The costs associated with cybercrime are exploding, forcing businesses to adopt new and innovative approaches to digital security. More sophisticated attacks require more sophisticated security measures, and one such measure is shared threat intelligence. In a way, it’s a break from tradition, yet it’s one of the most effective aspects of an advanced and proactive cybersecurity stance.
More to the point, such attacks threaten thousands of healthy, successful businesses annually. While many cybersecurity best practices and technologies have been around for a while, most of the organizations that suffer losses thought they had adequate protection when they were attacked.
You’re not alone
Reports exploring hackers’ observable strategies have found clear indications that such entities also attack other companies within the same vertical. Research from Verizon shows that 40 percent of attacks are directed at a second organization within an hour of the first; roughly three-quarters of attacks find another target within 24 hours. In many cases, these are direct competitors or related organizations being targeted by the same attacker.
Knowledge gained by experience can be used to identify, mitigate, and even stop attacks. But how do you get that knowledge? Shared threat intelligence is particularly effective for blocking the large-scale attack campaigns that broadly attack an industry, rather than a specific company.
Crowdsourcing digital security
Shared or community-based threat intelligence means sharing knowledge of attack vectors and other information that can enable partner organizations to make the necessary adjustments to close off vulnerabilities and maintain the integrity of their IT systems.
This can be done by signing up with a cybersecurity provider or an industry group with an information-sharing community, or both. While controversial, the Cybersecurity Information Sharing Act of 2015 allows American companies to share threat indicators with each other and the U.S. government. It also provides standards for information sharing that protect against liability if followed correctly.
Understandably, sharing enterprise data would have some limitations and disadvantages. For instance, when sharing data within a community that may include competitors, you would also need to remove sensitive business information, along with customers’ personally identifiable data. This addresses the biggest concern many businesses have with cooperative threat intelligence.
For some organizations, however, the challenges of effectively scrubbing information make employing a third-party sharing platform more attractive.
Imperva, a security provider that advocates shared threat intelligence, has a short video and a helpful infographic that can serve as a good resource for understanding how application layer attacks work and what kind of defense is necessary to block these.
Attacks like cross-site scripting (XSS) injections, SQL injections, and comment spam — automated and repeated over as many vectors as possible — tend to find weak points in unprepared companies. XSS vulnerabilities, which Imperva’s crowdsourced research shows is currently the most popular attack vector, are a good example of a vulnerability which, in practice, is more difficult to detect than to fix.
In order to protect the enterprise as completely as possible from costly digital threats, every organization needs a strategy that includes cooperative threat sharing to aid its defense against large-scale attacks. The tools and institutional structures meant to enable a cybersecurity transformation toward automated intelligence sharing are in development, and specialized service providers are able to leverage wide networks to address threats as they approach.
Through increased cooperation, the completion of government and industry projects, and experience, the damage from downtime and breaches can be minimized.
This is the "wpengine" admin user that our staff uses to gain access to your admin area to provide support and troubleshooting. It can only be accessed by a button in our secure log that auto generates a password and dumps that password after the staff member has logged in. We have taken extreme measures to ensure that our own user is not going to be misused to harm any of our clients sites.