With cyber attacks, data breaches and a host of exploits emerging every week, the security landscape is getting almost impossible to navigate. In order to survive, the good guys – organisations, cyber security experts and law enforcement – must work together, sharing threat intelligence and details of successful breaches and defences.
Earlier this year, Ponemon Institute polled organisations about threat intelligence sharing, and found the five most commonly cited benefits.
5. It fosters collaboration among peers and industry groups (32%)
Everyone involved in cyber security is trying to uncover the most dangerous vulnerabilities facing organisations. Although no one will have all the answers, there is a lot of help out there spread among different sources. By pooling their knowledge, organisations and industry experts can spot emerging threats faster and find more effective solutions.
4. It enhances the timeline of incident response (57%)
Cyber security is largely about preparation and planning, which is why incident response management is so crucial. It helps organisations respond to breaches by laying out ways to mitigate the damage of an attack and return to business as usual.
Incident response plans are built upon experience – knowing how attacks unfold and what should, and shouldn’t, be done to deal with them. An organisation that works in isolation will only have the experience of threats it has already faced. But by sharing information, organisations don’t have to wait until they are already hit to gain crucial knowledge.
3. It reduces the cost of detecting and preventing data breaches (58%)
The cost of detection, prevention and response is directly tied to how quickly an organisation reacts to a security incident. A 2017 Ponemon study found that, for breaches identified within 100 days, the average cost was about £2.10 million, but for breaches that took longer to identify, the average cost rose to £2.87 million.
It found a similar correlation in terms of containing a breach. Incidents that took less than 30 days to contain had an average cost of £2.12 million, but this rose to £2.83 million for incidents that took longer to contain.
2. It improves the effectiveness of the incident response plan (72%)
Threat sharing allows you to not only respond to incidents more promptly but also more thoroughly. The recovery process will generally be smoother, as organisations will have a better idea of what works and what doesn’t. It might also mean that organisations can prepare for a wider set of incidents. For example, an organisation might not have realised that a certain threat posed such a big problem until it received word of a disruptive incident at another organisation.
1. It improves the security posture of an organisation (77%)
This is a broad acknowledgement of all the points made above. Each benefit will improve organisations’ security postures somewhat, but the end result is greater than the sum of its parts. Threat sharing doesn’t only foster collaboration, improve incident response and save organisations money – it does all of those things.
If you weren’t already convinced that threat intelligence sharing is an important part of cyber security, you should know that the EU actively encourages it to help organisations comply with the Network and Information Systems (NIS) Regulations 2018.
The NIS Regulations state that operators of essential services (OES) and digital service providers (DSPs) must:
- Implement appropriate technical and organisational measures to secure their network and information systems;
- Account for the latest developments and consider the security risks in their systems;
- Take appropriate measures to ensure service continuity in the event of security incidents; and
- Promptly notify the relevant supervisory authority of any significant security incident.