Information sharing is a key way that companies and governments can boost their cyber- defences. By developing strong ties with neighbours and strategic partners, a whole industry or nation can build up a clearer picture of the threats it faces, the tactics at work and the best way to mitigate those threats. It's a case of all for one and one for all.
As the tools deployed by cyber-criminals have become more powerful, attitudes towards information sharing have begun to change. Cyber-security has historically been seen as an individual pursuit, with companies cautiously guarding their knowledge, reticent to admit their weaknesses. But the growing realisation that every organisation is at high risk of being breached is pushing competitors and partners to work together. As the saying goes, the enemy of my enemy is my friend - and in the face of ransomware like NotPetya or Russian-backed phishing attacks, a united front is much preferable to division.
One thing complicating the state of play for Britain and Europe is Brexit. Concerns have been raised that the UK's participation in European military intelligence collaboration could be put at risk by the split, particularly in the case of a hard exit or ‘no deal' scenario. The negotiating position that the UK laid out in September includes plans to push for a new security treaty after Brexit – a clear indicator that continuing collaboration is up for debate. If we end up with a less open approach, it would impact cyber-defence strategies on both sides, reducing our understanding of what our opponents are up to.
Advanced persistent threats (APTs) aren't limited by national borders, so a more nationalistic approach to cyber-defence can only be a backwards step. Cyber-criminals don't care about your geopolitical alliances - and in the case of Russia's ongoing cyber-operations, a breakdown of collaboration between Western countries can only help them further their aims. An alliance divided against itself cannot stand.
Organisations that operate across the UK and Europe need to make sure they have a strong information-sharing framework in place ahead of March 2019 so that joint operations can withstand any change in national relationships. By participating in intelligence sharing communities and contributing to shared databases of threat information, organisations can help build in-depth intelligence to boost the accuracy of their defence. That way, when one organisation benefits, they all do.
Crowdsourcing and building community
To help overcome ensure that Brexit doesn't degrade pan-European intelligence efforts, organisations should also contribute to crowd-sourced cyber-security research. Crowd-sourcing means connecting and creating a community of similarly-trained, like-minded and trusted organisations to tackle a range of specific threats.
Organisations can build a strong community intelligence programme by making this crowd-sourced intelligence available through centralised platforms backed up by multiple information streams. Not only do these communities improve their chance of orchestrating an effective defence, they can also preserve cross-channel efforts to combat international cyber-attacks.
Information Sharing and Analysis Centres (ISACs) and Information Sharing and Analysis Organisations (ISAOs) are a good framework. A US initiative initially backed by the Obama administration, they present a basic model in which groups of organisations unite around a common need to collaborate on cyber-defence. Members decide on regulations to safeguard participants and create a formal framework for information sharing, including anonymity levels.
Clear goals and values are then set for the group - for example, it might specialise in determining ransomware capabilities and tactics, or focus on state-backed activity, depending on the industries concerned and their risk factors. ISAC and ISAO members can also access related security information from friendly analyst networks, broadening the range of information available.
Within this framework, collaboration can develop organically, opening the way for fruitful working relationships and a stronger web of defence intelligence, no matter which country the participants are located in. This model needs to be adopted more by UK businesses to drive the effectiveness of local security efforts.
A shared future
The future of the UK's relationship with the EU may be uncertain, but organisations' security doesn't have to be. The more you know about your enemies, the more targeted and effective your defence can be. And if organisations can share discoveries based on hacking attempts on their own network with others in their industry, there's a greater chance that the community as a whole can avoid falling prey to the next WannaCry.
As we approach the official UK exit date, organisations must take responsibility for their own security and proactively engage with information sharing efforts. A united effort will ultimately be more effective, equipping organisations to stand up against the increasingly powerful threats they face. Don't sit on your intelligence - share and share alike.
Contributed by Adam Vincent, CEO, ThreatConnect.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.