Co-operate with the State: Altering Approaches to Intelligence-Sharing in Security

Written by

In this era of increasingly complex cyber-attacks, an ‘all for one, one for all’ approach is the best way forward. Suspicion surrounding the concept of collaborating with the state needs to be surmounted if organizations are to tackle the vast array of digital threats they face.

Bad actors across the spectrum, from cyber terrorists and internet vigilantes to organized criminals and state actors, are testing organizations’ defenses for weaknesses. These targeted attacks conquer both public and private sector organizations alike.

Despite this, many organizations still take an isolationist view of defense: my data, my problem. They don’t want to announce their weakness to others, so they don’t collaborate.

Now though there is a growing realization that attitudes must change. A more organized, combined approach is needed to bring about collective digital security – one that pools together the resources and knowledge we have at our fingertips to assess the current threat environment.

Unfortunately, it has taken a series of shocking cyber-attacks such as WannaCry, NotPetya and Heartbleed to get us to this stage, and the road behind us is littered with broken businesses and crippled corporate reputations. Yet even as we face these unprecedented attacks, there is good reason to be cautiously optimistic – not least because the private and public sectors are beginning to work together to combat cyber threats.

What the research revealed 
In September, ThreatConnect unveiled new research conducted among 350 senior cybersecurity decision makers which found that two in five are sharing a range of data – on malware, ransomware or general cyber threats – with government groups or NGOs. What’s more, four in five of our respondents agree that a better relationship with government groups would foster a better environment for exchanging threat intelligence data.

This might seem an obvious enough point, but it marks a significant shift in business thinking. Traditionally, businesses have been very suspicious about sharing any corporate data with outside organizations – let alone information about security breaches. In a sense, that was only natural: no-one wants to admit to failures or to wash their dirty linen in public.

There is a growing awareness that a common approach founded on sharing threat intelligence is the only way that we can begin to think about defeating the rapidly-evolving weapons deployed by those who would do us harm. Public and private sector partnerships may have come in for some stick over the last couple of decades, but on the question of cyber security there is near-unanimity among business on the benefits of working with government.

Our research found that between 70% of respondents said that coordinating data sharing with governments is one of their main priorities in the further development of their organization’s threat intelligence programs, and that the data they receive from government helps make them more secure.

Before we get carried away by this new spirit of cooperation, we have to admit that data sharing between the public and private sectors is still in its infancy. Among respondents from organizations that have industry-leading threat intelligence programs in place, 75% admitted that one of their main priorities is to coordinate their data sharing with government agencies. 

Time to change  
It’s not just businesses that need to do more: over a third of our respondents agreed that government can do many things to improve the way threat data is shared. These include creating and distributing defensive tools and techniques, providing regular briefings for cybersecurity employees about recent trends, and creating industry-specific groups to combat nation-state attackers.

It will take time to change the fiercely data-protective corporate culture to one that is more willing to share sensitive data. To do this, the IT security industry needs to redouble its efforts to communicate how threat intelligence data is as crucial to combatting cyber-attacks as firewalls, anti-virus and intrusion detection and prevention systems. 

On this front, our research provides some very promising insights. We found that 70% of businesses with mature threat intelligence programs say the infrastructure has blocked threats to the business, saving them an average of £6 million each in the past 12 months.

The most pressing problem is the perception of IT security as a wholly private business. It cannot be viewed through the single lens of deploying new systems and software. That attitude merely plays into the hands of attackers. Now is the time to collaborate and find strength in numbers.

What’s hot on Infosecurity Magazine?