To share or not to share, a question of risk and intelligence

Opinion by Dan Raywood

A recent blog by Forrester's Reineke Reitsma claimed that vendors are looking for ways to increase the level of engagement with clients and to make 'it easier for clients to process their data and make it visually more interesting — and hopefully easier to use'.

A recent blog by Forrester's Reineke Reitsma claimed that vendors are looking for ways to increase the level of engagement with clients and to make ‘it easier for clients to process their data and make it visually more interesting — and hopefully easier to use'.

She said: “However, not many vendors think further than their own set of data. When questioned, they mention that their systems don't allow for third-party data. Yes, it's possible to link to internal CRM systems, but that's about as far as things go."

This led me back to some recent comments in various interviews I have done about the congregation of data, and more specifically how it is shared between organisations. This could mean many things, such as vendors sharing signatures and detections, or even between IT teams of threats.

The recent announcement of the launch of the Global Risk Register community and network tool that is intended to share data, knowledge and experiences, is being led by and for risk and security managers. So if they are doing it, and are given a portal, why doesn't everyone else?

However sharing information poses a concern when it comes to admission of incidents, or even the confession of being hit and the possible negative repercussions of sharing such information.

Looking at an Adobe security alert, it read: “Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available.”

Confirming this was James Lyne, senior technologist at Sophos, who recently told me that there is data sharing between anti-virus vendors and that does allow for greater protection for customers from emerging threats.

Also speaking from a vendor perspective was Dominic Storey, technical director of open source champion Sourcefire. Following its launch of the Razorback technology, which pulls in capabilities from other anti-virus engines, Storey said: “(Sharing) is the Sourcefire approach. Look at Snort, everything about that is on enabling and sharing. We have Snort and different vendors who integrate Snort into their products, it is a practical and pragmatic way of doing things. Where would people be without sharing?”

A recent Verizon Business report contained opinion on sharing incident information. It said: “An organisation's ability to fully protect itself is based on the information available to do so. Verizon believes the availability and sharing of information are crucial in the fight against cyber crime.”

On the other side are the businesses and sharing intelligence and experience can have its negative points also. David Jevans, CEO at Ironkey, said that the Anti-Phishing Working Group (APWG), of which he is chairman, put together a database of malicious links, as vendors do not want arbitration, but will do data correlation. “There is some amount of data sharing, no one really understands or is afraid of sharing data as they are worried about who is trying to get in,” he said.

“People are too afraid of getting things stolen and getting in the press. Also who operates the clearing house, department of Homeland Security? We run a centre at APWG for phishing, but so much more could be done.

“The next one is cross-border, how do you get information to the authorities that way? People are trying to break into government sites to turn off the infrastructure. You have got to want information to be shared, people want to share what the vulnerabilities are, and if the bad guys get a feed of the information.”

Mary Landesman, senior security researcher at Cisco, said that ultimately companies are reluctant to talk about attacks that they might be encountering, so there is not always that wealth of information available or that sharing around the most serious threats.

“One of the most important trend changers from a security researcher's standpoint is that there is more public acknowledgement and as a result, more awareness that corporations are under attack or that there is data siphoning going on and there is these issues, but even if individual companies are not coming out and discussing their particular cases there is enough awareness that it is sparking dialogue, and that is driving collaboration. The first stop to solving any problem is awareness,” she said.

In a recent conversation with SC Magazine, David Divitt, risk solutions consultant at ACI Worldwide called for a closer working relationship between security and fraud monitoring departments to protect customers – effectively sharing within a company.

He said that there would be a lot of benefit for customers if systems were integrated so suspicious activity on an account could be confirmed sooner, and said that there is 'nothing better than sharing data'.

Asked if the reason data is not shared, even internally, is down to fear, he said: “There is an element of that, but that is an antiquated view of your competitor. Everyone is doing the same level of it, but the real fear is that you don't want to get hit by the regulator.”

In a world where we share personal information, experiences and interests freely outside of work, it could be that sharing data is the next logical step within and across businesses.

However it is not that simple, as what could work and be so functional in practise requires a middleman and a huge degree of trust. While they may exist, getting them to be taken seriously in the workplace is probably a long way off realisation.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events