Consequences of Withholding Threat Information
In the ever-evolving landscape of cybersecurity, the importance of information sharing among organizations has become increasingly apparent. According to recent statistics, about 36% of organizations belong to ISACs or ISAOs as of 2018.
These groups serve as a platform for companies to share threat intelligence, collaborate, and learn from each other's experiences. However, some companies have been criticized for over-sharing, while others have been accused of withholding information or obscuring their identities, according to reports.
The application process for joining such organizations is relatively straightforward, with InfraGard, an initiative by the FBI, being one of the easiest entry points for businesses. The Cybersecurity and Infrastructure Security Agency (CISA), a dominant authority in identifying and mitigating vulnerabilities alongside the FBI and NSA, also offers a no-cost feed for sharing threat intelligence in open source or paid-for platforms through its automated indicator sharing (AIS) programme.
Corporate stakeholders are increasingly interested in understanding the risk calculus of their technology stacks, with the question "Are we a target?" being a common concern. This need for timely and actionable data is highlighted in a Ponemon Institute report, where more than one-third of the respondents stated that cyberattacks were successful due to a lack of such data from their feeds.
Cross-sector information sharing forums have historically had an air of skepticism and distrust. However, the benefits of sharing threat intelligence are evident. From a business perspective, 79% of security professionals believe that threat data feeds improve their organization's security posture.
The government also recognizes the importance of threat intelligence and information sharing from companies. Federal agencies are working to strike a balance between national security interests and the interests of businesses. The new national cyber director in the White House is working towards this balance.
It's worth noting that companies that pay for access to cyber threat intelligence and information sharing through ISACs or ISAOs typically include large corporations, Internet service providers (ISPs), telecommunications organizations, and critical infrastructure operators. Examples include sectors like healthcare, finance, energy, and government agencies, although specific company names vary by region and ISAC focus.
However, there are concerns about the government being a bottleneck in unintentionally closing the feedback loop. Additionally, the use of paid threat intelligence feeds is more common than ISACs or ISAOs, with 44% of organizations using paid feeds, compared to 36% engaging in inbound ingestion and 31% participating in outbound sharing in ISACs, according to a report.
In light of these statistics, it's clear that while there is a need for more information sharing, there are also challenges that need to be addressed. Experts like Javvad Malik have called for more actionable items to supplement threat intelligence, providing informed criteria for mitigating a new-found vulnerability.
In a recent development, CISA denied a request for confidential data regarding SolarWinds and private companies, fearing it could harm the relationship between the agency and companies. This underscores the need for a balanced approach to information sharing, ensuring the protection of sensitive data while maintaining the benefits of collaboration.
For companies with mature cybersecurity organizations, understanding their adversaries and cyberthreats is a vested interest. As the cyber threat landscape continues to evolve, the importance of information sharing and collaboration among organizations will only grow.
