Cyber pros weigh an intel-sharing quandary: What to share when attacks hit close to home

Reactions to cyberattacks — and the demands for information they elicit — are personal and professional for cybersecurity experts.

Stephanie Carruthers, chief people hacker and global head of cyber range at IBM Security X-Force, wants to know everything when an incident impacts her personally.

But as a cybersecurity professional, Carruthers wants to know what the attackers did.

“I love to see as much information as possible, but I also understand from that business perspective they have to be very careful about what they share,” Carruthers told Cybersecurity Dive last week at the RSA Conference in San Francisco.

Most victim organizations want to share information up front, but have to be vague until they know what occurred, she said.

Organizations are under enormous pressure following an attack, and the potential risk of litigation or customer inquiries sometimes outweighs the cybersecurity industry’s high regard for information sharing.

“What we need to do is just come to terms with the value of information sharing without someone feeling like they’re going to be open and honest about something and then get whacked on the wrist for it,” said John Dwyer, director of security research at Binary Defense.

“The disconnect there is what we really need is the highly technical pieces of how the attack happened,” Dwyer said at the RSA Conference.

This is the type of intelligence defenders can learn from to help prevent other incidents and proactively build detections against going forward.

“Why they don’t share that information I think is far more complicated than most people understand,” Dwyer said. “I would love to see a way for organizations to anonymously share that information with the security community.”

To read the complete article, visit Cybersecurity Dive.