The value of sharing threat intelligence

Aristotle Onassis once said, “The secret of success is to know something nobody else knows.”

The idea that businesses should keep their best practice secrets to themselves is a popular one. It’s a way to stay ahead of the competition and retain a competitive advantage.

Often industries become crowded with competition and knowing what your neighbour doesn’t can be the saviour in difficult times. But this way of thinking doesn’t bode well for tackling the ever-growing threat of cyber attacks.

Don’t keep cyber secrets

It is evident from the data breaches that occurred in 2016 that companies are making the same mistakes over and over again, from running old computer software and failing to patch vulnerabilities, to falling for phishing emails and not having an effective attack response plan in place.

>See also: Sharing cyber intelligence can prevent security breaches

A proven method of tackling the issue is by encouraging business leaders to share threat intelligence and openly discuss the challenges they have faced to maintain a strong security policy.

This is crucial, particularly given the new threats caused by innovations in technology, such as artificial intelligence (AI) and machine learning. As these technologies become commoditised, we will start to see hackers take advantage of them in the same way businesses do.

Progress has already been made in this area, with initiatives such as the Cyber Threat Alliance, allowing businesses to share threat intelligence on advanced attacks, their motivations and tactics of the actors behind them.

The US government also announced the Cybersecurity Information Sharing Act (CISA) in 2015, creating an environment that encourages businesses to share more information.

In the UK, a £1.9 billion government investment is under way for a new cyber security strategy, aiming to make it one of the safest places to do business in the world.

The launch of the National Cyber Security Centre as a bridge between industry and government is also expected to make significant headway in helping educate businesses and consumers alike about the biggest cyber risks today.

The enemy is getting more sophisticated

Indeed, there are several initiatives in place to strengthen our threat intelligence as an industry, but getting ahead of the hackers – and staying there – is a collaborative exercise that needs continuous work.

Failing to share best practice methods against cyber attacks will only hold the business back. It may even come back to bite them in the future.

Consider the numerous platforms that hackers use online to share information and learn from each other’s attacks.

>See also: What’s next for threat intelligence?

The dark web is a network of untraceable online activity and hidden websites – a perfect example of where hackers can communicate, completely anonymously, to trade insights and sell information.

Unlike private businesses and government organisations, cyber criminals are not bound by IP, data privacy, budgets or other concerns.

Increasingly businesses expect to see hacktivists, nation-based attackers and cyber criminals accelerate the use of the tools used to learn from each other’s attacks – and identify defacto best practices to emulate them on broader scales. Thus, requiring a more strategic approach to sharing threat intelligence with one another.

Too much information?

The impending General Data Protection Regulation (GDPR) will certainly spark a new wave of initiatives designed to keep businesses compliant once it is implemented in May 2018.

Data collection and storage will be questioned and stricter fines will be in place should businesses suffer a data breach. Therefore, sharing as much knowledge as possible needs to start now.

As to what information should be shared, there is no clear line to draw between what is classified as an adequate amount. This is where business leaders must rely on their own experiences and insights to guide them in what they choose to share.

>See also: No organisation is an island: the rise of community-based security

The technology that helps defend against attacks is of course essential. But what about the reaction to a cyber threat such as a ransomware attack? Should the first step be to contact the local police and which department should do so?

If the business becomes subjected to a data breach, how long until the public is informed and who is qualified in the organisation to advise on the comments and quotes shared with the media, should enquiries come in?

When the GDPR comes into effect there will be clearer requirements for organisations to follow. But business leaders must continue to share insights in order to provide one another with relevant and quality information.

The sophistication of hackers has reached a point where it is no longer about keeping them out of the network, but restricting their activity once they are inside. Understanding the importance of sharing threat intelligence is the first step in building a strong strategy against malicious outsiders.


Sourced by Matt Middleton-Leal, regional VP, UK, Ireland and Northern Europe, CyberArk

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...