Several years ago, I was lucky enough to organize an informal, but invaluable, information exchange between some high-powered cybersecurity professionals at the RSA Conference in San Francisco to talk about current and future threat actors worldwide.
The group included cybersecurity pros from two prominent banks, two large retailers, and several security workers from the managed service provider (MSP) community, all of whom were really accomplished at studying the methods of their cyber adversaries. The discussion gave me a clear glimpse into best practices that the industry is still implementing today, but more importantly it taught me the importance that relationships and collaboration have for those in the cybersecurity space.
I noticed right away that most of the folks in my RSA group already knew each other and were already something of a community. As we discussed attack vectors, security controls, and the tactics, techniques and procedures used by attackers, I was amazed at how all of these erstwhile competitors could actually work so well together. When I asked them why they shared information so readily, one of the group replied, “Well, we’re all in this together, aren’t we?” Everyone in the room kind of grunted in approval, their heads nodding.
Lessons Learned: Information Sharing
They were right, of course. We are all in it together. The more closely we work with each other, share threat intelligence and best practices, the better off we’ll be in thwarting cyber-attacks and minimizing our risks and damage. And now CompTIA is hoping its members will feel the same way. We recently launched the CompTIA Information Sharing and Analysis Organization (ISAO), an initiative dedicated to providing cyber threat intelligence (CTI) to tech vendors, MSPs, solution providers, distributors, consultants and their customers. These days, it’s important to share info to help see where the next attack, or “hit” is coming from.
As I walked out of that RSA meeting, I couldn’t help but think how the IT industry needed a more formal way to share information to more people. All of our discussion that day in San Francisco was shared on a strictly informal basis. The discussion was very robust, peer-based, and very useful. But the information exchange wasn’t captured for future use. It wasn’t repeatable, scalable, or consistent. After all, RSA San Francisco is held only once a year. With hacks getting worse every day, I thought to myself, something needed to be done that helped everyone share information like this on a regular basis.
I couldn’t figure out why there wasn’t a way to formalize these kinds of conversations more often than at trade shows. Wouldn’t it be cool if something like this was done on a regular basis? Well, the cybersecurity industry is pretty smart, and had already set a few things in motion to help share information, includes ISAOs, groups of dedicated members that analyze and share information about today’s attackers and attack techniques.
If you’re involved in the business of technology and have customer and partner data that needs to be protected, an ISAO is a great way to get the information you need. CompTIA recently published a “What Is an ISAO?” document that answers several questions that people have asked about cyber threat intelligence, why threat feeds are important, how they work, and how members can benefit from sharing threat information. I encourage you to read further and take the steps necessary to ensure that you’re protecting your customers’ data the best you can. Enjoy!