The U.S. government has long emphasized the sharing of intelligence between the private and public sectors as a critical step in protecting everyone from sophisticated cyber security threats. Its recent formation of the Cyber Threat Intelligence Integration Center was another milestone in its efforts to streamline intelligence gathering and utilization, at a time when security data is abundant yet optimal usage of it is in short supply.
To get a sense of the stakes for such precise coordination on cyber security, consider the string of incidents over the last year plus affecting organizations from the United States Post Office to Sony Pictures. Several Trend Micro executives recently chronicled this rise in targeted attacks during sessions at IBM InterConnect 2015 in Las Vegas, pointing to the need for custom “360-degree” defenses built on monitoring and discovery.
Rethinking cyber security tools and processes for today’s challenges
Right now, there is widespread perception among IT professionals that their organizations are particularly vulnerable to intrusion. A 2015 survey of 678 government and private sector IT experts discovered that three-fourths saw growing severity of cyber attacks, while 68 percent reported greater frequency of these incidents.
The most concerning details of the report, however, may be that as many or more teams relied on logical deductions (32 percent of respondents) and intuition (35 percent) than actual security intelligence (also 32 percent). Moreover, budget resources were in many instances under-allocated to critical areas such as employee awareness of security responsibilities.
Corporations as well as government agencies need to recalibrate their approaches to cyber defense and optimize them for the tough current environment. At the White House’s recent cyber security summit in Silicon Valley, President Obama noted that 100 million individuals and businesses were affected by online fraud in 2014 and that government-specific threats had increased fivefold between 2009 and 2014.
He also referred to the cyber landscape as “the wild, wild West,” raising the question of how it could be tamed. Information sharing via mechanisms such as the CTIIC is a start, although such collaboration is not sufficient for dealing with advanced persistent threats and similar issues.
“We’re not going to solve all of the really sophisticated actors or defeat all the advanced persistent threats just by increasing information sharing,” J. Michael Daniel, cyber security coordinator for the White House, told eWEEK. “But we have seen industries that have increased their information sharing – such as in the financial services industry – and that does make a meaningful difference in being able to cut out a lot of the low-level attacks and intrusions.”
Building upon information sharing with technical solutions
The CTIIC will be tasked with gathering data in a single location and then subjecting it to analysis. Ideally, this process will enable early detection and remediation of potential threats such as the ones that ultimately enabled the breach of Sony Pictures.
At the same time, information sharing will need to be supplemented with additional measures, as Daniel noted in his remarks to eWEEK. Solutions for network security and deep discovery, for example, can help firms become more proactive about security. Real-time analytics, custom sandboxing and integration with email and endpoints are all cutting-edge ways for enterprise CIOs and their teams to stay on top of a multitude of possible attacks.
The formation of the CTIIC is an important moment in cyber security history, but plenty of work remains to be done. Enterprises have to maintain their traditional antivirus and firewall-based defenses while thinking ahead about better sharing practices and sophisticated technical tools.