Threat disclosures: Governments still secretive
By Benjamin Cher December 29, 2015
- Balancing act between interests of businesses and govts in sharing information
- Businesses realising threat intelligence is not a panacea for all security issues
ALTHOUGH security companies have been stressing the importance of sharing threat intelligence and information, many parties – whether in the public or private sector – seem to have things they prefer remain secret.
And governments seem to be even more reluctant to share such information, according to LogRhythm cofounder and chief technology officer Chris Petersen, speaking to Digital News Asia in Singapore.
“We have been able to find ways to share threat intelligence for companies and governments to collaborate, which can be valuable especially … since governments have access to more unique information.
“But governments don’t want to share information as it could expose secrets and capabilities that might compromise them,” he says.
This makes the sharing between private and public sector challenging due to the misalignment of missions, which leads to an imbalance between what the market wants and what can be provided, he argues.
Furthermore, governments often request the private sector to share information with them, which leads to concerns for the private sector, according to Petersen.
“This is helpful since when a private sector company shares with a government, the government in turn can share it with other private sector companies and make the nation more secure against threats,” he says.
“But there are concerns about compromising the privacy of individuals as private companies share data related to threats,” he adds.
Companies are still grappling with the issue of being able to share only threat data, and not data that can compromise the privacy of individuals, according to Petersen.
“Ultimately, sharing information is important, and we do need to find a way to do that while privacy is still maintained,” he says.
“In the absence of government-driven threat intelligence sharing programmes, the market has filled the gap in its own way, and the question of whether governments need to get involved is still up for debate,” he adds.
In dealing with data breaches, requirements to disclose ultimately rest on the government to enforce, and Petersen believes that the balance between private and public sector can be struck in this regard.
“People should be aware if they are at risk and we have reasonable practices that allow law enforcement to investigate criminal activity,” he says.
“We should also be able to balance the interests of companies and governments,” he adds.
While threat intelligence is regarded as key in cyberdefence, there is a stark difference between the hype and the reality.
“My concern is that it is being put out there as a panacea that people think can solve all these problems – which is not really true,” says Petersen (pic).
“Threat intelligence is useful data and can be helpful, but it is always going to be incomplete,” he adds.
Threat intelligence is only one aspect of an overall mature security capability that companies need to be looking at, according to Petersen.
“There is also the reality that most companies cannot take advantage of threat intelligence,” he says.
“The reality is that 90% of companies are still too immature to operationalise high-quality threat intelligence.
“Most organisations are still implementing the basics in security monitoring and analytics – the market adoption of directly consumed threat intelligence is very low,” he adds.
But companies are cottoning on to the fact that threat intelligence might not be the panacea for all their security problems.
“People are realising that it is not a panacea – it is challenging dealing with false positives, and does not solve all their problems,” Petersen says.
“There is a more pragmatic mindset around threat intelligence, that there is a lot more work to do to make it useful and it is just part of a mature cybersecurity maturity strategy,” he adds.
Machines taking over
The number of attacks a day has increased to the point where human-powered analysis is being overwhelmed, and machine learning is one of the biggest areas of innovation in this space, according to Petersen.
“The machine analytics approach helps organisations determine what events and alarms to pay attention to,” he says.
This includes “qualifying it against environmental characteristics, identifying when that endpoint or user account changes behaviour.”
Furthermore, such technology can help alleviate the cybersecurity skills shortage, as attacks are increasing at an exponential rate and beyond human capabilities to address, Petersen argues.
“You can’t hire people and train them fast enough, or cost-effectively, to analyse all the gathered threat intelligence.
“Software needs to do that, for companies to say ‘here are the actual real threats’ and use a person to pay attention to that,” he says.
Governments not that clueless about cybersecurity after all
Companies resist mandatory disclosure, cybersecurity suffers
Cyberthreat info-sharing on the rise: Fortinet expert
The threat landscape runneth over, here’s what we need to do
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.