It’s a good idea to learn from others’ errors. But it’s challenging to accomplish when those “others” won’t admit to making errors.
Why is sharing intelligence important? Every day, cybercriminals discover new software flaws and attack methods. Experts in cyber security are constantly struggling to keep up. Peers who are willing to proactively share information, sometimes referred to as intelligence sharing, can increase our community’s resilience and ability to respond to threats.
Why Sharing Intelligence Is Important
Penetration testing, anyone? Cybersecurity experts do have tools at their disposal to be proactive. However, cybercriminals are highly motivated and frequently alter the game’s rules. Additionally, they frequently share their knowledge freely, allowing criminal communities to quickly adopt new tactics.
Because of this, the idea of information sharing has been welcomed by many in the sector. It’s a cybersecurity version of the adage “the more you know.” Sharing information improves everyone’s understanding of cyber threats (CTI).
According to Thomas Schreck, Chair of the Forum of Incident Response and Security Teams, and Trey Darley, Director of Standards Development at New Contexts, “Proactive information-sharing about attacks and defensive mitigations builds resilience across organisations participating within a given trust community, evolving herd immunity against attacks that others have seen within their own networks.”
However, there are issues with disclosing information to just anyone. Trust is necessary for sharing. Businesses are more likely to disclose information formally, covertly, with partners, and throughout the course of private conversations.
UBS, a multinational investment bank and provider of financial services with headquarters in Switzerland, collaborated with the Financial Services Information Sharing and Analysis Center (FS-ISAC) to create a series of cyber war simulations as an illustration of leadership in expanding a circle of trust. The goal of the combined threat intelligence activity was “to enhance the sector’s overall security posture and incident response.”
Without cooperation, there is no coordination across firms or industries when a threat is found, response times are slowed, and enterprises are typically unprepared.
How Information Sharing Operates
Some companies are hesitant to divulge cybersecurity knowledge. They can be concerned about potential legal repercussions, reprisals from the assailant, or jeopardising intellectual property. But during the last ten years, the practise has spread more widely. A number of intelligence companies have set up secure sites with daily threat updates and intelligence exchange, and forums have been formed to facilitate information sharing.
Although they aid in secrecy, these peer-to-peer networks “make it practically impossible to coordinate large-scale, industry-wide responses,” according to Nick Ismail in Information Age.
Crowdsourcing data for prospective peer review can significantly alter outcomes. The Automated Indicator Sharing (AIS) service provided by the Department of Homeland Security in the US allows for widespread dissemination of threat intelligence to both the public and private sectors. “Analyst-to-analyst sharing of threat and vulnerability information” is made possible by the Cyber Information Sharing and Collaboration Program.
Additionally taking part in a relationship for intelligence sharing is the Federal Bureau of Investigation. InfraGard is a nonprofit organisation that acts as a bridge between the FBI and the business world in order to combine government intelligence expertise with that of the corporate world.
The Defence Cyber Protection Partnership (DCPP) of the UK aims to increase cybersecurity cooperation between the public and private sectors and “the odds of a successful threat response.” As a result of a “shared desire for large-scale collaboration,” Information Sharing and Analysis Centers (ISACs), Information Sharing and Analysis Organizations (ISAOs), and other communities have emerged.
A specific industry’s ISAC might exist. For instance, the Retail Cyber Intelligence Sharing Center (R-CISC) has members the size of Target or Home Depot as well as smaller retail businesses.
The reasoning concludes that there is power in numbers. Ismail made the following statement: “Forward-looking firms understand that combining people, technology, resources, and intelligence will provide the groundwork for future cybersecurity.
Still, laggards persist.
Paul Kurtz, says that “CISOs don’t always grasp the benefits of information sharing.” He mentioned to DarkReading that information sharing enables everyone in that sector to see issues and take swifter action. He added that sharing is acceptable as long as no personally identifiable information is disclosed.
The most important point is that in order to spot suspicious activity, you need to be aware of what is happening in your IT infrastructure. If you don’t recognise when you’re being threatened, you can’t share in a proactive manner.