The council was originally established and sponsored by RSA with the purpose of providing a non-partisan view of information security concerns and opportunities. It comprises 16 CISOs from companies such as ABN Amro, Coca Cola, Ebay, EMC, HSBC, JPMorgan Chase, T-Mobile and others. This year’s report, with additional input from William Pelgrin, the President and CEO of the Center for Internet Security, focuses on the desirability of shared intelligence to counter the new advanced threats.
It recognizes that just as cyber criminals share information and help each other, business must also pool and share its security intelligence in order to effectively counter the advanced threat of organized cyber crime and state-backed cyber espionage. “If large communities of organizations could readily and continuously exchange data on current attack methods, it would seriously impede attackers’ operations”, says the report.
It sets out a road-map towards achieving that end, including the collection of risk data, continuous research into criminal behavior and techniques, training in intelligence gathering and use, and of course the development of best practices in sharing threat information with other organizations.
The final and most difficult element, key to the success of the proposal, is the ability to manage large and disparate volumes of security data and convert it into actionable security information. In the short term this can be achieved by automation: automating the consumption of existing threat feeds, automating the collection of employee observations, automating log analysis and automating the fusion of data from multiple sources. The result becomes a big data analytics problem.
'Getting Ahead of Advanced Threats' shows how much can and should be achieved by organizations making intelligent use of readily available shared intelligence. This is currently largely the receipt and use of external data. But the report also intimates the next step, which has to be the evolution of business from a receiver of data to an active sharer of data. Of course it does already happen, particularly within specific market sectors such as finance. But the long term aim has to be sharing threat information in a safe and secure manner between all companies in a manner that can be received and actioned automatically.