Understanding The Challenges Of Cybersecurity Threat Readiness

Forbes

30-06-2025

Alex Lanstein is the CTO of StrikeReady, pioneering unified AI-powered Security Command Center solutions for Security Operations Centers.
The importance of keeping an organization's data safe can't be overstated. According to Thomson Reuters, just one data breach can cost a company millions—with no sign of that cost decreasing. Effective threat readiness helps reduce the risk of falling victim to cybercriminals and paying a staggering sums to address the damage. But before security operations center (SOC) analysts can prevent attacks, organizations must first understand the core challenges to becoming truly threat-ready.
Common Threat Readiness Challenges
Threat readiness means being able to identify, prepare for and respond to cybersecurity threats. While all organizations should be concerned, there's no one-size-fits-all approach to staying secure. It's critical to develop methodologies tailored to each organization's specific needs and security landscape.
The first challenge in becoming threat-ready is identifying which threats matter the most. It's unrealistic to try to combat every attacker, every time. An intel-driven approach can help focus resources on high-priority threats—but leaders need to determine which ones are worth the focus.
Simulation scenarios must be relevant to a company's sector and geography. Threat actors often target based on industry, region or past vulnerability. For instance, an attacker focused solely on Sri Lanka, Bangladesh and Pakistan is likely irrelevant to a Texas-based tax software company.
SOC teams should also track which threat groups have targeted them in the past. Getting breached once is forgivable—but being breached twice by the same actor can have serious professional consequences.
By building profiles of likely attackers, cybersecurity teams can define the relevant actors, tactics and motivations, then design defenses that address them. While it may feel safer to respond to every threat, doing so wastes time and resources. Unless your organization has infinite budget, it's better to focus than overreact.
'Plumbing' refers to the behind-the-scenes effort of filtering, applying and managing security data effectively. SOCs are innundated with information—thousands of indicators, alerts and threat group signatures. Without good plumbing, teams can drown in a flood of false positives or irrelevant data.
Improper filtering can not only trigger irrelevant alerts, it can also cause outages in network or endpoint infrastructure—potentially obscuring real threats amid the noise.
Blocking threats is a central goal, but automating this action introduces risk. Automatically blocking infrastructure based on threat intelligence may inadvertently disrupt employee access to legitimate applications.
For example, some threat actors use trusted services—like obscure file-sharing platforms or even Google Calendar—for command and control. APT41 has used this exact tactic. If you block infrastructure flagged in threat intel without vetting, the outages you cause could be worse than the threats themselves.
Confidentiality is a cornerstone of effective threat readiness—but it's harder to maintain when integrating AI into workflows. AI can help analysts manage large volumes of data, but feeding sensitive information into third-party systems raises privacy concerns.
Organizations should be cautious when uploading alert data into AI platforms like OpenAI or Google Gemini. These companies have legitimate access to user input, and while their analysts are skilled professionals, they openly publish threat intel on their public blogs—indicating that customer data may be actively reviewed.
When a data breach is suspected, especially in regulated industries, SOCs must act quickly—while also following strict protocols. Investigations need to be trackable and auditable to ensure clarity later.
If an analyst investigates a breach involving a senior executive, they must document every step. Without clear records, actions like pulling files or accessing email accounts can raise internal or legal concerns and may reduce trust in future automation.
Getting Ahead Of The Threat Curve
Navigating threat readiness challenges requires a strategic blend of human expertise, actionable intelligence and smart automation. Rather than adopting generic security frameworks, companies should build comprehensive, adaptable programs that reflect their unique threat landscape and operational priorities.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?