A recent survey has found that almost half of threat intelligence information sharing communities were allowed to ‘take but not give’.
In a survey of more than 5,200 IT and cybersecurity practitioners around the world, it has been found that less than half of those working in IT and cybersecurity roles and who were part of professional communities were allowed to share threat intelligence findings.
Respondents with threat intelligence analysis responsibilities, in particular, were likely to participate in specialized forums and blogs (45%), dark web forums (29%) or social media groups (22%). Yet, when it came to sharing their own findings, only 44% of this subgroup actually made their discoveries public.
Conversely, in companies where external sharing was allowed, 77% of security analysts did so. In 8% of cases, security analysts even shared their threat intelligence findings despite it being prohibited by their employers.
What caused this?
Cybersecurity firm Kaspersky, which conducted the study, sees threat intelligence sharing as the best way for organizations to mutually protect themselves from ever-evolving cyberthreats. The firm constantly advocates international collaboration in cyberspace and contributes to joint initiatives across the global IT security community.
In view of the restrictions on some cybersecurity professionals regarding sharing their organization’s threat intelligence findings, Kaspersky experts noted that such restrictions are partly driven by concerns that if some objects are known publicly before a company can respond to an attack, then cybercriminals may realize that they have been detected and change their tactics.
The take-but-not-give behavior occurs even though IT security teams can analyze suspicious objects without a risk of exposing the investigation. For example, Kaspersky provides a private submission mode option through free access to its threat intelligence portal.
According to the firms, Group Manager, Technology Solutions Product Management, Anatoly Simonenko: “Any piece of information—be it new malware or insights on techniques used—is valuable when protecting against advanced threats. That’s why we constantly make our threat research findings available via our information resources and through our TI services. We encourage security analysts to also give a helping hand to others in the same collaborative way.”