To defend themselves against cyber threats, organizations must leverage critical intelligence and information to thwart risks. When exchanged securely, information and information sharing helps organizations predict potential cyber attacks, assess damage and take proactive measures.
What does critical information constitute?
Critical information could be data related to a risk or incident, tactics, attack techniques and methods, TTP of threat actors etc. Details of targeted assets--such as, confidential information being stolen--also help organizations perform damage assessment. Information sharing between organizations can help in early detection and mitigation of threats. Companies can warn peers and vendors to look out for a particular attack method, vulnerability or malware. Inter-organization information sharing occurs over threat intelligence exchanges that work through sharing standards like STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and Cybox. These are standards that allow automated exchange of indicators of compromise (IOC) and other relevant data without leaking personally identifiable information (PII). Employees within organizations can also share information and threat intel among their colleagues over mobile based platforms.
How does intelligence and information sharing help organizations?
Exposure to insights
Sharing information within organizations and outside organizations creates exposure to insights and resources. The primary reason behind implementing threat intelligence in an organization is to gain situational awareness of threats and maximize security against cyber attacks which can help an organization in many ways. A fully-functioning cyber threat intelligence can detect communications between office systems and malicious IPs/domain; thereby, preventing possible data loss and detect breaches at early stages which will help decrease the impact on businesses. Intelligence sharing also helps organizations understand attack patterns, hackers’ Tactics, Techniques and Procedures (TTPs), and insights into necessary defense mechanisms. Through data analysis, organizations can discover additional information about threats and support processes thereby building capacity to better detect futuristic attacks and break the kill chain.
Address more use cases
Collaboration also paves the path towards addressing more use cases. By collaborating with other security teams and organizations across various sectors, companies can learn how to apply intelligence more broadly to address a wider array of threats. By leveraging collective experience and expertise, security professionals can help one another develop stronger defenses and more effectively mitigate cyber attacks.
Avoid phishing attempts
Spear phishing attacks and BEC (business email compromise) scams are becoming common among enterprises. Sharing information about the email--such as the language used, sender’s address, title and department targeted by the scammer--will help companies alert their employees proactively to monitor for similar schemes.
Ensure a secure community
It is the duty of every security professional to not only protect his/her organization, but also the entire community from countless adversaries. Hence, cyber information sharing must be leveraged to build a secure community cumulative impact of which is a safe and secure cyberspace for the entire nation.
Information sharing, today
Members of ISAC (Information Sharing and Analysis Center) and Information Sharing and Analysis Organizations (ISAOs) are constantly striving towards sharing immense amounts of information and intelligence with their peers. ISAC and ISAOs are also seeking new ways of facilitating more sharing and collaboration between organizations. In fact, FS-ISAC (Financial Services - Information Sharing and Analysis Center) has launched an initiative, in late 2016, in order to tackle the ever-changing threat landscape. The Financial Systemic Analysis and Resilience Center (FSARC) was established to detect, analyze and launch collaborative activities in order to mitigate systemic risk to the U.S. financial system. The initiative focused on enhancing coordination between industry partners, and the U.S. government.