As security and intelligence professionals, it’s our duty to help protect our organizations and our communities from the countless threats and adversaries they face.
Throughout my career in security and intelligence, I’ve come to recognize that information sharing is, in many ways, like activities like exercise or flossing. We all know we should be doing it—regularly, properly, and with expert guidance, that is—but many of us don’t. Concerns over trust, privacy, and sometimes even value continue to limit or prevent many organizations from sharing information, yet these concerns—although legitimate—are not insurmountable.
As both an administrator and member of FPCollab, several ISACs, and various private communities, I’ve experienced firsthand that when conducted effectively, collaboratively, and securely, information sharing can be immensely beneficial. Here’s why your organization should be doing it:
Exposure to greater insights and expertise can enhance your capabilities
Sharing information with organizations and teams outside of your own automatically exposes you to greater resources and expertise. For example, let’s say your organization has recently expanded its transactional lines of business and in response, faces a rapid uptick in fraud. The problem is, your anti-fraud team doesn’t yet possess the skills or manpower required to combat the volume and complexity of fraudulent schemes targeting your organization. But by sharing information and collaborating with other organizations—particularly those with well-established and capable anti-fraud teams—your team can gain more visibility into emerging schemes, determine which anti-fraud controls are best suited for your organization, and learn more about mitigating fraud losses effectively.
Collaborating across business units and sectors can help you address more use cases
Given the complexity of many of the threats from which we’ve been tasked with protecting our organizations, it has become increasingly clear that establishing effective defenses require us to broaden how we approach and integrate intelligence. In other words, threats that originate on the Internet are no longer a concern for just cybersecurity teams—they can and do impact all business units across the enterprise. By collaborating with organizations and teams across other sectors and business units, you can learn to apply intelligence more broadly to address a wider array of use cases.
For example, let’s say an intelligence analyst at your organization is monitoring a Deep & Dark Web forum and observes an adversary who appears to be seeking to physically harm your CEO. Given that your team’s role is primarily cybersecurity, however, you’re unsure how to address the situation. Who is the adversary? Where are they located? Are their claims credible? How can you protect your CEO? In such a scenario, working with the physical security and executive protection teams at your and other organizations can provide greater insight into the physical threat landscape, help you to better assess the adversary’s claims, and enable all parties involved to mitigate the CEO’s physical security risk.
Sharing experiences can enhance the safety and security of the broader community
Most, if not all, of us have been through the stressful experience of seeing a previously-unknown threat or vulnerability manifest itself in a “worst case scenario.” Despite our best efforts, we can’t prevent every incident. What we can do, however, is leverage our collective expertise and experiences to help one another develop stronger defenses and more effectively mitigate the risks we face.
More specifically, let’s say that an employee at your organization becomes ensnared in a business email compromise (BEC) scheme. Thanks to a socially-engineered spoofed email, your employee was persuaded to wire a substantial sum of the company’s money—for what he or she believed was a legitimate purpose—to an adversary’s bank account. While nobody wants to admit that their organization has become the latest victim of a scheme like this, it’s the right thing to do. When it comes to BEC, sharing information pertaining to the language of the spoofed email, the address from which it was sent, the title and department of the targeted employee, and any other observables can enable other organizations to proactively monitor for similar schemes and bolster security awareness among their own employees.
As security and intelligence professionals, it’s our duty to help protect our organizations and our communities from the countless threats and adversaries they face. Above all else, we know that effective defenses and mitigation tactics require continual adjustments and abundant effort, as well as collaborative, trusted information sharing. After all, much like exercise and flossing—the exhaustive (and often exhausting) work that we and our teams do provides immense benefits that make it more than worth it.