As seen in the media on a regular basis, organizations are being breached in a variety of ways, and the sophistication of attacks ranges from basic to truly mind-bending. The simplest of these breaches are executed using methods organizations have known how to protect against for years, yet they still fail to deploy the proper countermeasures. With these much more intricate attacks, companies still would have been at risk, even with the best prevention methods in place.

However, by banding together and implementing a community defense to share information, organizations can achieve a number of important goals, such as detecting attacks at an early stage with a security information and event management (SIEM) solution, helping to reduce catastrophic events, providing insight on security risks and alerting others about which threats to secure against.

According to the latest IBM X-Force security research, vulnerability disclosures rocketed to a record high in 2014, and designer vulnerabilities such as Heartbleed and Shellshock revealed cracks in the foundation of underlying libraries on nearly every common Web platform.

Learning where your organization stands on the community defense curve and figuring out how to best leverage information sharing for your business needs should be a top security priority. The following are a few things to consider:

  • How information can be properly shared;
  • Current information sharing models that are available;
  • How information should be shared across sectors;
  • Minimizing privacy concerns while maximizing benefit;
  • Getting large-scale participation.

The next few years should be very interesting as defenders join forces to share security knowledge for the safety of their organization, customers and peers. What will the future hold for those who actively engage in information sharing and community defense?

Community defense best practices and strategies will be discussed in detail during a two-hour, information-packed session sponsored by the Financial Services Information Sharing and Analysis Center and Soltra at RSA 2015. Security community panelists and peers will address how to practice information sharing across industries and geographies, how to make threat intelligence actionable, the economics involved and how open standards such as the Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII) will be used.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today