Sharing Threat Intelligence

Uploaded on 2023-04-26 in Directors Reports

Cyber Threat Intelligence Sharing

Directors Report: This article is exclusive to Premium Subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

As the Internet continues to expand and connect more devices than ever before. The number of connected devices is now over 10 billion and so the need for effective cyber threat intelligence sharing has never been greater. 

Cyber attacks have increased in frequency and sophistication, presenting significant challenges for organisations that must defend their data and systems from capable threat actors. 

These actors range from individual, autonomous attackers to well-resourced groups operating in a coordinated manner as part of a criminal enterprise or on behalf of a nation-state. 

Threat Actors

Threat actors can be persistent, motivated, and agile, and they use a variety of tactics, techniques, and procedures (TTPs) to compromise systems, disrupt services, commit financial fraud, and expose or steal intellectual property and other sensitive information. Given the risks these threats present, it is increasingly important that organisations share cyber threat information and use it to improve their security posture. 

Cyber threat information is any information that can help an organisation identify, assess, monitor, and respond to cyber threats. 

Examples of cyber threat information include indicators, which are system artifacts or observables associated with an attack, TTPs, security alerts, threat intelligence reports, and recommended security tool configurations. 
Most organisations already produce multiple types of cyber threat information that are available to share internally as part of their information technology and security operations efforts. 

Information Sharing

By exchanging cyber threat information within a sharing community, organisations can leverage the collective knowledge, experience, and capabilities of that sharing community to gain a more complete understanding of the threats the organisation may face. Using this knowledge, an organisation can make threat-informed decisions regarding defensive capabilities, threat detection techniques, and mitigation strategies. 

By correlating and analysing cyber threat information from multiple sources, an organisation can also enrich existing information and make it more actionable. 

This enrichment may be achieved by independently confirming the observations of other community members, and by improving the overall quality of the threat information through the reduction of ambiguity and errors. 
Organisations that receive threat information and subsequently use this information to remediate a threat confer a degree of protection to other organisations by impeding the threat’s ability to spread. Additionally, sharing of cyber threat information allows organisations to better detect campaigns that target particular industry sectors, business entities, or institutions. 

In today's interconnected world, a threat to one organisation can quickly become a threat to many others, making it essential for businesses and other organisations to share information and work together to stay safe online. Cyber threat information is any information that can help an organisation identify, assess, monitor, and respond to cyber threats. 

Cyber threat information includes indicators of compromise; tactics, techniques, and procedures used by threat actors; suggested actions to detect, contain, or prevent attacks; and the findings from the analyses of incidents. Organisations that share cyber threat information can improve their own security postures as well as those of other organisations. 

Cyber threat information sharing is the exchange of knowledge about threats, incidents, vulnerabilities, mitigations, leading practices, or tools relevant to a technology-based/technology-leveraged risk set. 

Such sharing is important; it encourages more connection and collaboration between entities (internally and externally), helping organisations to prevent cyberattacks. If a threat actor possessed the means and motivation, a cyber threat to one organisation logically may be considered a threat to another. 

Cyber Threat Intelligence

Cyber Threat Intelligence (CTI) sharing promises to be a new method to create situation awareness among sharing stakeholders. Moreover, it is seen as a necessity to survive current and future attacks by working proactively instead of only reactive. It may become obligatory for organisations to have a threat intelligence program being part of proactive cyber security and share their information. 

Stakeholders may be held responsible in the future for not sharing known threats that affected others and resulted in a breach. 

The core idea behind threat intelligence sharing is to create situation awareness among stakeholders through sharing information about the newest threats and vulnerabilities, and to swiftly implement the remedies. 
Benefits of Cyber Intelligence Sharing

One of the key benefits of cyber threat intelligence sharing is the ability to stay ahead of potential threats and CTI can aid stakeholders in making tactical decisions. By sharing information about known vulnerabilities and attacks, we can take proactive measures to protect ourselves and our systems. This can help prevent costly downtime and damage to our company's reputation.

Another important aspect is the ability to respond quickly to emerging threats. By sharing information about ongoing attacks, we can deploy counter-measures to protect ourselves and our systems in a matter of minutes. This can help minimise the impact of an attack and prevent further damage.

What can effectively turn the cyber security tables is cyber threat and protection intelligence sharing and this should be used to enable effective security collaboration between internal security teams and external partners and for a clear training and understanding to be frequently explained to your general staff and management.

Cyber threat information sharing is the exchange of knowledge about threats, incidents, vulnerabilities, mitigations, leading practices, or tools relevant to a technology-based/technology-leveraged risk set. 

Threat intelligence is evidence-based knowledge, including contexts, mechanisms, indicators, implications and actionable advices, about existing cyber attacks or emerging cyber threats that can be used to understand the threats that have, will, or are currently targeting an organisation.  The primary purpose of threat intelligence is helping organisations to perceive the risks of the foremost common and severe external threats, like zero-day threats, advanced persistent threats and exploits, and thus allowing them to make inform decisions regarding the response to those threats. 

Going beyond IP addresses, hashes, and other threat data, threat intelligence provides critical context around a threat activity, including indicators of compromise (IoC), indicators of attack (IoA), the tactics employed, and, potentially, the motivation and identity of the adversary. 

Threat intelligence can help analysing risks, allocating resources, and understanding threats relevant to one’s own organisation, industry and geography. 

Sharing Cyber Intelligence Is Important 

  • It encourages more connection and collaboration between entities (internally and externally), helping organisations to prevent cyberattacks. 
  • If a threat actor possessed the means and motivation, a cyber threat to one organisation logically may be considered a threat to another.
  • Today, numerous teams within an organisation rely on cyber threat intelligence sharing to prioritise and manage enterprise risk. 
  • Depending on the operational needs and level of expertise, the threat intelligence is relayed to each team to help discover blind spots and make better security decisions while gaining a complete understanding of the evolving threat landscape. 

When the right intelligence is disseminated to the right kind of audience, it boosts the overall situational awareness and facilitates the organisation to have a better defense system needed for thwarting emerging threats. In an era where threat actors are becoming equipped to launch sophisticated cyber-attacks, it is essential for organisations to share threat intel and leverage sharing communities’ collective knowledge to improve the overall security posture. 

With detailed and contextualised threat intelligence at hand, organisations, vendors, clients, and other industry peers can proactively implement adequate defensive measures in real time.

Sharing information and intelligence can contribute to an organisation’s cyber threat awareness, insights into the activity directly affecting a peer organisation’s network, ability to understand what is affecting a given sector or geography, how a threat manifests/operates, and what can be done to defend against it.

By exchanging cyber threat information, organisations can improve:

  • Awareness of current cyber threats affecting various sectors.
  • Understanding of attackers’ tactics, techniques, and procedures.
  • Acquisition of information that would otherwise be unavailable/inefficiently available through public sources or security vendor reporting.
  • Decision-making regarding technology, controls, and resources allocation and escalation.
  • Mitigation and responses prior to an actual event.
  • Detection capabilities on networks.

While the scope of cyber threat intelligence information sharing is broad, there exists an agreed-upon set of principles and guidelines. These guidelines have been tested by professionals for a number of years. Adhering to them will assist stakeholders to create, participate in, and derive value from cyber threat intelligence sharing arrangements.

Organisation Should Share Cyber Threat Data

Collective defence is a fundamental reason for sharing information. Regular and committed cyber threat information sharing significantly assists organisations mutually to pre-empt, prevent, detect, and respond to serious cyber incidents and threats, while improving the preparedness and resilience of the wider ecosystem.

Awareness of the various threats that affect other organisations allows better use of internal resources and capabilities. For example, if threat actors are using similar penetration techniques, a participant can review their own systems to make sure appropriate safeguards are in place. 

Additionally, data, services, or resources held by one company are sometimes ubiquitous. A threat actor targeting sensitive financial data with the goal of selling the information would find similar information in more than one bank. For example, threat actors may attempt to abuse the Payment Messaging Systems in any connected bank, assuming the threat actors had the capability to move within the network and operate the payment interface.

The importance of cyber threat intelligence sharing cannot be overstated. Large-scale problems can only be solved through collaboration and training of staff and management. 

The ability to quickly and effectively share information is essential for protecting against threats and keeping ourselves safe. Sharing is one of the most exciting aspects of threat intelligence, as organisations recognise that collaboration is crucial, and standards emerge to make it easier and faster to share information. Threat intelligence today is largely neither machine consumable nor widely shared. 
 

References: 

I-HLS:         Gov.UK:        NIST

Hacker News:     Recorded Future:

Concordia:        Open Access

You Might Also Read: 

2023 - Threat Intelligence Predictions:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Online Safety Bill UK: WhatsApp, Encryption & The Implications For Privacy
British Cyber Security Agency Issues An Alert »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ExaGrid Systems

ExaGrid Systems

ExaGrid provides Tiered Backup Storage with a unique disk-cache Landing Zone, long-term retention repository, and scale-out architecture.

CCN-CERT

CCN-CERT

CCN-CERT is the Spanish national government computer security incident response centre.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

Netsecurity AS

Netsecurity AS

Netsecurity is a Norwegian owned company focused and specialised within IT security and cybersecurity-as-a service.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

LeadingIT

LeadingIT

Leading IT provides IT support, cloud computing, email support, cybersecurity, networking and firewall services to Chicagoland businesses.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!