McAffee recently released a report on the rise of cyber threat intelligence sharing and the value it brings. Cyber threat intelligence (CTI) is evidence-based knowledge of and existing or emerging complex threats and how to make informed decisions on how to respond appropriately. CTI provides the context around how the attack takes place, indicators of attack, the target, and potentially the identity and motivation of the attacker, giving users a bigger picture and higher level of understanding of the attack.
In 2015, McAffee reported that around 40% of security professionals were aware of CTI sharing initiatives but didn’t know much about them. 39% of professionals knew about them and used them, and 21% were not aware of any initiatives. Of those organizations participating in CTI sharing, 59% of them found it to be a very valuable asset to their company.
Many organizations face hurdles when it comes to actually sharing information. They are more likely to report malicious malware, but less likely to report file reputations. This is 45 the company policies will not allow them to do so or they don’t have enough information. A lot of people don’t realize when they share file reputations, personal and private information do not leave the network
There is still a lot of work to be done around CTI sharing, which will ultimately make it more attractive and useful for organizations. Establishing policies and standards around sharing is the most important step. There needs to be some sort of standardization around CTI sharing in order to get the most benefit from it. As CTI is currently industry agnostic, meaning there is no segmentation by industry so banking, healthcare, government, etc are all grouped together. Segmenting CTI by industry would truly benefit the practice and make it more user friendly. More organizations also need to be more informed on CTI sharing and how it can benefit them in order for it to be truly useful.