Mar 15, 2018Industry insights,
Why is cyber threat intelligence sharing important?
In recent years the threat of cybercrime on businesses has become alarmingly high, with a bombarding volume of new cyber-attack techniques that include the sending of malicious emails and Brute Force attacks. In fact, recent reports suggest that as many as one in four businesses suffered a cyber-attack in 2017. If cybercrime is on the rise and our efforts to protect our most precious business assets, our data, are all in vain, what is the solution?
Being a business that operates within the IT world we get to see first-hand how a business can be brought to its knees by a cyber-attack. In these situations we will work tirelessly to ensure the company is back up and running, but once the business is fully operational and life starts to get back on an even keel, what then? Most businesses don’t want to disclose the fact they suffered a breach or attack, as they feel it demonstrates their business as vulnerable or unprepared. They might feel that their clients would lose trust and have less faith in their ability to deliver services or keep their data secure. Whilst this might be true for a small proportion of businesses the fact remains that intelligence and information sharing is one of the critical tools for network defence, and by providing the information it allows others to avoid the threats by taking additional precaution and deploy proven defence methods.
In the past when a business suffered a significant data breach they would generally isolate this to a specific IP address and share this information manually throughout the company to ensure they take action and limit their own exposure. This type of sharing was a manual process that required human interactions and had greater potential for human error.
Knowing the importance of sharing information without error-prone methods has led to the development of new tools for consuming Cyber Threat Intelligence such as open standards and sharing platforms that can automate threats and provide mitigation workflows.
Whilst the wider communities can clearly benefit from prior warning of cyber threats, the challenge of changing behaviour still exist as businesses and their lawyers still favour anonymity and discretion over disclosure and admission. Fundamentally, what’s needed is a shift in public opinion that surrounds the importance of sharing information of this nature. In many cases this comes down to the business and how they articulate what happened, the way they reacted to it i.e. how quickly they were able to restore and recover, and what steps they have taken to prevent an issue of this nature happening again, and why they feel it’s important to share this information to prevent others from falling victim. In these instances, it can actually reinforce a brands values and their commitment to their clients, but being open and willing to share.
The fact remains that cybercrime is on the rise, it is the modern day threat above any other, and in many cases criminals are getting away with these crimes because we are reluctant to tell others about our experiences. As our digital era develops, it’s likely we will start to see global sharing platforms. However, for these to become truly effective companies must confront their hesitancy to sharing of information and public opinion much shift to welcome their confessions of vulnerability, accepting them with the intention they were shared – to better protect our community from cybercrime.