Click for more special coverage
Now that we’ve reached October and Cybersecurity Awareness Month, it’s always a good opportunity to raise broad awareness and take stock of what’s working and where we have gaps in our security processes and thinking.
We can all agree that sharing timely information on cyber threats can help us all prepare better defenses. In fact, 25 years ago a Presidential Directive asked each critical infrastructure sector to establish sector-specific organizations to share information about threats and vulnerabilities. From this, multiple Information Sharing and Analysis Centers (ISACs) were formed covering financial services, healthcare, energy, aviation, automotive, education, public safety, and many other sectors. This model has also spread internationally with other Information Sharing and Analysis Organizations (ISAOs), and government Computer Emergency Response Teams (CERTs).
As a security vendor, we wholeheartedly support the ISAC mission and have built the systems that most ISACs use to manage and share threat intelligence with their members. Yet despite these efforts, there still are far too many examples of critical security information not effectively shared across security silos or acted upon quickly. If it takes days or weeks to act on clear threat indicators, it’s often too late to prevent costly and painful damage.
The problem has not been a lack of desire to extend intelligence sharing, but there are often real or perceived obstacles that often limit its reach or effectiveness. As we think about security awareness, it’s time to overcome these obstacles that are limiting collective defense. Here are a few examples of misperceptions or myths that hold us back:
- Sharing intel is too difficult. This was once true, and while too many organizations still depend on spreadsheets and email to share information, there are now lots of better tools available for teams to automate sharing based on threat levels, roles, and context.
- Sharing only works in one direction. Not true. Many ISACs offer or can automate bidirectional threat sharing, yet fewer than about 10% of members do this. The benefits of sharing threat intel back to an ISAC are often indirect, but can clearly raise security for the entire sector.
- Intel sharing causes privacy risks. Not if it’s done carefully. It’s not hard to anonymize any sensitive source information, while still sharing details about emerging threats.
- Legal teams won’t allow it. With proper collaboration tools, security teams can segregate and not share sensitive information, while broader threat intel should be shareable.
Sharing isn't universally beneficial. It's crucial to understand that indiscriminate sharing without proper context can lead to confusion, panic, or unnecessary actions. We require accurate, relevant, and timely threat intelligence. If we're sharing information that's out-of-date, not pertinent to the recipient, or just plain incorrect, we're not helping anyone. We're merely adding to the noise. Here’s where the significance of quality over quantity becomes paramount in threat intelligence sharing.
What's the solution moving forward? We need continuous collaboration and communication between industries, vendors, and government agencies. Just as cybersecurity threats continue to evolve, so too should our methods of communication and collaboration. We must move from simple information sharing to genuine integration, creating unified fronts against cyber threats. By fostering an environment of cooperation, supported by cutting-edge technology solutions, we can break down these barriers and make every month a cybersecurity awareness month. It’s time to shift our thinking from being individually secure to collectively secure, for the greater digital good of all.
Jason Keirstead, vice president, collective threat defense, Cyware
