The sharing of threat intelligence may be crucial in the fight against cybercrime. Yet over half (52%) of all those working in IT and cybersecurity roles are forbidden from sharing information with others outside their organisation.
Those are the findings of a new Kaspersky report, ‘Managing your IT security team’.
The research found that two-thirds (66%) of threat intelligence (TI) analysts are involved in professional communities and that respondents with TI analysis responsibilities are likely to participate in specialized forums and blogs (45%), dark web forums (29%) or social media groups (22%).
But when it comes to sharing their own findings, only 44% of respondents have actually made their discoveries public. Conversely, in companies where external sharing is allowed, 77% of security analysts did so. In 8% of cases, security analysts even shared TI findings despite it being prohibited by the organization they work at.
The sharing of threat intelligence is commonly seen as a double-edged sword. While it allows for collaborative insight among experts, there is also a significant risk that by sharing intelligence, cybercriminals can be alerted to how their attacks are performing against a target and change their tactics accordingly.
Kaspersky is a long-time advocate for international collaboration in cyberspace and contributes to joint initiatives across the global IT security community. The company sees this approach as the best way to protect from ever-evolving cyberthreats.
To help IT security teams analyze suspicious objects without the risk of exposing the investigation, Kaspersky provides a private submission mode option through free access to Kaspersky Threat Intelligence Portal. It claims this means that the cybercriminal will not know that someone has shared samples, and an analyst can still receive the required data.
Says Anatoly Simonenko, Group Manager, Technology Solutions Product Management, at Kaspersky:
“Any piece of information – be it new malware or insights on techniques used – is valuable when protecting against advanced threats. That’s why we constantly make our threat research findings available via our information resources and through our TI services. We encourage security analysts to also give a helping hand to others in the same collaborative way.”
The full report is available here.