Your Business Depends on It: Shared Threat Intelligence

If you’re a board member or corporate executive, chances are you haven’t ascended to that position by magnanimously sharing confidential information with competitors. In fact, you likely do everything possible to ensure your trade secrets are guarded and protected like the crown jewels.

So it may seem incongruous that one of the most important steps you can take in protecting your organization against cyberattacks is to participate as part of an industry group that proactively shares information about threats and attacks.

Yet, that is undeniably the trend in cybersecurity—particularly as attacks have become more sophisticated, technology has become easier to acquire and funding from nation states and organized crime has made the threat landscape more complex and dangerous.

The reality is that attackers often use the same tools and techniques across different companies within the same industry. If you know in advance how they work, you have a better chance of stopping them before they can do harm and disrupt business operations.

A New Way of Thinking

The question is, how do you go about sharing and how do you ensure trust within your industry. One of the big concerns for business leaders is that competitors will use information about attacks as a weapon to sow doubt about the organization’s capabilities and commitment to data protection and cybersecurity.

Today’s new reality, however, makes that line of thinking a relic of the past. Cybersecurity leaders understand that everyone is vulnerable and, when it comes to protection, there is strength in numbers.

Even within the cybersecurity industry itself, where trade secrets are closely guarded, many of the leading vendors formally share threat information through the Cyber Threat Alliance (CTA). If your cybersecurity vendor is a member of the CTA, your organization already reaps the benefits of shared threat intelligence.

As just one example, in May one of the members publicly exposed a new malware threat that targeted at least a half million devices worldwide.

The vendor was able to share threat indicators and defensive measures with members and brief them on how to prevent the threat from spreading. As a result, the attack was never deployed, and cybersecurity firms coordinated with law enforcement to be hyper-vigilant in looking for indications that the attackers may try to re-surface somewhere else.

The early warning and coordinated response is a force multiplier. As organizations experience the benefits of sharing threat intelligence, they are more likely to cooperate and coordinate in the future. As noted by CTA:

Early sharing and CTA’s response has increased willingness of CTA members to share information on significant malicious cyber activity with each other before the release of details publicly. These disruption activities seek to prevent actors from succeeding in their goals and increase the costs of their malicious cyber activities. By coordinating ahead of release on significant issues, CTA members leverage their data analysis and cybersecurity products to expose the activity, prevent additional harm, and mitigate any of the activity’s effects as early as possible. 

Sharing Within Your Own Community

Working with cybersecurity vendors that share threat intelligence is one step your organization can take. But it is also important to share intelligence within your own industry.

Doing so will not only help your organization mitigate the impact and potential of attacks; it will also promote trust and goodwill across your entire industry. If you are in financial services, for example, and a leading bank were to suffer a highly publicized breach, it can erode trust across the entire industry, making customers wary about using mobile apps, sharing personal data or using other online services.

Most industries now have Information Sharing and Analysis Centers (ISACs).  ISACs are trusted entities established by critical infrastructure owners and operators to foster information sharing and best practices about physical and cyber threats and mitigation. As noted by the National Council of ISACs:

ISACs help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. Most ISACs have 24/7 threat warning and incident reporting capabilities, and may also set the threat level for their sectors. And many ISACs have a track record of responding to and sharing actionable and relevant information more quickly than government partners. 

Business Benefits of Shared Threat Intelligence 

The business case for sharing threat intelligence is compelling. Critical business benefits include:

  • Reduce Risk: By sharing threat intelligence and taking advantage of shared threat intelligence within your industry and/or among cybersecurity vendors, you organization can significantly reduce the risk of a successful attack.
  • Lower Costs: Early warnings can give your cybersecurity teams the ability to use the right tools and save significant time in looking for root causes of attacks. The costs of reacting to a successful attack can be crippling, so by reducing risk you are also significantly reducing exposure to these potential expenditures.
  • Use Personnel More Strategically: The cybersecurity industry is facing a shortage of trained security personnel that is expected to reach 1.8 billion by 2022. Shared threat intelligence helps your organization use your resources more strategically and enables your teams to be more automated and quick to respond.
  • Support Modern Business Initiatives: Every organization in every industry is looking at initiatives such as digital transformation and big data analytics as critical to their future success and survival. Cybersecurity has become an enabling technology for these initiatives. By reducing risk in your organization, business leaders, developers, employees and partners can all feel more confident. By reducing risk in your industry, customers can be much safer in sharing data and using modern online mobile applications.

Conclusion

Some of the leading ISACs have thousands of members sharing threat intelligence and working together to protect the reputation and goodwill of their industries and member companies. Each of these members has had to take that first step and place their trust in companies that may be arch competitors.

The fact that ISACs have been around since the end of the last decade and have grown constantly and consistently, should tell you that the trust that members have placed in them has not been misguided. Likewise, the CTA has been around since 2014 and its membership and influence have continued to expand significantly.

We are at a time in the evolution of digital technology and cybersecurity when our adversaries are becoming more coordinated and sophisticated. The more we can do to find strength in numbers and share threat intelligence, the more successful we can be in thwarting their efforts and protecting our way of life moving forward in the digital age. For board members and business leaders, this is an important time to provide leadership and oversight.

share: