Sapsiwai - Fotolia

Guest Post

Changing the culture of information sharing for cybersecurity

Dan Young explains why it's time for the cybersecurity industry to come together regarding information sharing and how insurance providers, regulators and others could assist.

Information sharing is an incredibly effective weapon against cyberattacks and, for that matter, threats of all kinds. Often, it's a secret weapon, because we don't hear a lot about its successes, such as planned attacks that were nipped in the bud by counterterrorism units or law enforcement, or the regular achievements fostered by information sharing in the healthcare industry.

But too often, it's an underused weapon, left untapped when effective information sharing could have avoided a catastrophe.

A lot of the impact from the massive WannaCry ransomware attack in 2017, which crippled public and private organizations in more than 100 countries around the globe (including, to take just one example, shutting down Germany's national railway for two days), could have been prevented by better information sharing.

Aside from preventing cyber and kinetic attacks, information sharing is the lifeblood in a growing number of sectors. The healthcare industry relies heavily on sharing vital patient information on injuries, illnesses, allergies and medical procedures to provide the best possible care for patients. Often, the speed and comprehensiveness of information sharing can be a matter of life or death. The financial industry likewise could not function effectively without fast, reliable information sharing. And both industries, like practically every other, are vulnerable to cyberattacks.

Obstacles to openness

For all the obvious benefits of information sharing, however, organizations often fall short in disclosing data they have, for a number of reasons. This can result in cyberattacks and other calamities which may have widespread impacts that could be avoided with better, more open and efficient data sharing. To play off the famous quote about the weather: Everybody talks about information sharing, but not enough people are doing something about it.

Several barriers can stand in the way of better information sharing, perhaps the most common of which is fear. An organization may be reluctant to share information about a hack, for instance, for fear of shame or damage to its reputation in a fiercely competitive business. It may be wary of having violated regulations such as those of the U.S. Cybersecurity Act of 2015, the European GDPR, the Health Insurance Portability and Accountability Act or Federal Trade Commission rules, among others.

One example is the hack of the Malta Bank of Valletta, from which cyber criminals stole 13 million euros in February 2019, forcing the bank to shut down, affecting the country's economy. The bank initially shared only the basics about the attack, which had a ripple effect impacting other banks throughout Europe. Proper data sharing would have stopped the attack earlier. In other cases, smaller banks may be afraid to report an attack, which can result in attackers moving unimpeded to larger banks.

Even when organizations intend to share their information, they can run into roadblocks. At the beginning of the Iraq War, the Army ran into supply chain problems that left soldiers short of food and scrounging for other supplies. The biggest part of the problem was caused by communications delays, with units having to wait on recommendations from the U.S. Cyber Command, the Defense Department or the National Security Agency before securing funding and finding contractors who could meet the demand.

Changing the culture

Organizations looking to improve their information sharing should start by addressing the PPT problem: People, Processes and Things. People need to change their mindset from one of "me vs. them" to one of "us vs. them," recognizing the shared interests -- and benefits for everyone -- of sharing information. Processes need to be upgraded to eliminate ineffective regulations and policies that can cause disruptions and place unnecessary restrictions on data sharing. And organizations need to have the right tools (the "things," in this case) to share and make the best use of their data. They need to address all three levels of the problem, since each of the "pillars" in PPT affects the others.

Most of all, a cultural shift regarding information sharing must spread across a variety of industries. Not unlike the planet's environmental issue, people acknowledging the problem isn't enough, nor are partial or isolated solutions. A collective effort is required, beginning with a technology framework to address cyber threats and the challenges of effective information sharing. The MITRE ATT&CK globally accessible knowledge base of attack tactics and techniques is a good start. The YARA rules for identifying and classifying malware is another step in the right direction.

Information sharing also needs some kind of oversight, along with an incentive framework. At the moment, the only motivator for having robust cybersecurity and data sharing policies is the potential for fines if you don't have them. Insurance companies, for example, could offer discounts or preferential treatment to organizations actively participating in information sharing. Regulators could establish policies to reward companies that are proactive in sharing information, participating in an Information Sharing and Analysis Center or contributing to a threat intelligence sharing domain.

A cultural shift would help information sharing become a fundamental component in a host of vital industries, but it needs regulators, insurance providers and other entities that can offer incentives to make it a reality. The world can be a safer place for it.

About the author

Dan Young is a partner and CEO at QuoLab Technologies. With nearly 15 years of experience in digital forensics and incident response, Young helps drive the overall direction of his new company, QuoLab Technologies, a developer of a collaborative and threat-driven Security Operations Platform (SOP). Prior to QuoLab, Young was involved with the U.S. Department of Defense and United States Air Force in several digital forensics analyst positions. He is very passionate about bridging the gap between technological efficiency and human ingenuity, and firmly believes that our best way forward as an industry is to focus on collaboration and data sharing at all levels.

Next Steps

Transparency after a cyber attack: How much is too much?

Dig Deeper on Risk management