Current Filter: Network>>>>>Opinion>

   

Imagine that you are at a cricket match and a stray six is heading straight for your friend's face, who as it happens is sitting next to you. You may at first be glad that it was him and not you - but you could also find yourself asking why you didn't do something to prevent your friends' black eye!

The lesson might be that we are better protected when we work together. Whether it is while being eagle-eyed regarding the leather ball on a full face trajectory or, in the case of cyber security, sharing intelligence openly to make sure we know about the latest and greatest threats that we all, competitors and colleagues alike, have faced.

Security attacks are constant and millions of people can benefit from shared knowledge. The best example I have seen is in the banking community, which holds a weekly conference call. On a Tuesday, the bankers gather and these otherwise fierce competitors discuss what they know, offering us all a great example of how powerful strength in numbers can be. It makes sense because we are all inclined to avoid known and certain risks in our lives.

As with the two examples above, good security programs will alert other users when they are struck, demonstrating the power of peers, because in the security industry it is not simply about one great expert but rather the expertise of thousands of security practitioners. With a network of users and a community, for example using something like our Open Threat Exchange (OTX) we can do just that; however, when we factor in pragmatic sharing, it can be even more effective in defeating attacks.

Our current threat environment demands a new approach to threat intelligence, one that embraces open and collaborative threat sharing. In the information security community, threat information by itself has little value, just importance, thus making a crucial distinction from other industries. The common enemies we face are more profound than the differences we have, and threats are evolving so quickly that no one person has the ability to keep up with it all. It is precisely because our adversaries are so hyper-coordinated that today's era of relentless attacks and morphing threats demands that we rise together or fall alone. By working together and sharing information we can expand the reach of our threat data to enable more businesses and organisations to defend their networks against these mounting threats.

In collaborating on threat data in the infosecurity community, there are three things we can do. Firstly to identify who it is attacking, so that if there is a further attack on one of us, we will all know. This is one of the biggest ways that threat sharing can benefit a group. Secondly, and taking this a step further, individuals can share details of how they were attacked and how it helped to identify the perpetrator, so as to prevent different attack methods. Finally, we can share the actions taken, tools used and their effect.

Good security measures should be within the reach of all enterprises, yet often the small to mid-market enterprise cannot afford the tools and threat intelligence information that is available to large enterprises and federal governments. An information exchange that allows security professionals and researchers around the world to share threat information and combine their efforts to combat the ever-increasing malicious threats plaguing us all will offer good threat intelligence and insight into remedial actions - and not competitor conflict. We are all playing on the same team against cybercriminals so it's here that the best chance of success exists.