3 Reasons Cybersecurity Information Sharing Won’t Help Your Company

By Eric Noonan • January 14, 2015

In the wake of the Sony attack and tens of millions of cases of consumer credit card and personal information being compromised the White House is championing legislative proposals to help address the challenge of cybersecurity.  At the heart of the proposal, and many before this one is “Enabling Cybersecurity Information Sharing” which “promotes better cybersecurity information sharing between the private sector and government, and it enhances collaboration and information sharing amongst the private sector.” So, will better information sharing help the vast majority of companies prevent, detect or respond to cyberattacks? Probably not and here are 3 reasons why:

1. No Tools…

The vast majority of companies say under twenty billion in annual revenue, are not equipped to analyze and act on cyber threat data because they have not been resourced for the mission. Actionable intelligence is only useful if the company you provide it to has made the right investments to take appropriate action.

IP addresses, signatures, filenames, MD5 hashes and other actionable cybersecurity intelligence are mostly interesting but irrelevant if you don’t have a person, process, and technology to take the appropriate action. Handing off this kind of intelligence to an organization who has not made the appropriate Security information and event management (SIEM), Intrusion detection system (IDS), or similar investment will only serve to further exacerbate the problem.

2. You’ve Got Tools…

But not enough people to support them and certainly not any documented, repeatable, or ideally automated process to optimize them. This is where the vast majority of organizations find themselves, tool heavy and people and process starved. Sharing threat information with a tool heavy organization will further overwhelm the less than ten security professionals that typically try and deliver security for multinational corporations of twenty billion or less. Yes, less than ten full-timers delivering security is the norm so throwing tools at the problem is not the answer either.

Many readers can remember when you bought a Data Loss Prevention (DLP) tool in response to an internal audit and then another tool in response to something else and so the tool tree grew but few can probably remember resourcing the people and processes to support those tools.

3. No business plan for security…

Be as proactive as you can probably be in security and do an assessment of your entire security organization and its capabilities. This assessment will serve as your business plan for security and facilitate a conversation with your board that educates and informs.

Security assessments are like home inspections in that they give you an expert view of red flags, watch items and things that are in good shape for now. Without a comprehensive assessment and corresponding plan of action to address the findings you’re likely to have more tools than people to support them and when the FBI comes knocking with actionable intelligence you will be in the unenviable position of asking the government for help it likely can’t provide.

Cybersheath Blog

CMMC Compliance Dashboard: Gain New Visibility into Compliance

CMMC is not a compliance framework. It’s a maturity model. That has big implications for how you approach compliance, but also how you keep track of all the elements that make up compliance. And yet, visibility has been one of the most difficult challenges facing DIB contractors. It used to…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

How to Offboard Your Managed Services Provider

For any of a variety of reasons including lack of communication, slow response times, or prolonged downtime, your organization has decided to change your managed service provider (MSP). Whether you have already signed an agreement with a new MSP or you are actively looking for a replacement, now is the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft