Page 25 - Cyber Defense eMagazine - December 2017
P. 25

Part of the core value proposition of threat intelligence is its collectiveness––the more
               it’s shared, the more valuable it becomes. When an attacker targets one business that

               is leveraging comprehensive threat intelligence, it is battling the combined knowledge of
               multiple organizations, giving it an advantage.


               However,  many  organizations  using  intelligence  still  hesitate  to  share  their  own

               intelligence more broadly. A recent study from the Ponemon Institute found that only 50

               percent of organizations currently participate in industry-centric sharing initiatives such
               as  Information  Sharing  &  Analysis  Centers  (ISACs),  which  provide  industry-relevant

               intelligence, a place to collaborate with peers and network with other security teams. Of
               those organizations,  the  majority  (60  percent)  only  receive  threat  intelligence  through

               ISACs but do not contribute intelligence.


               Many organizations cite a  variety of concerns and hesitations that prevent them from
               actively sharing their own intelligence more broadly, but a lot of these fears are myths

               that can be easily dispelled. For instance, some organizations cite privacy and liability

               concerns as a key reason for not contributing to threat sharing initiatives. However, it is
               possible  to  keep  sensitive  information  private  while  still  contributing  to  threat  sharing

               initiatives.  In  addition  to  protective  provisions  from  the  Cybersecurity  Information
               Sharing Act of 2015 (CISA), one way to avoid these concerns––and a good practice in

               general––is to scrub threat data for any sensitive corporate information before sharing.
               Even if this limits the amount you’re able to contribute, a little bit can go a long way in

               helping other organizations spot attackers.


               Many  small  organizations  believe  their  cybersecurity  programs  are  too  little  or  their

               budget  is  too  limited  for  them  to  share  anything  that  would  be  of  value  to  other
               organizations––but this is never the case. Even for big corporations that are frequently

               targeted by attackers, there are additional details that can be missed. For example, no
               organization  sees  every  possible  variant  of  phishing  emails  that  comes  through  their

               business.  Sharing  whatever  you  can,  even  if  it  seems  insignificant,  can  add  critical
               context and visibility that complements other shared intelligence.







                   25    Cyber Defense eMagazine – December 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   20   21   22   23   24   25   26   27   28   29   30