How can security leaders in smaller organizations stay informed about emerging threats if they don’t have access to formal threat intelligence feeds?

Security Strategy & Roadmap Threat Intelligence & Incident Response

1.6k views7 Comments

Sort by:

CISO16 days ago

Most strategic threat intelligence relevant to planning is published for free by most threat intelligence shops, you don't need feeds for this. You might want to ask someone to compile you relevant things once a quartner/annually.

Head, Software Engineering, Cloud and Digital Transformation18 days ago

One way is to subscribe to some of newsfeed such as:
https://www.infosecurity-magazine.com/
https://www.bleepingcomputer.com/
https://www.cisa.gov/news-events/cybersecurity-advisories

Microsoft has good blog site as well at https://www.microsoft.com/en-us/security/blog/ which has a section on Threat Intelligence and Security Insider.

Attend Black Hat conference if possible. Hope this helps.

Chief Information Security Officer18 days ago

There is an easy way to answer this question: Subscribe to CISA's threat advisory service (for free). Their threat analysis is world class and yet, remarkably easy to interpret. Link here: https://www.cisa.gov/news-events/cybersecurity-advisories?f%5B0%5D=advisory_type%3A94

Chief Information Security Officer21 days ago

When you run a startup, creativity is essential. AI is great for that. With the right prompt, it’s amazing how it can process information and deliver exactly what you need.

CISO21 days ago

Having worked in startups myself, I know the biggest challenge is a lack of bandwidth and the sheer number of distractions. Threat intelligence often becomes a “nice to have,” and I didn’t get to it as often as I would have liked. This is a perfect use case for a digital assistant that understands your environment, scans the news, and tells you only what you need to worry about. AI tools like Copilot are impressive, but finding real-world use cases that add value and make life easier can be challenging. A tool that provides a one-page overview every morning of just the things I care about, tailored to my environment, tools, and compliance obligations—would be extremely valuable. For example, if I need to know about changing laws in a country where I plan to do business, that kind of research assistant could really prove its worth.

Content you might like

Do you feel confident in your current process for taking inventory of all your org’s apps?

Completely confident21%

Mostly confident71%

Not quite confident6%

Not at all confident1%

View Results

When it comes to running phishing simulation campaigns. What is the best practice on how often they should be run and at what cadence should phishing simulation emails be sent out? Some organizations only run a campaign once per quarter sending out a simulated phishing email about once per week while other organizations run continuous campaigns sending out phishing simulations about once every 2 weeks. What are other organizations doing and what is the best practice?

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

Yes68%

No31%

What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

What are the challenges and best practices in implementing robust time-sensitive access controls and location-based risk assessments for secure remote work environments?