Sharing Security Data Really Does Make A Difference

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.forbes.com/sites/eugenekaspersky/2015/02/02/sharing-security-data-really-does-make-a-difference/


In early January of this year, President Obamaannounced support for several
initiatives aimed at improving cybersecurity in the US. This is a positive
step and supports the efforts underway in the US Congress to pass
data-breach-notification and information-sharing legislation.

Today I’d like to focus on the information-sharing proposals here.

The global fight against cyberthreats continues to keep the Internet and
those that use it as safe and secure as possible. The ranks of those that
use the Internet to steal corporate or state secrets, personal data or
money online are only growing. The sophistication of the threats continues
to rise, and the end is not in sight. The question is: how can we work
toward making the Internet even safer? Also, how do we get better at
stopping and prosecuting malicious acts online? This has to start with
global cooperation and global leadership.

If I could think of one action that would provide the most bang for the
fewest buck in terms of improving cybersecurity, I’d have to say that it’s
real-time sharing of threat information. Without a doubt. Yet progress on
this is painfully slow.

Real-time sharing of threat information within and between both the private
and public sectors would make America better prepared to find, stop and
then apprehend the bad guys. And if real-time information sharing becomes a
reality in the US, it will send a strong signal to the rest of the world
that open cooperation can make cyberspace more secure.

For this challenge, just like the Internet itself, goes beyond the US. We
must think globally to address a global problem.

The criminals are not limited to a few countries; they’re everywhere. As a
company that sees these threats day in and day out, we’re committed to
working with governments and law enforcement to fight cybercriminals; we
work continually with organizations like INTERPOL to help make the Internet
safer. Meanwhile at government-level, I was pleased to hear that the US and
UK have agreed to increase cooperation on cybersecurity – from training and
sharing of cyber-intelligence to joint cyber-exercises. Both countries
should look to expand these cooperation efforts to include other nations.

However, on the whole, meaningful international cooperation is still a long
way off. Here’s a real-world example my company encountered: We once
received a letter from the cyberpolice from a Western country. It was
asking us for a contact with the cyberpolice in another Western country.
Question: why couldn’t they get in touch directly? The usual procedure is
‘too bureaucratic’, I was told. And I’m afraid this is the level at which
‘international cooperation’ often finds itself today.

Nevertheless, naturally, I am hopeful that the US policy initiatives will
become a reality and that these efforts will spread to forge greater
collaboration among governments and the private sector around the world.

This is the path that needs to be taken to make our online world safer and
more secure.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!