments, process, frameworks, standards etc. You’d find in many cases that the decision points are blocked from getting to leadership because staff in affected business segment are afraid to be perceived as incompetent or lacking in skillsets that led to the existence or proliferation of that vulnerability or their EGO gets the better of them. I believe better synergy, usefulness of cyber intelligence would be achieved if leadership take a more active role in governing risk posture and staff throughout the org. make the changes less about them. At the end of the day, the goal is to secure organizational assets ( which directly impact positive functioning of staff). Leave Ego and institutional politics out!!! Failure to to so invalidate all the good work done gathering the intelligence, disambiguating it and developing remediation strategies to help the organization be more resilient.
Threat Hunting & Intelligence | SocVel.com/quiz
2 天前Publisher, Community Builder, Speaker, Channel Ecosystem Developer with a focus on cybersecurity, AI and Digital Transformation. Subscribe to eChannelNews to learn more or follow me on LinkedIn.
2 天前I always wondered WHY the west publishes "intelligence" on cyber, war and more. The other side is probably delighted that they get this info delivered on a silver platter. Interesting how news media shares information about wars, weapons etc. Unless it's disinformation or maybe no one really cares anymore. In cyber I am sure the bad actors are digesting the information and intelligence before formulating their attack plans. New reverse meaning in keeping our enemies closer as they do not have to try - we help them keep close... Sadly the bad actors do not share their plans with us... hope I am wrong.
In my decade long journey being an intelligence analyst I have found intelligence is an enhancer but not valuable in a vacuum. I think the biggest issues center around the inability to align business goals to intelligence collection requirements. Too often we don't have the right mechanism to integrate data in long term strategies. The other issue is most intelligence analyst lack the ability to understand how that information is used by the customer. Too often intelligence analyst see themselves similar to a news reporter and that likely has to do with companies not knowing how to integrate those services into their own practices.