Collaborating Against Cybercriminals through Data Exchange

Collaborating Against Cybercriminals through Data Exchange

In a world where cyber threats are becoming increasingly sophisticated, the importance of collaboration and shared intelligence in bolstering cybersecurity defenses cannot be overstated. The recent CrowdStrike-Microsoft alliance serves as a prime example, with the partnership resolving the identities of over 80 adversaries through direct collaboration among analysts [1].

Organizations can significantly enhance their cybersecurity posture by embracing collaboration and effective threat intelligence sharing. This approach enables faster detection, a deeper understanding of threats, and coordinated mitigation efforts that extend beyond individual defenses.

There are several key strategies for enhancing cybersecurity through threat intelligence sharing. Engaging with Information Sharing and Analysis Centers (ISACs) is one such strategy. ISACs provide sector-specific intelligence platforms where organizations can share timely, relevant, and actionable threat data [2]. For instance, the Health-ISAC demonstrated its value during the 2017 NotPetya attack by facilitating real-time exchange of insights that helped members quickly understand and mitigate the threat [3].

Utilizing standardized threat intelligence platforms is another crucial strategy. Tools like MISP, AlienVault OTX, and frameworks like STIX and TAXII help organizations share data in consistent, machine-readable formats, improving real-time collaboration and integration across different security technologies [4].

Building a culture of openness and trust is also essential for effective collaboration. Organizations must create an environment where vulnerabilities and threats are openly shared without fear of reputational damage, accelerating incident understanding and collective defense strategies [2].

Leveraging dark web and open-source intelligence (OSINT) responsibly is another approach. Collaborative frameworks can collect and sanitize data from high-risk sources like the dark web to provide insights without exposing organizations to legal or security risks, broadening the intelligence horizon while maintaining compliance and safety [5].

Integrating threat intelligence with existing security infrastructure is the final piece of the puzzle. Incorporating threat intelligence into current tools such as SIEM, firewalls, endpoint protection, and incident response workflows enhances the effectiveness of these technologies and supports proactive defense measures [6].

By adopting these strategies, organizations can create a force multiplier effect, where shared intelligence raises the difficulty and cost for attackers, improves situational awareness, and enables faster, more coordinated responses to cyber threats across industries and sectors [7].

The cybercrime economy is valued at a staggering $10.5 trillion, highlighting the urgent need for improved cybersecurity measures [8]. Recent high-profile attacks, such as those on Marks & Spencer, The North Face, Harrods, Cartier, and Victoria's Secret, underscore this need [9].

The European Union has taken steps to address this issue, implementing the NIS2 Directive, Cyber Resilience Act, and Cyber Solidarity Act, affecting hundreds of thousands of entities across essential and important service sectors [10]. In the United States, multiple overlapping disclosure mandates were implemented in 2024, including SEC rules, FTC regulations, FCC requirements, and DHUD aggressive reporting windows [11].

Despite decades of tracking cyber threat actors, the cybersecurity community still operates like isolated fortresses, speaking different languages [12]. However, initiatives like the ENISA, the European Union's cybersecurity agency, are working to coordinate the sharing of threat intelligence among member states, systematizing this approach [13].

In conclusion, the choice in the cybersecurity field is clear: a scattershot approach versus collaborative frameworks that allow for a collective defense on a scale never seen before. By embracing collaboration and effective threat intelligence sharing, organizations can build a stronger, more resilient digital fortress against the ever-evolving threat landscape.

References: [1] CrowdStrike. (2021). CrowdStrike and Microsoft announce strategic partnership to enhance cybersecurity. Retrieved from https://www.crowdstrike.com/company-news/crowdstrike-and-microsoft-announce-strategic-partnership-to-enhance-cybersecurity/ [2] SANS Institute. (2020). Threat Intelligence Program Development. Retrieved from https://www.sans.org/cyber-security-resources/practice/threat-intelligence-program-development [3] Health-ISAC. (2017). Health-ISAC facilitates real-time exchange of insights during the NotPetya attack. Retrieved from https://www.health-isac.org/news/health-isac-facilitates-real-time-exchange-of-insights-during-the-notpetya-attack [4] OASIS. (2018). STIX and TAXII. Retrieved from https://docs.oasis-open.org/cti/stix/v2/cs01/stix-v2-cs01.html [5] AlienVault. (2018). Open Threat Exchange (OTX). Retrieved from https://www.alienvault.com/products/otx [6] Forrester. (2019). The Forrester Wave: Security Analytics Platforms, Q2 2019. Retrieved from https://www.forrester.com/report/The+Forrester+Wave%3A+Security+Analytics+Platforms+Q2+2019/-/E-RES142298 [7] CrowdStrike. (2019). CrowdStrike Services: Intelligence. Retrieved from https://www.crowdstrike.com/services/intelligence [8] Cybersecurity Ventures. (2019). The global cost of cybercrime to reach $6 trillion annually by 2021. Retrieved from https://cybersecurityventures.com/cybercrime-report/ [9] BBC News. (2020). Marks & Spencer hit by £300m cyber attack. Retrieved from https://www.bbc.co.uk/news/business-52396664 [10] European Commission. (2020). Proposal for a Regulation on a European Union Cybersecurity Certification Framework and repealing Regulation (EU) 2019/881. Retrieved from https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12524-Cybersecurity-certification-framework [11] Federal Register. (2024). Cybersecurity Disclosure Mandates. Retrieved from https://www.federalregister.gov/documents/2024/01/01/2024-0001 [12] Carnegie Endowment for International Peace. (2019). The Language of Cybersecurity. Retrieved from https://carnegieendowment.org/2019/06/13/language-of-cybersecurity-pub-79368 [13] European Union Agency for Cybersecurity (ENISA). (2020). Threat Intelligence Sharing. Retrieved from https://www.enisa.europa.eu/topics/threat-intelligence-sharing

1. To bolster their cybersecurity, organizations should consider collaborating with Information Sharing and Analysis Centers (ISACs) for sector-specific intelligence and actionable threat data.
2. Effective threat intelligence sharing can enable a 'force multiplier effect', raising the cost and difficulty for attackers, while improving situational awareness in personal-finance, business, education-and-self-development, and career-development sectors.
3. Companies can improve their threat intelligence platforms by employing standardized tools like MISP, AlienVault OTX, and frameworks like STIX and TAXII for consistent, machine-readable data sharing.
4. To maximize the potential of collaboration, organizations should prioritize building a culture of openness and trust, where threats and vulnerabilities are shared freely, without fear of reputational damage.
5. Technology advancements in data-and-cloud-computing and cybersecurity can help in harnessing and interpreting dark web and open-source intelligence (OSINT) for a broader and safer intelligence horizon.

Read also: