To demonstrate the value of information sharing, here is powerful, current evidence of some real, attainable cybersecurity success stories.
Government policymakers should encourage the exchange of information. Information Sharing and Analysis Centers, or ISACs, work toward this end. Here are some examples of cybersecurity success through information sharing. These come from a wide range of industries.
These cybersecurity success stories can be found throughout the economy. This proves that they are fairly common across all sectors.
To avoid harm, we’re able to share information. After that, there were able to describe how they did so and how the information sharing was a help.
Related Post: Top Five CyberSecurity Stocks to Purchase
There are indeed other ways to assess the benefits of sharing knowledge. However, these true stories can be a useful tool in encouraging businesses to share cybersecurity information.
Cybersecurity Success Through Information-Sharing Partnerships
Large corporations frequently develop information-sharing partnerships with official information-sharing organizations. Sometimes, they do this with more than one.
In addition, they make informal arrangements with their peers. These peers are often outside of any ISAO or ISAC framework. Information sharing’s benefits frequently extend to both arrangements.
One such triumph involves a few large and small retail businesses. They were the victims of targeting by cyberattacks during the high-stakes November retail season.
The first step was a large merchant’s discovery of threats employing a completely new Java Script Remote Access Tool.
After that, the retailer was able to link it to a recent phishing email and a previous attempt the week before. As a result, they began communicating this information about the threat to at least three other major merchants directly.
Therefore, these other retailers ran internal checks. They let the large shop, which was the first to reveal, know that they were able to detect the same malware. As a result, they were able to escape harm.
This was entirely due to the earlier information sharing. In addition, there was sharing of the information with one of the retailer’s ISACs. Following that, the ISAC’s analysis identified up to 30 retailers as being targeted.
Cybersecurity Success Through Public and Private Information Sharing
Information sharing can happen between the private and public sectors, or between the two.
Private-sector firms often prefer not to interact directly with the government. However, this does not preclude them from reviewing information shared by the government.
One success story involves a company that benefited from government information. It also involves the company’s subsequent endeavor to obtain additional information from the government by enlisting the help of its ISAC. Without revealing its identity to the government, the corporation was able to gain additional vital information.
The federal government noticed an IP address associated with a certain Advanced Persistent Threat actor from abroad, according to a major financial company. Many months later, the company saw the IP address again and questioned if it was still linked to the threat actor. As a result, it requested that its ISAC approach the authorities and inquire on its behalf. This is because it was trying to remain anonymous.
The ISAC did so, and the threat actor was still utilizing that IP address, according to the report.
As a result, the financial services firm learned that one of its senior executives had been targeted by a well-known APT actor. This one was usually involved with political and military targets. The company was able to secure its executive.
In addition, and, more importantly, they were able to update their threat models to account for the shifting breadth and range of this threat actor’s interests. All of this resulted from this information sharing instance and subsequent sharing among financial services firms.
Supply Chain Success
Concerns around supply chain cybersecurity have gotten a lot of attention recently. Information sharing can help supply chain managers become more aware of specific issues and get substantial benefits.
An ISAC shared information with users of a series of streaming video devices that looked to be beaconing out to a country in Eastern Europe. This was information from a federal government source.
Unusually, the ISAC was able to protect its members from the breach by working directly with the device maker. As a result, they were able to uncover and remedy a major supply chain breach.
Some ISACs have overlapping customer bases. In addition, they have organizations in a wide range of activities.
Major retailers, for example, have a lot in common with other shops. However, given the way they collect money and deal with debit and credit cards, they can also have something in common with financial institutions. This is why, when an ISAC learns useful information, it might occasionally be beneficial to share it with people outside of its ISAC.
An ISAC that does not specialize in aviation had evidence leading to the discovery of a wide-ranging malware campaign. It was targeting aviation infrastructure across the country.
The ISAC performed an investigation that found significant insights about the campaign and the threat actor’s TTPs. Furthermore, it worked extensively with federal and multiple other partners to assure alerting across a sector that was not their specialty.
This serves as a reminder that ISACs and ISAOs frequently have cybersecurity success benefits that extend beyond their traditional member base.