It’s tough to share threat intelligence with competitors, but in an era where attackers have time, money and resources on their side, going it alone is impossible.
That was the message this morning at Kaspersky’s annual Security Analyst Summit in Spain from John Lambert, head of the Microsoft’s threat intelligence centre.
“Modern defenders, they have a graph of things to protect,” he was quoted as saying. “They think about adversaries and their next move. They find trusted peers in the community, and understand the importance of learning from others and their practices. Pen-tests are diagnostics to successful defenders, not a report card. Pen-tests are input, with a goal of increasing attacker requirements.”
Lambert shared examples of changes Microsoft has made to core security and detection processes that have eventually made their way into patches and updates that have eliminated scores of zero-days.
“We are in a world where modern defenders are sharing about adversaries across geographies, industries and even within lines of competition,” Lambert said. “Threats are common things we all face. There’s no magical information-sharing thing. It’s a trust-based thing. You have to get to know people, you’re not trading with a vendor, you’re sharing with a person. It’s not a transactional relationship. You want to give them indicators because you want them to find more out there and it will help you down the line.”
This comes as the Canadian Council of Chief Executives and a group of major corporations are working on creating what is called the Canadian Cyber Threat Exchange for organizations who aren’t already sharing information as part of an industry-specific group.
Canada is a country of small and medium-sized businesses. It’s easy for big financial institutions, telcos and retailers to get together, but smaller organizations either don’t think about it or, if they do, share on a peer-to-peer basis. However, as I’ve written before, no organization is too small to be attacked, too small not to have some information worth pilfering.
The private sector has to do better at banding together to fight attackers.