David Monnier is Chief Evangelist and Fellow at Team Cymru and host of Future of Threat Intelligence Podcast.
Globally, the average cost of a data breach reached $4.88 million in 2024. Yet many organizations still struggle to use threat intelligence in a way that meaningfully improves their cybersecurity strategies.
Cybersecurity is now a board-level discussion, but many organizations haven’t unlocked its full potential to unburden the business—and empower it to pursue new markets and drive profits.
One major barrier is the inability of security teams to see threats and prioritize risks before they impact operations. Similarly to how the military conducts reconnaissance missions, gaining visibility into adversary actions before an attack offers a tangible strategic advantage.
What’s Missing From Current Threat Programs
External threat hunting—or threat reconnaissance—is a relatively underused method that security teams can apply to increase effectiveness against cyber and ransomware attacks. It allows for proactive action against the risks that are most likely to affect the business. However, according to recent research my firm released in its Voice of a Threat Hunter Report 2024, only 42% of organizations say their threat hunting is very integrated with other security functions to support enterprise-wide outcomes. Without an effective external threat hunting program, security teams risk breaches, financial losses and reputational damage to senior leadership, among other consequences.
Here’s why cybersecurity leaders should prioritize integrating threat intelligence into external threat hunting—to strengthen reconnaissance capabilities and reduce breach risk.
Better Threat Hunting With Better Threat Intelligence
Platforms that issue threat alerts can send security teams on wild goose chases when the alerts aren’t relevant to their specific organization, industry or threat landscape. Security practitioners need actionable intelligence that clarifies adversary tactics, techniques and procedures (TTPs) in order to build real-time, informed defenses. By shifting from reactive response to proactive prevention, security teams can stay ahead of threats. Better external threat intelligence data also improves decision making, prioritization and resource allocation.
With the right intelligence, training and tools, threat hunting can evolve beyond organizational borders. Teams can create external threat reconnaissance programs with visibility into global internet infrastructure, identifying threats before they reach the perimeter or impact third-party environments. That requires threat intelligence that is both relevant and real time. Generalized intelligence or outdated reports can overwhelm analysts and increase the risk of missing real threats. Intelligence that is timely and tailored to the organization’s environment enables teams to spot threats before they manifest.
Improving Threat Hunting Integration In Your Organization
The most successful cybersecurity teams integrate threat intelligence into daily operations. But our research found that 58% of organizations are not doing so, increasing both inefficiencies and potential for breaches. Here’s how to start improving integration today.
Investing In Tools
Threat intelligence must integrate seamlessly with existing security platforms, processes and workflows. The security professionals we surveyed in our report credit the effectiveness of their threat hunting program to the tools they use today, such as endpoint detection and response (EDR). Security information and event management (SIEM) systems can help with real-time analysis as well. And security orchestration, automation and response (SOAR) platforms can automatically respond to specific threats using that intelligence.
According to Gartner Research, by 2026, only 20% of companies will have more than 95% visibility of all their assets. Tools that provide external visibility—monitoring changes outside the IT environment and identifying malicious communications and infrastructure—enable more proactive threat hunting and vulnerability detection. Organizations with effective programs often cite access to baseline data that defines what “normal” looks like on the host and network.
Investing in automation can also improve threat reconnaissance capabilities and lead to faster response times, better contextual alerts and reduced manual work for analysts. Involving the team in technology decisions helps ensure the most relevant tools are selected.
Training And Employee Development
Building threat hunting into your security strategy requires trained, experienced team members. Security teams not only need more skilled individuals but also need to seek opportunities to grow their expertise through training and certification. Upskilling threat hunting capabilities is a practical way to strengthen the team and improve overall effectiveness.
With ISACA reporting that 59% of security leaders say their teams are understaffed, internal training addresses talent shortages and makes the team more efficient. Providing employee development opportunities in areas like threat hunting can also attract new talent.
Real-Time Data Sharing
As noted earlier, threat intelligence must be timely and relevant to be of benefit to an organization. Still, Cybersixgill reported in its 2021 Threat Intelligence Survey that 94% of organizations rely on static reports, which may be outdated by the time they’re compiled.
Real-time data can include alerts about active phishing campaigns targeting your organization, new malware variant analyses or updated lists of malicious IPs and domains. Sector-specific groups such as information sharing and analysis centers (ISACs) can be valuable partners for real-time intelligence sharing.
Better Security With Threat Hunting Today
Threat hunting can significantly improve security team effectiveness and reduce the risk of cyber and ransomware attacks. But only by integrating actionable threat intelligence—and expanding external reconnaissance capabilities—can organizations enhance their overall security posture and stay ahead of today’s dynamic threat landscape.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
