Sharing Cyber Security Intelligence Brings Wide-Ranging Benefits

Guest blog by Canadian Cybersecurity 2018 contributor Robert Gordon, Executive Director at the Canadian Cyber Threat Exchange (CCTX)

Reports of hacks dominate the news. The security of elections processes is increasingly questioned, and almost weekly, it seems, another company announces a data breach in which personal data of customers is exposed. Is this what we can expect going forward?It might seem like it, but increasingly, there is growing awareness of the magnitude of the threat. Even in an age when gaining and sustaining a competitive advantage is of paramount importance for businesses, the idea that companies should work together to share information and expertise is gaining traction. As more businesses adopt this attitude, they will reap the benefits of improved defenses.

What is threat intelligence?

Threat intelligence is the systematic analysis of all threats facing an organization. These include both internal and external threats. Threat intelligence considers security incidents that result when organizational vulnerabilities are exploited by attackers, and provides information derived from analysis of a variety of data, including the goals of the hacker, the known variants of the threat, and possible defenses against the threat. It can be used in the short term (for example, developing a response to a specific attack) as well as in the long term (formulating responses based on strategic assessment of the plans that attackers may be considering).

Why should organizations work together?

Organizations that collaborate to generate understanding of how cyber attackers operate have an opportunity to pool their knowledge and experience. By learning about attacks against others in their industry, an organization can plan more effective defenses against future attacks. Cyber criminals often use specific attack vectors repeatedly until they become ineffective, so sharing information and best practices about threats and attacks is one of the best possible defensive strategies.

Awareness of the benefits of collaborative work and information sharing is growing. In Canada, the Canadian Cyber Threat Exchange (CCTX) was founded in 2015 to facilitate information sharing and provide a neutral forum where organizations can work together to defend against cybersecurity threats.

Cybersecurity affects everyone

Breaches at major corporations make the news, but that doesn’t mean that individuals can’t be targeted. Ransomware makes information inaccessible until a ransom is paid, and perpetrators of ransomware attacks can target any information. If data is important enough to be preserved — even if it has no obvious commercial or intellectual value — it can be targeted in a ransomware attack. How much would you pay to restore access to your personal photos?

Solid corporate cybersecurity brings many benefits

In addition to providing a defense against hacks and data breaches, organizations can approach cybersecurity in a way that brings significant business advantages. A strong cybersecurity culture creates paths for companies to develop better relationships with their employees regarding cybersecurity. As cybersecurity habits improve at work, employees will also take this knowledge and expertise into their private online lives. Given the proliferation of IOT devices and BYOD in the office, this cooperative approach can only minimize organizational risk.

Strong cybersecurity procedures can also present an opportunity for organizations to differentiate themselves. From a consumer perspective, a company’s response to a cybersecurity incident can have a lasting impact: Under Armour has been widely praised both for its prompt disclosure of a February 2018 breach, and for its success in protecting user information such as birth dates and credit card numbers (though some passwords were left vulnerable). Internally, recruiting employees with the requisite skill set can be a challenge for many companies. Proactive attitudes towards cybersecurity education can be leveraged as organizations search for the best possible employees.

Cybersecurity for the public good

As more and more aspects of our daily lives are conducted online, and as organizations increasingly conduct business online, cybersecurity is coming to be a social imperative. Just as businesses have used community involvement to increase their public exposure, organizations that embrace cybersecurity sharing will be able to use this to differentiate themselves from their competitors. There is a business opportunity here. By sharing knowledge and experiences, organizations not only improve their own defenses, they also strengthen societal defenses against cyber crime. This is a goal that everyone can support.

Guest blog by Canadian Cybersecurity 2018 contributor Robert Gordon, Executive Director at the Canadian Cyber Threat Exchange (CCTX)

Download the CLX Forum book, Canadian Cybersecurity 2018: An Anthology of CIO/CISO Enterprise-Level Perspectives: http://www.clxforum.org/