In  addition  to  protective  provisions  from  the  Cybersecurity  Information  Sharing  Act  of
               2015 (CISA), one way to avoid these concerns––and a good practice in general––is to
               scrub  threat  data  for  any  sensitive  corporate  information  before  sharing.  Even  if  this
               limits the amount you’re able to contribute, a little bit can go a long way in helping other
               organizations spot attackers.



               Many  small  organizations  believe  their  cybersecurity  programs  are  too  little  or  their
               budget  is  too  limited  for  them  to  share  anything  that  would  be  of  value  to  other
               organizations––but this is never the case. Even for big corporations that are frequently
               targeted by attackers, there are additional details that can be missed. For example, no
               organization  sees  every  possible  variant  of  phishing  emails  that  comes  through  their
               business.  Sharing  whatever  you  can,  even  if  it  seems  insignificant,  can  add  critical
               context and visibility that complements other shared intelligence.




               There are also some organizations that fear the possibility of revealing a breach, which
               makes them reluctant to contribute to threat sharing initiatives. The reality is that while it
               may  not  be  ideal  for  other  organizations  to  know  you’ve  been  compromised,  it’s
               important that you spot a breach sooner rather than later, even if that comes through
               intelligence sharing. Pushing out breach details quickly can help bring quicker answers
               to  incident  response  challenges  thanks  to  the  additional  resources  from  other
               organizations adding their skills and expertise to the event.



               For organizations that are hesitant to share intelligence but are looking for simple ways
               to contribute, there are a wide variety of options. A simple first step is identifying tools
               and communities you can leverage. ISACs are easy to get involved in and typically have
               mechanisms in place to ease threat sharing.



               You can also establish partnerships beyond your vertical through localized entities such
               as Fusion Centers or use standards like STIX and TAXII to streamline the process of
               sharing. There are a number of free tools available that can help you to both contribute
               to and receive from common threat feeds.









                   10    Cyber Defense eMagazine – January 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.