As seen in the media on a regular basis, organizations are being breached in a variety of ways, and the sophistication of attacks ranges from basic to truly mind-bending. The simplest of these breaches are executed using methods organizations have known how to protect against for years, yet they still fail to deploy the proper countermeasures. With these much more intricate attacks, companies still would have been at risk, even with the best prevention methods in place.

However, by banding together and implementing a community defense to share information, organizations can achieve a number of important goals, such as detecting attacks at an early stage with a security information and event management (SIEM) solution, helping to reduce catastrophic events, providing insight on security risks and alerting others about which threats to secure against.

According to the latest IBM X-Force security research, vulnerability disclosures rocketed to a record high in 2014, and designer vulnerabilities such as Heartbleed and Shellshock revealed cracks in the foundation of underlying libraries on nearly every common Web platform.

Learning where your organization stands on the community defense curve and figuring out how to best leverage information sharing for your business needs should be a top security priority. The following are a few things to consider:

  • How information can be properly shared;
  • Current information sharing models that are available;
  • How information should be shared across sectors;
  • Minimizing privacy concerns while maximizing benefit;
  • Getting large-scale participation.

The next few years should be very interesting as defenders join forces to share security knowledge for the safety of their organization, customers and peers. What will the future hold for those who actively engage in information sharing and community defense?

Community defense best practices and strategies will be discussed in detail during a two-hour, information-packed session sponsored by the Financial Services Information Sharing and Analysis Center and Soltra at RSA 2015. Security community panelists and peers will address how to practice information sharing across industries and geographies, how to make threat intelligence actionable, the economics involved and how open standards such as the Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII) will be used.

More from Intelligence & Analytics

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read