Cyberattacks are inevitable in today’s modern digital world. As cyberattacks grow in scale and sophistication, private and public sector entities are recognizing the need for a system to proactively share threat intelligence information: a global collective defense.
The number of data breaches in 2021 surpassed those of 2020 by 17% , resulting in a record-breaking year of data compromises. Much of this can be attributed to the rise in ransomware attacks, with global attack volume increasing 151% year-over-year. No industry or type of organization is immune to attacks from sophisticated nation-state actors and organized cybercrime organizations, which creates the imperative for a united approach to solving the overwhelming cybersecurity threat.
A global collective defense would enable cross-company and cross-sector threat information sharing, an effort that would allow companies to easily turn data into actionable insights. This approach requires collaboration between organizations via threat intelligence sharing and coordinated threat response actions against the most critical threats. Organizations, both internally and externally, will work together across industries to defend against targeted cyber threats.
The Foundation Is Set
Fortunately, much has been done to set the ball in motion and we are continuously moving in the right direction. In early 2021, President Biden issued an executive order with one of the main calls to action being to “remove barriers to threat information sharing between government and the private sector.” The order calls for significant changes to modernize cyber defenses and efforts to improve threat intelligence information sharing among both the private and public sectors to bolster defenses, protect federal networks, and strengthen the collective nation’s ability to respond to incidents when they occur.
In August 2021, the Cybersecurity and Infrastructure Security Agency (CISA) established the Joint Cyber Defense Collaborative (JCDC), now a key focus of newly appointed CISA Director Jen Easterly. The JCDC aims to “bring together public and private sector entities to unify deliberate and crisis action planning while coordinating the integrated education of these plans. The agency promotes national resilience by coordinating actions to identify, protect against, detect, and respond to malicious cyber activity targeting US critical infrastructure and national interests.”
Furthermore, there are currently several well-established cybersecurity intelligence sharing communities in existence, including Information Sharing and Analysis Centers (ISAC), Information Sharing and Analysis Organizations (ISAO), private companies, trust groups, and much more.
Infrastructure for Sharing
The infrastructure for these organizations has existed since the Financial Services Information Sharing and Analysis Center (FS-ISAC) was instituted in the 1990s. FS-ISAC has been particularly successful in its mission in recent months, as the number and sophistication of cyberattacks on financial institutions have escalated, causing competing banks to cooperate more than ever to combat attackers. In fact, the nonprofit’s platform has seen a 60% increase in activity over the past 12 months, with companies from 70 countries working together to analyze and identify patterns to successfully thwart attacks.
In the months and years to come, ISACs will grow in size and abundance as threat intel sharing becomes a priority for private and public sectors. Information sharing is still considered an altruistic act and requires a culture shift to get skeptics on board. As more businesses offer remote options for employees, it will become imperative for businesses to integrate intel sharing procedures into their company policies. With this, regional and industry-specific ISACs will continue to emerge as organizations realize the power intel sharing provides defenders. We also will see more inter-ISAC sharing taking place in the next year and beyond.
Global Defense Framework
By implementing threat intelligence solutions within a collective global defense framework, organizations can easily pivot to take a proactive stance to keep pace with the volume of security threats they face. SecOps teams require crucial visibility into their unique threat landscapes to protect their organizations from advanced attacks and allow teams to share their expertise easily.
Threat hunting teams must be able to share knowledge with threat intelligence teams who can then extrapolate emerging threats and patterns, which they can then share with security operation centers and incident response teams as actionable intelligence. These innovative platforms help connect all cybersecurity tools or data sources to deliver the visibility security operations teams need to work collaboratively and better protect their organizations from advanced attacks.
The combination of the right solutions, as well as these intelligence-sharing institutions, is critical to understanding cyber threats as they evolve and spread laterally. Furthermore, these steps foster collective defense across organizations globally and synchronize their strengths against the rapidly evolving and shape-shifting threat actors, enabling collective security collaboration, mitigation, and response across the digital infrastructure.