The Future Belongs to Those Who Can Share it
“By using the computer for what it is good at – structured information sharing – and letting humans do what they do best more efficiently – finding signal in the noise and discussing what the right ‘questions’ are to ask of the data they are seeing – we create huge efficiencies for scarce resources and allow groups of companies to pool resources and talents to solve problems that are bigger than any one company alone.”
–George Johnson, Chief Security Officer at NC4
As the necessity for first-rate cybersecurity widens within the private, public, and governmental spheres, trust is leading the force for good. Organizations who share threat intelligence information know that there is strength in numbers, and that strong threat intelligence sharing is at the center of a successful cyber defense strategy.
But in spite of the proven benefits of threat information sharing, the existential challenge of acquiring and promoting human trust remains.
Legally speaking, information-sharing is a problematic topic for analysts, researchers, and lawyers who don’t want their organizations actively communicating with others, for a myriad of reasons. They tend not to want to share if they’ve witnessed an attack, or if they’ve been successfully breached, says one expert. Culturally speaking, the concept of sharing and receiving information is more accepted in certain environments of government and industry than others. This imbalance creates holes in trust circles. Some businesses—particularly smaller businesses and corporations—are simply in denial and, combined with a history of secrecy and paranoia about transparency in general, are skeptical at the idea of sharing information with people they don’t already have a relationship.
But in order for all of us to achieve real cybersecurity, organizations must confront and overcome their reluctance to share information by embracing new and wider trust circles.
We are simply transitioning from the older trust model based on personal relationships to one that is somewhat looser: sharing communities. Since it’s no longer possible to have personal relationships with everyone in a sharing community, a certain amount of trust must be granted to a central authority to perform strong vetting of all members. NC4’s Cyber Defense Network, for example, powers many information sharing organizations, including ISAOs and ISACs.
Greg Temm, chief information risk officer at the Financial Services Information Sharing and Analysis Center (FS-ISAC), encourages companies to show patience with threat intelligence sharing.
"Threat intelligence takes time. We might have lists of suspicious activity, but what we really want are the reasons why threat actors are making their attacks. What's really significant is whether the bad threat actors are working for a nation state, are cybercriminals in it for the money, or possibly hacktivists looking to make a political point. Getting to the bottom of that takes a combination of the shared data, analytics, and the threat intelligence tradecraft."
--Greg Temm, Chief Risk Information Risk Officer at FS-ISAC
Here are 3 tenets organizations should remember in terms of sharing intelligence:
• Everyone benefits. The objective of collecting, communicating, and disseminating information is to identify problems more quickly and mitigate attacks faster. There is strength in numbers.
• Being proactive is better than being reactive. Organizations need to share event data early in the security cycle – before it happens. It’s not about admitting you’re “wrong”, so to speak, it’s about warning others beforehand. When people understand what they’re up against, they’re more likely to rise to the challenge and perform accordingly.
• Your sharing platform should make sharing effortless. We’re all facing the constant process of sifting through information to find the pieces that help us make informed decisions and act quickly to keep our environments secure. Your system should be a user-friendly, collaborative, effortless experience. The Cyber Defense Network is a combination of communities, processes, and underlying technology designed to help members cut through the noise to find relevant threats and accelerate defensive action and make the entire threat intelligence lifecycle seamless.
One side cannot do it all. Through community efforts, we can fundamentally better protect ourselves from cyber criminals and significantly reduce both the frequency and impact of attacks and data breaches. Because of the massive scale of cyber threats, we must strengthen and grow our intelligence abilities together, as one unified force.
NC4's cyber defense solutions have been operationally proven for over 18 years, supporting communities that span domestic and foreign government agencies and private companies in the exchange of cyber threat intelligence and the advancement of cybersecurity awareness.
In an interconnected world, giving and getting information is critical and should be easy. The Cyber Defense Network makes the path forward clear. Contact us today to learn more about our NC4 solutions.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.