Page 10 - Cyber Defense eMagazine - January 2018
P. 10
In addition to protective provisions from the Cybersecurity Information Sharing Act of
2015 (CISA), one way to avoid these concerns––and a good practice in general––is to
scrub threat data for any sensitive corporate information before sharing. Even if this
limits the amount you’re able to contribute, a little bit can go a long way in helping other
organizations spot attackers.
Many small organizations believe their cybersecurity programs are too little or their
budget is too limited for them to share anything that would be of value to other
organizations––but this is never the case. Even for big corporations that are frequently
targeted by attackers, there are additional details that can be missed. For example, no
organization sees every possible variant of phishing emails that comes through their
business. Sharing whatever you can, even if it seems insignificant, can add critical
context and visibility that complements other shared intelligence.
There are also some organizations that fear the possibility of revealing a breach, which
makes them reluctant to contribute to threat sharing initiatives. The reality is that while it
may not be ideal for other organizations to know you’ve been compromised, it’s
important that you spot a breach sooner rather than later, even if that comes through
intelligence sharing. Pushing out breach details quickly can help bring quicker answers
to incident response challenges thanks to the additional resources from other
organizations adding their skills and expertise to the event.
For organizations that are hesitant to share intelligence but are looking for simple ways
to contribute, there are a wide variety of options. A simple first step is identifying tools
and communities you can leverage. ISACs are easy to get involved in and typically have
mechanisms in place to ease threat sharing.
You can also establish partnerships beyond your vertical through localized entities such
as Fusion Centers or use standards like STIX and TAXII to streamline the process of
sharing. There are a number of free tools available that can help you to both contribute
to and receive from common threat feeds.
10 Cyber Defense eMagazine – January 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.