In a world where data provides companies with a competitive advantage, sharing it amongst other businesses, especially in the same industry, may seem counterproductive. However, in cybersecurity, where every company is a potential target for threat actors and organisations are increasingly interconnected through supply chains, sharing information can significantly enhance a company’s security posture and overall resilience.
Additionally, having a sounding board of like-minded CISOs to collaborate with can help alleviate some of the stress associated with the role. With the insights gathered from this network, CISOs can focus on critical issues that need attention. This threat intelligence sharing empowers CISOs to take a proactive approach to threat prevention, enhance cyber resilience, and reduce stress in several ways.
A United Front Against Cyber Attacks
Cyberattacks are becoming increasingly sophisticated and frequent across industries and regions. As the threat of malware, ransomware, phishing and data breaches become more novel and frequent, CISOs should lean onto each other and create a united front.
This is achieved by sharing information about these attacks to provide an early warning to the CISO community. More so, CISOs should provide insight into emerging tactics and techniques that are coming through to help others recognise threats in good time.
This is particularly valuable given the number of cyberattacks that companies must withstand daily. Sharing information helps CISOs to understand the scale and scope of threats targeting their industry or region and allows for better planning and prioritisation based on real insights.
Waiting in the Wings, Poised and Ready
Being unprepared for a breach is a costly exercise. According to the IBM Cost of a Data Breach Report 2024, the cost savings associated with a faster response time of under 30 days is over $1 million compared to those organisations that take longer.
Threat information sharing networks can act as early warning systems, providing timely alerts about attacks that have recently happened and thereby helping CISOs prepare for an attack. With this knowledge, CISOs can strengthen their defences, minimise response times and prevent similar attacks from happening to their organizations.
In the event of an attack, shared intelligence provides valuable context that helps broader security teams understand the nature, scope, and impact of the attack and be poised and ready to respond.
The Strength of a Trusted Community
Facing constant threats alone is a stressful, time-consuming job that can leave CISOs feeling vulnerable, uncertain and can ultimately lead to burnout. To help overcome this, CISOs benefit from sharing this responsibility in a community-driven environment where threat information sharing helps each CISO learn from other’s experiences and thereby creates a stronger defence posture.
To maximise value, intelligence sharing should ideally occur within specific industries, such as banking and financial services or retail, since different industries often face unique threats.
When establishing these communities, it is critical to ensure that they are private and include only vetted professionals who can share threat intelligence to create a collective defence. If individuals are not properly vetted, there may be risks associated with openly sharing information within the community.
Combining the Power of Technology
In addition to fostering community engagement, technology should play a role in preventing attacks. For example, Artificial Intelligence (AI) and Machine Learning (ML) are gaining attention as powerful, effective tools for automating the collection, analysis and dissemination of threat intelligence within the CISO community.
CISOs need to gain actionable insights that security teams can readily use to ward off threats. This is achieved by combining insights gathered using technology and enriching it with context from sources such as logs, feeds and vulnerable data to aid in effective decision making. For example, AI and ML are being used to successfully identify emerging malware, understand the attacker’s tactics, techniques and procedures (TTPs) and accelerate threat hunting and incident response.
By combining technologies and sharing threat intelligence securely and efficiently, CISOs can effectively address cyber threats through collaboration. This not only enhances the resilience of the organisations they protect but also helps reduce stress and improve their mental resilience by sharing the invisible load of having to always be alert and prepared for the next attack.
Chris has over 15 years of experience in Information Security, beginning with serving as Battalion Information Systems Coordinator during his time in the Marine Corps, and including leadership positions at Sourcefire, Fidelis Cybersecurity and Webroot.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.