It’s time for the cybersecurity industry to stop talking about information sharing.
Before you get out the flamethrowers, though, let me add – it’s time for the cybersecurity industry to start doing information sharing. More specifically, the industry needs to share threat intelligence at speed and at scale.This fundamental idea drives CTA’s main project. Through its members, CTA has developed a different kind of cyber threat intelligence sharing platform and organization. This platform and associated sharing rules enable our members to more effectively prevent and disrupt intrusion, attacks, and other kinds of malicious activity. We have started the process of “doing” intelligence sharing in the cybersecurity industry.
Consider this: many cybersecurity companies spend time gathering threat intelligence that they use to update their own products, or to better protect their customers. Often times, this information is seen as the “competitive differentiator” that no cyber or security company would ever want out in the open. They certainly wouldn’t want to share this information with their biggest competitors in the market. Yet, the truth is, that approach hasn’t worked. Every security company knows this fact. No security company nor the U.S. government has all of the threat intelligence needed to combat every threat. So while we want and need strong competition in the cybersecurity industry, we need that competition to play out differently. It should occur not primarily on the raw quantity of data, but rather on the quality of the data and what people actually do with it. The real competition lies in the analytics that companies put behind the data, the way they integrate it into their products or business models, and how they use it to protect customers.
Shift the Cybersecurity Conversation to Sharing
The big picture here is to encourage a mindset shift — to demonstrate that cybersecurity companies can share cyber threat intelligence while maintaining strong market competition, thereby making everyone better off. By sharing cyber threat intelligence at speed and at scale, we can improve defenses against advanced cyber adversaries across our member’s organizations and their customers. We can also advance the cybersecurity of critical information technology infrastructures and increase the integrity and efficiency of information systems.
But there’s more. CTA also enables intelligence sharing at human speeds through enabling the cybersecurity industry to collaborate more effectively. Take for instance the WannaCry worldwide ransomware attack earlier this year. During this attack, we assembled the threat intelligence units from all CTA members. As a result of this collaboration, members were able to discuss notes and gain insights more quickly than they would have been able to do on their own. In turn, they were better able to protect their customers and the entire digital ecosystem.
Over the last few years, many information sharing alliances have emerged, and that’s a good thing. But CTA is taking on the hard business of making such a sharing alliance work in the cybersecurity industry. If we can change how we share threat intelligence and enable it to happen regularly in the cybersecurity industry, then we can start to make progress against the cyber threats that plague us.
Author: Michael Daniel
CTA Webinar – The Cyber Threat Landscape: 2021 Was a Hell of a Ride – 2022 Isn’t Shaping Up Any Better
Join CTA and Radware as Neil, Daniel, and Pascal discuss the most [...]
Cultivating a Diverse Cybersecurity Workforce
Cyberattacks continue to increase in prevalence and impact and recent cyber incidents have brought a wake-up call that we must invest in training and hiring in the cybersecurity field. Because nearly every aspect of society depends on the digital infrastructure, cyberattacks are costly and extremely disruptive. We continue to rely on an inherently insecure internet […]
Incident Response Blog: Cyber Incidents in Ukraine
As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. [...]