Exchanging information for mutual defence
Sharing cyber threat intelligence
Business leaders are starting to realize that increasingly sophisticated threats are constantly evolving, and that defending against these complex new dangers will require much more than tweaking security policies and adjusting IT systems. They’re recognizing the fact they’ll need the strength of numbers, a community of peers that are stronger standing together than going it alone.
The solution lies in participating in a cyber threat intelligence (CTI) sharing community, in which members gather and share, in real time, what they’ve learned about threats and attacks. This can provide them with insight about attacks, security tools and defence techniques, and help get the most up-to-date information to the right people and the right systems at the right time to make informed decisions.
This practice of gathering, sharing and analyzing intelligence improves an organization’s ability to be vigilant, an essential element of maintaining a strong cybersecurity posture. And as our 2015 Cybersecurity Survey shows, there’s plenty of room for improvement in this country: only one in three Canadian organizations has a formal process for gathering threat intelligence, and less than two percent are sharing intelligence on a global scale to help bolster their cyber maturity. (Find out more, including the other elements of a strong cybersecurity posture, in the cybersecurity survey report.)
Create a CTI-sharing community
Our paper, Building an informed community, shows how you can help establish a group that shares cyber threat intelligence and coordinates incident responses to proactively identify and mitigate incoming attack. It examines how you can share information safely and effectively, preserve privacy, and realize significant overall benefits from collaboration.
To prepare the ground, you and your counterparts need to:
- Develop strong community oversight and governance structures: Members need to trust that their rights and obligations are clearly governed, and that security measures are in place to prevent sharing or leaking of unauthorized data.
- Implement membership criteria: A defined process can help ensure that new members are evaluated on their willingness to share intelligence on best practices, on know-how, and on experience.
- Make cross-sector sharing a priority: Since cyber attackers don’t always stick to the same industry when seeking out new targets, the community’s plan should allow for cross-sector sharing.
- Leverage cybersecurity expertise: Gathering and analyzing community intelligence requires subject-matter experts who can produce reports and identify trends, while specialized day-to-day operational personnel are necessary for program management and administration.
- Support open discussions about threat intelligence: Open discussions can help community members share best practices, insights and perspectives in an engaging and meaningful way, while also helping to build trust.
- Comply with regulatory, privacy and legal obligations: Compliance enables an organization to define, publish, and disseminate any potential civil/criminal responsibilities so all members understand their obligations.
The power of sharing
A community in which organizations can share real-time intelligence on evolving threats can deliver broad benefits, including access to relevant and actionable intelligence, cost savings through elimination of duplicated effort, the prioritization of threats and vulnerabilities by importance and imminence, and better defensive agility with a shift from reactive to proactive strategies.
Against sophisticated cyber foes, you’re stronger together.
To learn more about sharing cyber threat intelligence, contact Dina Kamal.