3 Reasons Cybersecurity Information Sharing Won’t Help Your Company

By Eric Noonan • January 14, 2015

In the wake of the Sony attack and tens of millions of cases of consumer credit card and personal information being compromised the White House is championing legislative proposals to help address the challenge of cybersecurity.  At the heart of the proposal, and many before this one is “Enabling Cybersecurity Information Sharing” which “promotes better cybersecurity information sharing between the private sector and government, and it enhances collaboration and information sharing amongst the private sector.” So, will better information sharing help the vast majority of companies prevent, detect or respond to cyberattacks? Probably not and here are 3 reasons why:

1. No Tools…

The vast majority of companies say under twenty billion in annual revenue, are not equipped to analyze and act on cyber threat data because they have not been resourced for the mission. Actionable intelligence is only useful if the company you provide it to has made the right investments to take appropriate action.

IP addresses, signatures, filenames, MD5 hashes and other actionable cybersecurity intelligence are mostly interesting but irrelevant if you don’t have a person, process, and technology to take the appropriate action. Handing off this kind of intelligence to an organization who has not made the appropriate Security information and event management (SIEM), Intrusion detection system (IDS), or similar investment will only serve to further exacerbate the problem.

2. You’ve Got Tools…

But not enough people to support them and certainly not any documented, repeatable, or ideally automated process to optimize them. This is where the vast majority of organizations find themselves, tool heavy and people and process starved. Sharing threat information with a tool heavy organization will further overwhelm the less than ten security professionals that typically try and deliver security for multinational corporations of twenty billion or less. Yes, less than ten full-timers delivering security is the norm so throwing tools at the problem is not the answer either.

Many readers can remember when you bought a Data Loss Prevention (DLP) tool in response to an internal audit and then another tool in response to something else and so the tool tree grew but few can probably remember resourcing the people and processes to support those tools.

3. No business plan for security…

Be as proactive as you can probably be in security and do an assessment of your entire security organization and its capabilities. This assessment will serve as your business plan for security and facilitate a conversation with your board that educates and informs.

Security assessments are like home inspections in that they give you an expert view of red flags, watch items and things that are in good shape for now. Without a comprehensive assessment and corresponding plan of action to address the findings you’re likely to have more tools than people to support them and when the FBI comes knocking with actionable intelligence you will be in the unenviable position of asking the government for help it likely can’t provide.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO