Blog , 18 Dec 2019

The Future of Cybersecurity Should Include Better Sharing of Threat Intelligence

Tobias Knecht,

Founder and CEO, Abusix

The Wild West was a lawless period on the American frontier. This does not mean that everyone was engaged in criminal activity; most settlers brought with them a concept of the difference between legal and illegal acts as well as an understanding of the difference between right and wrong. Instead, the new territories and states often passed through a period during which they were literally lawless except for a handful of federal statutes and perhaps local laws enacted by towns that were valid only within the boundaries of the town. Territorial and state legislatures took time to establish, and even after they were formed, it took more time to write and pass laws. In the meantime, cities and counties were busy enacting laws that often contradicted those passed by other towns and counties, and these laws sometimes contradicted the state or territorial laws that were eventually enacted. Law enforcement was hampered by jurisdictional disputes; what was illegal in one town might not be illegal in another town within the same county. Furthermore, there was virtually no sharing of information between jurisdictions. Although wanted posters were sometimes created, they were seldom distributed beyond the county in which a crime occurred or adjacent counties. Many criminals could remain anonymous by simply relocating to another part of the state or territory and adopting a new name.

Numerous parallels can be drawn between the Wild West and the early days of the internet. Initially, laws covering the new technology were few, but most nations and states immediately began to enact legislation to address cybercrimes. However, there is still a great disparity between the laws of different countries, and jurisdictional issues are still being debated. Although it has become more difficult for cybercriminals to remain truly anonymous, it is still possible for bad actors to conceal their identities or even their general location. Unfortunately, there is still far too little sharing of threat intelligence, and the sharing is often too late to provide any meaningful help.

Even today, most sharing uses the hub-and-spoke model. This means that information is shared, but there is no one on the other side to take action to remedy the issue. The inevitable gaps left by this approach can allow bad actors to execute a plan before quickly pivoting to a new target or method of attack. By contrast, a peer-to-peer sharing model allows an entity to see, report, and share a problem that is happening on another entity, giving the other entity the intelligence needed to take action and stop the problem.

Not every enterprise has the resources to accumulate and dissect every potential threat. Near real-time sharing can give them the intelligence they need to mitigate targeted attacks or block emerging threats. Threat intelligence can help prevent unwelcome surprises and reduce uncertainty for those who must make decisions on cybersecurity issues.

It is important to remember what the concept of sharing encompasses. Intelligence should flow in both directions, and information should be shared as soon as it is received. Trust between partners must be built and nurtured, and collaborators must be willing to exchange information freely. Turf wars between departments or agencies must be eliminated; cybercrime affects everyone, and a united front is the best way to defeat the criminals. In a sense, cybersecurity professionals need to take a hint from their adversaries. Cybercriminals have already learned how to collaborate with others. They communicate with each other through chatrooms and forums to share intelligence and coordinate attacks. They know that the more intelligence they can accumulate, the greater their chances of success will be. This is one lesson that defenders cannot afford to ignore.

Abusix can provide what you need for reliable, quick detection and remediation of your cybersecurity issues. To learn more, contact us via the form below.

Share
Linkedin Icon Twitter Icon Facebook Icon E-mal Icon
Get in touch

Talk to us

Do you want to know more about our products and services?
Let us know, we are always happy to answer any questions you may have.

The quickest way to get in touch with the team is via our online chat feature at the bottom right of this page.

Alternatively, feel free to email us at info@abusix.com or send us a message via our form.