Power in Numbers
Cyber Threat Information Sharing
29 January 2021
A bank suffers a cyber-attack, which leads to 100,000 customer records being exposed, leaving the bank liable for potential customer losses, which could be as egregious as identity theft. This breach of information and trust will cost the bank a large sum of money, even if the organization has cyber insurance.
Two months earlier, a rival financial institution suffered a similar attack, which originated from the same IP address and leveraged the same vulnerability to carry out the attack. The information from this attack was never shared. If this first institution had reported their cyber team's discoveries regarding the attack, the second bank might not have suffered the same fate.
Cyber threat information sharing is an essential part of today's cybersecurity climate. The sharing of threat information helps organizations mitigate cyber-attacks based off data provided by other organizations, whether it be IP addresses, hashes, domains or any other indicator of compromise. Situations like the one described above can and should be avoided.
Many organizations are hesitant to share their cyber threat information. It could be because of embarrassment, cost, or fear of losing their competitive edge. After all, organizations want to come out on top within their sector. The following questions, statements and answers pertaining to cyber threat information sharing should ease the minds of most organizations.
Question: Sharing information regarding our latest data breach could shed light on some organizational inadequacies that need to be addressed. Why can't we fix our issues internally and not have them go public?
Answer: First, all data breaches should be reported to the proper authorities. Each province or region usually has their own privacy commissioner assigned to deal with data breaches. To address the concerns that the organization will look bad within their sector, the information can be shared anonymously, and restrictions can be put on how the recipients can use and further share the information provided.
Question: Why should I help my competitors by sharing cyber threat information? If they are breached, it's better for us.
Answer: In the end you are trying to help the consumer. The public deserves to have their data protected. Anything we can do as a community to help the public will benefit everyone. This time your competitor will benefit from your sharing, however next time it may be them that suffers the first attack, and you can benefit from them sharing with you.
Question: Isn't enabling a cyber threat information sharing program within our organization expensive? We do not have the money in the budget.
Answer: Yes, it sounds expensive and time-consuming, however it does not have to be. Joining an already established sharing community gets your foot in the door with minimal outlay of resources. Just remember that the more every member of the community participates and shares the more everyone gets out of it.
Cyber threat information sharing is becoming a cornerstone of cyber security and organizations should not be left behind. There is power in numbers. More organizations sharing information leads to fewer successful cyberattacks. All organizations deserve to have the tools to mitigate cyberattacks and small organizations might not have the resources to establish a proper cyber security team. It is in the best interest of all sectors to work together and protect each other. If that small business goes bankrupt due to a cyberattack, their money will no longer be in the bank's account. As a community we should always be doing what is best for the greater good within our communities.
Senior Threat Analyst
Chris Wilson is a Senior Threat Analyst within Intertek EWA-Canada and has been with the company for 5 years. Chris has been part of the Canadian Cyber Threat Exchange (CCTX) SOC team since its inception in 2016.