Global spend on cybersecurity products is expected to exceed $1 trillion between 2017 and 2021, as companies continue to invest in new technologies to combat increasingly sophisticated cyber attacks and augment their security posture. Yet the number of cyber threats is growing even faster and breaches continue to happen.
It’s time for the cybersecurity community to make a true commitment to threat intelligence sharing and create an industry standard to enable the timely sharing of information across both the public and private sector. In a recent Ponemon study sponsored by Infoblox, two-thirds of security professionals surveyed said threat intelligence sharing could have prevented or minimized the consequences of a cyber-attack or data breach.
The industry tried to combat this over a decade ago through The Incident Object Description Exchange (IODEF RFC-5070) and most recently through sharing models such as STIX and TAXII. However, many security professionals are still dissatisfied with these options and there remains a reluctance from organizations to share their intelligence broadly.
To explore this topic further, Infoblox recently hosted a roundtable discussion that brought together cybersecurity experts from government, healthcare, education and private sector backgrounds to discuss how, as an industry, we can better share threat intelligence knowledge to ultimately fight back against cyber criminals and regain control.
Michael Daniel, the president and CEO of the Cyber Threat Alliance and former cybersecurity advisor to President Barack Obama, encouraged a shift in our thinking. “The first thing we need to think about is how do we change our mindset. We are looking for a solution to cybersecurity challenges and there is no solution, it’s a risk management problem.” He went on to advise that “we shouldn’t be afraid to share — sharing doesn’t blunt our competitive edge, it just enhances it. We need to facilitate it from happening rather than inhibiting it from happening.”
The Ponemon study backs up this point by Daniel that the fear of sharing is a key hindrance the industry has been facing. In fact, 58 percent of respondents in the Ponemon study point to the potential liability of sharing and the lack of trust in sources that keeps their companies from only partially participating in a threat intelligence exchange program. It’s not easy to further the conversation if customers and the community are not willing to share, which will be an ongoing battle the industry faces.
Infoblox customer Richard Hu, associate director, Service Strategy and System Architecture at Weill Cornell Medical College, recognizes the need for sharing but noted how difficult this process actually is: “Those in my community share their threat intelligence manually, from one security office to the next, and by the time we have these conversations, it’s often too late. It’s almost like a marriage, it’s not easy and we need help.”
So what else can we do as an industry to make the sharing of information more seamless and effective? First and foremost, real time risk intelligence is critical as threat intelligence becomes stale within minutes. For shared intelligence to increase in appeal, it needs to be more quickly disseminated so it retains its accuracy. Second, we need to do away with siloes among business departments and create a centralized program controlled by one dedicated team to better enable information to flow. And last, but not least, the industry needs to take advantage of tools, like Infoblox Dossier, that help give context and meaning to threat intelligence and enable IT organizations and security professionals to make accurate decisions quickly with confidence.
Ultimately, we all agreed, we have to work together as an industry to combat these cyber threats. This dinner gave us new hope that there are those out there who want to collaborate and who want to come together to find a solution.
I’ll leave you with this thought provoking question from Jose Pagliery at CNNMoney, “Is it time for the business sector to have its #MeToo movement.” What do you think?