Updated: Apr 13
Information sharing among small businesses and individuals has been common for years now. Good rapport and trust can be built, which then, in turn, leads to a strong business partnership especially among peers of the same industry.
On a larger scale, government and industry groups are not as enthusiastic as individuals when it comes to sharing information. Larger communities, particularly those at the corporate level are often afraid of real and perceived liabilities of sharing information. This means sharing of information is often restricted, making it harder to achieve the benefits of information sharing.
They would rather be part of an industry-specific Information Sharing and Analysis Center (ISAC) or any government sharing group to minimize the information shared. The problem with this is that many of these organizations do not actually set up an internal program to identify the type of information their organization can and will share. They are focused more instead on receiving the information that others would give rather than sharing theirs. Sharing groups have guidelines, organizations can be obliged to share which could result in issues of quality.
The dilemma here is that as group membership grows, the trust begins to weaken, leading to organizations becoming uncomfortable in sharing information. They will then resort to share indicators with little to no context and often irrelevant information that brings nothing to the table. Because of this, interest will then fade because of the poor quality and quantity of the information received which can be very underwhelming.
In an ideal world, what’s supposed to happen is that large members of the community should be the one to share first so that eventually, the smaller companies will also share their contextual threat intelligence.
This, however, is not the case. IN most situations, smaller companies are the ones to share high-value information while the remainder of the community only acts as receivers. This, in turn, can lead to the crumbling of the sharing construct due to inequality.
In order to resolve this problem at hand, there is a need to break this cycle of low quality and quantity of information sharing. Suggestions on how information sharing could be done correctly and strengthen the information sharing initiatives could include the following:
Information Sharing and Consumption Programs Should be Established
Organizations should be educated on what they can share from both a legal and compliance perspective. This will help them find a balance in order for them to not get defensive and prevent themselves from sharing while also not disclose information which is protected by privacy laws. With the guidelines being clearly laid out, the security teams can be more efficient in providing information of quality with depth and relevance. They also need to comprehend what they will consume and how it can be used to ensure that they will do their part in giving value from the intelligence that they will receive without suffering from data overload which can waste precious resources.
Quality Should Be Monitored
The growth of information-sharing groups often leads to their demise due to the surge in the automated sharing of tactical information. To prevent this from happening, the group must frequently monitor the quality of the information shared to ensure that they are still passing along valuable information. The end goal should always be information which will help them determine the relevancy and apply it to their companies.
Finding a Way to Make Everybody Participate
Smaller organizations should join their own industry-specific sharing community and then actively participate in sharing intelligence. This information can be used by the group to achieve a higher success rate in protecting the community, which includes that smaller organization. Furthermore, smaller companies who contract with managed security service providers (MSSPs) should rely on their providers to offer intelligence. This is the role of the MSSPs so the smaller companies should ensure that they are delivering.
Once we destroy this cycle of decreasing value through handling the quantity and quality of shared information, the exchanges will then begin to thrive which will lead to more sharing and everybody wins.