"Look for the trophies that they (attackers) would be interested in and organize your defenses around that," Chip Tsantes, a principal in EY's cybersecurity practice, told CSOonline Friday.
Tsantes finds that the digital assets being targeted within an organization often do not correlate with where organizations are spending their money.
Gathering and sharing intelligence on cyberattackers threatening data, networks and business processes is an emerging information security discipline.
A recent survey of security decision-makers found that three quarters of them rated establishing or improving threat intelligence as a top priority for their organizations, according to Forrester Research.
In addition, a recent Ponemon Institute report found that enterprises could reduce annual costs associated with cyber-attacks by 40 percent, if they had intelligence they could use to bolster defenses.
The need for improve cybersecurity is well established. Forrester Research found that 45 percent of respondents had experienced a breach at least once in the last 12 months.
EY found that 31 percent of the participants in its survey had seen at least a 5 percent increase in the number of security incidents in their organizations in the same timeframe.
Sign up for CIO Asia eNewsletters.