New research from Intel Security has explored the issue of cyber threat intelligence (CTI) sharing to gauge how it is currently being adopted and perceived by companies.
The survey of 500 cybersecurity professionals found that although a significant proportion of those polled believe CTI sharing helps to build stronger security, less than half (42%) of respondents currently do it.
Of those who don’t share CTI 54% noted corporate policy as the reason why, followed by industry regulations (24%). The remainder of respondents whose organizations don’t share threat data either said they would be interested in doing so but currently lack knowledge about the varieties of CTI integration options available to them or have concerns about whether any shared data could be linked back to their companies or themselves as individuals.
“Cyber threat intelligence sharing is a crucial strategy to ensure that enterprises across entire industries are able to learn from each other and set up proactive defenses to safeguard both their corporations and the industry as a whole,” said Raj Samani, CTO EMEA at Intel Security.
“In many cases, advanced stealthy attacks can lay hidden on a network, undetected. With corporations proactively sharing details of threats and attacks, similar enterprises will also be able to more rapidly detect threats and correct their systems. Detection and correction of a cyber-attack is just as important as the initial protection stage when safeguarding company and customer data.”
“Our report highlights that CTI must overcome the barriers of organizational policies, regulatory restrictions, liability risks, and a lack of implementation knowledge before its potential can be fully realized,” Samani added.
Despite the general concerns and lack of knowledge about data sharing the survey unearthed, it also found nearly two-thirds (63%) of respondents would be willing to not only receive shared CTI but also contribute data of their own, as long as it is shared within a secure and private platform. Threat data such as behavior of malware (72%), URL reputations (58%), external IP address reputations (54%), certificate reputations (43%), and file reputations (37%) were noted as the most likely to be shared.
This suggests that widespread CTI sharing is very much a realistic possibility if companies have confidence that their data is protected and are made aware of how it will be used, and as Steve Durbin, Managing Director of Information Security Forum argues, to be successful the concept of threat data sharing relies on a certain level of trust for all involved.
“A starting point would be closed groups – the banks are particularly good at this for instance, sharing information on the basis that an attack on one is an attack on all,” he told Infosecurity. “Trust is a key component too and understanding exactly how your intelligence might be used by a third party with whom you are sharing it is key.”
“What is certain is that threats and attacks will continue to increase and so must our collective sharing of intelligence if we are to stand a chance of combating them,” he added.
Brian Honan, Owner and CEO of BH Consulting, shares a similar view, telling Infosecurity companies must adopt a ‘united we stand; divided we fall’ mentality, thus “changing our attitudes to information sharing and how that information is shared to ensure we stay one step ahead of those wishing to compromise our systems.”