Faced with a steady stream of cybersecurity breaches, information technology professionals are participating more in threat intelligence exchanges, a survey from the Ponemon Institute has found.
The report, which the institute released Wednesday, found that 47 percent of the 692 information technology professionals surveyed had experienced a material cybersecurity breach in the past two years. Though the majority of the respondents were in the private sector, cyberthreats are becoming increasingly problematic for government agencies in the U.S. — last month, Michigan Gov. Rick Snyder said his state government faces 2.5 million cyberattacks every day.
Intelligence sharing — whether through vendors, industry groups or peer-to-peer exchange networks — can help deal with those attacks. The majority of the respondents, 81 percent, already use threat intelligence in one way or another. Most say that such information could have helped when their organizations were breached.
But it appears that on top of simply consuming threat intelligence, more IT professionals are sharing the information they have with others. The percentage of participating IT professionals who exchange intelligence about cyberthreats through peer-to-peer networks grew from 57 percent last year to 65 percent this year. They also appear to be sharing more — according to the report, 42 percent of IT professionals said they provide intelligence and use it in equal proportion, while 35 percent said they mostly receive intelligence.
Despite the increased sharing of intelligence through peer-to-peer networks, the institute found that the number one source of information is still IT security vendors. According to the report, 61 percent of respondents said such vendors were a main source of threat intelligence, while 56 percent said peers in other companies were a main source of intelligence.
Intelligence reports come in a lot of forms. Sometimes they’re simple indicators of a security compromise, sometimes they’re malicious IP addresses or URLs, or perhaps they’re a warning about malware or a suspicious file.
But some barriers remain to both the sharing of intelligence information and the usefulness of that information, according to the report. One big hurdle is the “shelf life” of cybersecurity intelligence — in the fast-moving digital world, 60 percent of the survey participants said that intelligence loses its usefulness within minutes. Despite that, only 9 percent of respondents said they receive intelligence in real time or near real time. The plurality, 27 percent, only get an intelligence update once a week.
Many IT professionals also have a hard time trusting the information they receive. Of those who only partially participated in intelligence exchanges or abstained from them altogether, the number two reason for not fully participating was that they don’t trust the sources of the intelligence they receive.
But even more prominent than that was concerns over whether they could be held liable for sharing the information they have. For those who only partially participate in the exchanges, that was the No. 1 reason. For those abstaining, it was the third-most commonly given reason.
As potential solutions to those problems, the report authors concluded that establishing a widely used, trustworthy intermediary through which intelligence could be exchanged would be useful, as well as making that information available more quickly.
The Cybersecurity Information Sharing Act (CISA), a measure aimed at encouraging greater collaboration and information-sharing between government and the private sector on cybersecurity threats, passed the United States Senate last week, but it hasn't been without controversy. Privacy advocates are concerned that the bill doesn't adequately protect citizen data from government overreach. CISA has yet to be approved in the House of Representatives.