“One of the bigger partners in our supply chain had a breach, but they won’t share any of the information with us.”
At Celerium, we hear these stories every day: one partner in a supply chain learns that another partner has been compromised, and the compromised partner refuses to share any valuable intelligence about the breach. Any insights that might come from that event, any potential to inform the supply chain’s collective strategic decision making, remains hidden.
This is not just anecdotal. In the wake of a devastating 2020 cyberattack, Microsoft’s Brad Smith called out “the federal government’s insistence through its contracts on restricting our ability to let even one part of the federal government know what other part has been attacked.”
What is the point of gathering all of this cyber threat intelligence if you’re not going to do anything with it? At what point is its potential value lost?
It’s not news to anyone that the pace and intensity of new threats is increasing every day. According to MIT, 2021 has broken the record for zero-day attacks; no fewer than 66 have been found in use this year, more than double the 2020 total. At that scale, how many organizations can afford to tackle the problem alone?
With an ever-increasing danger, and with so many new attacks coming from previously unknown vulnerabilities, the individual organization cannot be an island. Sharing cyber threat intelligence is a way to close the knowledge gap. If these high-profile breaches have taught us one thing, it is that each event has a ripple effect; the damage trickles down. Greater cyber threat sharing enables stronger, more coordinated community defense.
It reminds me of something a CISO once told me: “we are always asking each other to ‘open the kimono,’ but when it comes to talking about a breach, there shouldn’t be a kimono at all.” If we are even to begin to combat the threat, we all need to start sharing the goods.
This CISO may not be alone. According to a recent article in The Hill, Deputy Attorney General Lisa Monaco is advocating for breach reporting legislation from Congress to combat the ransomware threat. “Congress can help close this gap by enacting legislation to create a national standard for reporting cyber incidents,” Monaco said. As long as we’re creating standards, perhaps part of the framework could include a national standard for threat intelligence sharing.
If we’re removing the kimono, there can’t be any more secrets.
Interested in learning more about how Celerium facilitates cyber threat sharing? Contact us today.