Information Sharing Communities – Defending Better Together
Cyber-crime is a disturbing reality today and global efforts to reduce crime continue to evolve, with some proving to be quite effective. Information sharing communities present one such approach.
Information Sharing and Analysis Centers (ISACs) are industry focused and have been promoting information sharing for many years. The increased interest in information sharing is well justified and the reason behind it really quite simple. Most organizations whether large or small are vulnerable to cyber-attacks, even though they may employ multiple layers of defenses. Threat actors may breach a network by exploiting one of a seemingly infinite number of vulnerabilities or by convincing someone to click on a link or open an attachment in a phishing attack. Sharing threat information among the members of a community is a great way to enhance the security posture by informing the community of new threats that are evading defenses. In other words, information sharing increases communities’ knowledge and enables them to implement security strategies against new threats based on the gathered information.
In recent years, IBM has participated in information sharing communities and, in some cases, has established information sharing communities for customers or partners based on IBM’s Security and Enterprise Intelligence Management solution. Such an information sharing community is now being formed within the Charter of Trust on the basis of the Charter’s Principle 8 “Transparency and Response”.
These communities, whether public or private sector, large enterprises or small businesses, share relevant threat information to bolster the cyber defenses for the members of the community. The shared information may include but is not limited to malicious domains, threat reports, phishing samples, malware samples, malware hashes or IP addresses used by known threat actors. This information, when shared by a trusted member of the community, may provide the key piece of information that prevents a ransomware or destructive attack, which evades defenses and brings a company’s operations to a grinding halt.
In the Charter of Trust, our ambition is to put in place proven, appropriate policies and mechanisms to share threat information across the different industry sectors where partners are active; chip manufactures, end users, industrial systems, IT, cloud services, and certification organisations.
Carlos Carrillo, Global Threat Intelligence Liaison @ IBM Security and participant in the Charter of Trust Principle 8 Task Force
