The Benefits of Cross-Sectoral Threat Intelligence Sharing

Table of Contents

Why Share Threat Intelligence across Sectors

How Cyware’s solutions enable cross-sectoral threat intelligence sharing

View More guides on Cyber Threat Intelligence

The Benefits of Cross-Sectoral Threat Intelligence Sharing

  • Cyber Threat Intelligence

Posted on: July 07, 2022

The Benefits of Cross-Sectoral Threat Intelligence Sharing
Over the past couple of decades, there has been significant progress in threat intelligence sharing and cybersecurity collaboration at the industry level. Many threat intelligence sharing communities like Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs) already exist for intel sharing between organizations within the same sector (Health, IT, Financial Services, Retail, etc.). For security collaboration and unified action to be truly effective, however, threat intel-sharing needs to extend beyond individual sectors to cross-sectoral (ISAC-to-ISAC) collaboration, with organizations across sectors and governments coming together to fight common threats and adversaries and protect critical infrastructure. 

The Cybersecurity and Infrastructure Security Agency (CISA) makes the case for inter-sector threat intelligence sharing by stressing on how important it is for systemic risk reduction. In the cybersecurity context, systemic risk refers to the possibility of a single cyber incident triggering negative effects beyond an individual digital system or company environment to multiple connected organizations, sectors, or nations. Given the dependencies between the various elements that make up the digital ecosystem today and the common IT infrastructure that organizations rely on, it is no longer possible for individual establishments or sectors to operate in isolation. No single industry has all the tools, resources, skills, and knowledge necessary to get complete visibility into and deal with all advanced threats. 

With cross-sector threat intelligence-sharing, organizations in one sector can learn from the threats seen by organizations in other sectors and proactively take necessary mitigation measures to defend against common threats. “By leveraging data from entities within and outside their circle”, says CISA, “organizations can fully realize the possible extent of their vulnerabilities (if exploited), such as to other sectors or industries; identify clusters of common vulnerabilities and drivers of risk; and evaluate investments in cyber controls to holistically and collectively manage these risks.” 

Why Share Threat Intelligence across Sectors

IT and OT convergence and increasing risk to critical infrastructure

With more Operational Technology (OT) components being exposed to the internet and converging with IT, critical infrastructure is at an ever greater risk of cyber attacks. Attacks on OT can be especially dangerous because they can seriously disrupt essential services, damage physical infrastructure and result in loss of life. By exchanging intelligence on a cross-sectoral level, critical infrastructure organizations and essential service providers can get a real-time view of fast-moving threats and new vulnerabilities and draw on the entire community’s collective intelligence to prevent, detect and respond to sophisticated threats. 

Common threats and vulnerabilities

The vulnerabilities exploited by threat actors affect hardware and software used across industries. Operating systems, remote collaboration platforms, mobile phones and laptops, and a whole host of other applications and devices are not industry-specific, but developed and used by organizations across multiple sectors. It makes sense to share intelligence about vulnerabilities, incidents, and mitigation methods across industry sectors so each member of the broader community learns from the experience and knowledge of the rest. 

Access to specialized knowledge

Organizations sometimes need specialized knowledge to deal with advanced threats that are difficult to manage using the resources and skills available internally. Many advanced threats and vulnerabilities may involve systems and entities that are better handled and understood by experts in a different field or sector. For example, a new malware strain that affects specific components of smart electricals may be best handled using mitigation strategies developed by the energy industry. In such a scenario, every industry would benefit from the specialized knowledge and intelligence shared by the energy sector. Security teams working independently simply won’t have the wider view and resources needed to deal with such threats. 

Wider context needed for effective proactive defense

Threat intelligence sharing across sectors helps organizations understand the wider threat landscape and get greater visibility into emerging attack trends, malware families, organized cybercriminal gangs, and state-backed cyber campaigns. They can then use this shared knowledge to direct security spending to high-priority areas, align cybersecurity efforts with the business mission, and move towards predictive security where they can predict the “what”, “why”, “how” and “when” of the most dangerous threats and build defenses accordingly. 

Information sharing on the dark web, cybercriminal networks

Attackers usually have significant advantages over defenders - they are anonymous, have extensive knowledge about their targets, are not time-constrained, and are usually part of a thriving underground community of criminal groups who share information about vulnerabilities, exploits and effective attack techniques. Threat actors are also known to buy and sell malware, stolen credentials, and access to compromised networks on the dark web. To get ahead of well-connected criminal gangs, security teams across sectors and geographies must constantly share information on threat indicators, attacker TTPs and mitigation strategies, and create communities of their own for real-time security collaboration.

Complex supply chain ecosystem and limited visibility 

Most organizations today work with a wide range of third-parties (business partners, software vendors, supply chain partners) who may themselves be dependent on other software vendors for business operations. The degrees of separation within supply chain networks that span multiple sectors have increased, which often prevents organizations from getting clear visibility into their extended attack surface. By collaborating more closely with partners, vendors, and other organizations that work with common vendors, organizations can better understand and reduce their supply-chain risks.

Attackers target the most vulnerable organizations in the supply chain

With supply chain attacks, the size or security posture of individual organizations becomes irrelevant. No matter how effective and well thought-through a company’s security program is, it is still only as secure as the weakest link in its supply chain. Attackers routinely use vulnerable systems and security gaps in smaller organizations to get access to the better-defended organizations in their supply chains. It is in every organization’s interest then to form collaborations at different levels to share intel for stronger, more effective defense. 

Cross-industry threat intelligence sharing can help security operations centers (SOCs) across industry sectors develop a common operating picture and identify, analyze and mitigate existing and new cyber threats in real time. Industry leaders must build on the gains made by ISACs and ISAOs and extend information sharing to wider cross-industry forums. By leveraging the collective knowledge of and the lessons learned by cyber defenders in multiple different sectors, organizations can save time, resources, and research effort; build their cyber threat prevention and detection controls faster; and together make the whole digital ecosystem more secure. 

How Cyware’s solutions enable cross-sectoral threat intelligence sharing

Cyware’s threat intelligence platforms enable security teams across organizations and industry sectors to collaborate and share tactical, strategic, and operational threat intelligence

ISACs and ISAOs in multiple sectors use the Cyware Situational Awareness Platform (CSAP) and Cyware Threat Intelligence Exchange (CTIX) for real-time intel sharing with member organizations. 

Cyware also recently expanded CSAP’s feature-set to enable automated multi-sectoral (ISAC-to-ISAC) threat intelligence sharing. The new feature allows ISACs to collaborate and share threat intel with other ISACs to strengthen their collective cyber defense capabilities. 

To learn more about CTIX and CSAP and how the platforms enable automated intel sharing and secure collaboration, schedule a free demo now.

Share Blog Post

Related Guides

Related Guides

The Virtual Cyber Fusion Suite