Sharing, Compared Part 2: Where Do We Share?
In part 2 of this series, discover where practitioners share during CTI collaboration - from peer to peer trust groups to paid memberships.
BLUF
- 1-to-1 and Peer-to-Peer Trust Groups significantly outpaced other methods in perceived quality, positive results, and how produced intelligence is shared.
- In-person Industry Events witnessed a resurgence post-COVID, with an equal growing desire for budget allocation and approval to attend events among respondents.
- Social Media and Public Forums dropped as Twitter, one of the longstanding homes for breaking research and news, experienced mass exodus; no platform has since effectively replaced this channel.
Background
This is part 2 in a multi-part series based on the CTI Networking Report 2024, the sequel to my inaugural study from 2022. Check out Part 1 for more context around this research.
Part 2 covers the execution of CTI networking: where individuals network. We examine the amount of participation in, sentiment around, and results from different methods.
Goal: Unlock 1-to-1 and P2P
Similar to the previous survey, we found that best methods are free, ad-hoc, and based on personal reputation. As a result, they are also least accessible, more dependent on individual efforts, and less tied to organizational buy-in or support.
1-to-1 moved into top place, while the rankings of other methods roughly stayed the same. The percentage of participation in Peer-to-Peer Trust Groups dropped slightly (-7%) and Social Media & Public Forums more drastically (-15%) from the previous survey. In contrast to 2022 when the top 3 methods ranked far above the rest by a gap of 20%+, this year observed a more even spread.
Survey responses demonstrated that respondents strongly prefer 1-to-1 Direct Messaging and Peer-to-Peer Trust Groups. While participation across methods is not exclusive, this data suggests that engaging in Paid Membership Groups, Events, Volunteer Groups and Social Media & Public Forums are complementary, helping to provide highly desired initial connections that subsequently unlock the two top valued methods.
"CTI Networking has been able to contribute to high visibility situations such as MOVEit Exploitation, 3CX compromise. [H]aving established groups... provided timely ability to look in our environment before it came down from Leadership for our team to look into it. It is better to have the answers before they even ask.”
Events Up, Social Media Down
Despite Events lagging behind Social Media by 20%+ in the previous survey, the two are now tied for 3rd place at 69% participation. This convergence is due to factors outside of cybersecurity.
Return of Events. With the easing of COVID and in-person meetings resuming, Industry Events showed directional boosts across participation level, perceived quality, and positive results. Several open-ended responses specifically cited a desire for budget and approval to attend events (“budget to go to events”, “budget to attend conferences or local events”, “$$ from the company to attend conferences”). Teams, take note.
Social Media Scandal. Once-stable spaces for news and discussion were upended with the 1) temporary flocking to upstarts like Mastodon, Bluesky, and Clubhouse, and 2) fleeing from ‘X’ formerly known and beloved as Twitter, for both personal and pricing-related reasons. Consistent with the previous survey, Social Media indexed highest on timeliness while also the lowest in confidence. Also consistent with previous results was the finding that Social Media over-indexed on observed results, placing 3rd across helping to detect/prevent, providing value during, and contributing to remediation or post-incident analysis after an attack.
Where the Cool Kids Are
Those with 10+ years of CTI-specific experience reported 100% participation in 1-to-1 DMs and skewed higher towards P2P Groups, Volunteer Groups, and Industry Events. Given that “access” and being able to find meaningful peers and mentors was a highly cited desire, it’s worth noting where these professionals value spending their time and effort.
Breakout by Perception and Results
| Largest Positive Shifts | Largest Negative Shifts |
|---|---|
| (Compared to 2022) | (Compared to 2022) |
| Volunteer Group Timeliness: +14% | Dark Web Actionability: -32% |
| 1-to-1 DMs Uniqueness: +13% | Paid Groups Confidence: -16% |
| Industry Events Actionability: +11% | Dark Web Value: -11% |
| Largest Positive Shifts | Largest Negative Shifts |
|---|---|
| (Compared to 2022) | (Compared to 2022) |
| P2P, Value During: +12% | Dark Web, Value During: -10% |
| 1-to-1, Shared Resources: +12% | Paid Groups, Remediation: -10% |
"A partner provided insight into a current investigation based on the telemetry they had visibility to. The telemetry allowed us to better respond to the event and remediate the adversary in-house vs outsourcing... Potentially saving the organization $100ks in fees and lost productivity.”
Where Intelligence Gets Shared
Give > Get. Compared to levels of overall participation in methods, respondents tended to disproportionately contribute in Volunteer Groups & Coalitions.
Get > Give. On the flip side, respondents tended to disproportionately under-contributed to Social Media & Public Forums and Industry Events. This is expected given the nature of “lurking”, “following”, and “attending” for these methods.
Conclusion
The landscape of CTI networking has evolved significantly since the initial survey, with a continued emphasis on personal interactions and trust-based networks. The resurgence of in-person events and the volatility of social media underscore the dynamic nature of networking preferences and external influences on the CTI space. Moving forward, prioritizing investments in a diversity of methods that can feed into meaningful 1-to-1 networking and peer trust groups is essential for fostering connections and driving positive outcomes in CTI networking endeavors.