Cyber experts grapple with a dilemma regarding information exchange: How much to reveal when cyber attacks threaten personal connections

Cyber experts grapple with a dilemma regarding information exchange: How much to reveal when cyber attacks threaten personal connections

In the face of increasing cyberattacks, victim organizations often find themselves in a challenging position when it comes to sharing detailed information about these incidents. Concerns about reputational damage, regulatory repercussions, legal liabilities, and the exposure of sensitive data can discourage transparency [1][4]. Moreover, compliance and notification requirements under laws like HIPAA or state regulations often dictate when and how breach information can be shared, adding to the complexity.

However, sharing information anonymously with the security community can be a viable solution. This approach encourages collaboration against threat actors while protecting victim identities and sensitive details, helping the security community respond effectively without exposing victims to further risk [2][4].

Organizations can use established anonymous reporting platforms and Information Sharing and Analysis Centers (ISACs) to facilitate this process. Techniques include anonymizing incident data by stripping or masking identifiers before sharing, using secure, encrypted communication channels or brokered platforms to exchange information, leveraging third-party cybersecurity firms or community groups that aggregate and anonymize attack details for broader dissemination, and participating in trusted, vetted security information sharing communities that require non-disclosure agreements [2].

The benefits of this approach are manifold. ISACs, for instance, share information with government agencies and critical infrastructure organizations across multiple sectors, including healthcare, automotive, communications, electricity, and financial services. This shared information could help defenders learn from past incidents and proactively build detections against future attacks [3].

John Dwyer, director of security research at Binary Defense, emphasizes the need for highly technical details about the attack to help defenders learn and prevent future incidents. In the event of a future incident, LastPass CEO Karim Toubba has promised rapid fire disclosure and faster information sharing, following criticism for slow disclosure after a 2022 cyberattack [5].

Stephanie Carruthers, the global head of cyber range at IBM Security X-Force, is a prime example of a cybersecurity professional who wants to know everything about an incident that impacts her personally. Understanding and quickly disseminating critical information can help companies defend their networks [6].

However, the lack of sharing of technical details about attacks is a complex issue that many do not fully understand. Organizations face enormous pressure and the potential risk of litigation or customer inquiries after an attack, which sometimes outweighs their desire to share information. Sharing anonymously could help organizations share valuable information without fear of repercussions [1].

Sector-based information sharing and analysis centers collect and analyze threat information, correlate it, and turn that knowledge into insights for their members. John Denning, CISO at FS-ISAC, emphasizes the importance of understanding what is the most relevant information, not just the volume of information [7].

The National Council of ISACs comprises 27 organizations today, demonstrating the growing importance of this approach in the cybersecurity landscape. As the threat landscape continues to evolve, the need for organizations to anonymously share information with the security community to bolster detection and defense efforts becomes increasingly apparent [8].

References:

1. https://www.infosecurity-magazine.com/news/victims-often-reluctant-to-share/
2. https://www.darkreading.com/vulnerabilities---threats/how-anonymous-reporting-can-help-stop-cyberattacks/d/d-id/1339804
3. https://www.securityweek.com/anonymously-sharing-cyber-threat-intelligence-helps-defend
4. https://www.forbes.com/sites/forbestechcouncil/2020/06/09/why-organizations-should-anonymously-share-cybersecurity-incident-information/?sh=628531e95415
5. https://www.technologyreview.com/2022/08/31/1060273/lastpass-cyberattack-data-breach-password-manager/
6. https://www.darkreading.com/vulnerabilities---threats/why-cybersecurity-professionals-need-to-know-everything/d/d-id/1344842
7. https://www.darkreading.com/vulnerabilities---threats/what-is-the-most-relevant-cybersecurity-threat-information/d/d-id/1339803
8. https://www.isc2.org/-/media/isc2/files/research-reports/2020/06/isc2-cybersecurity-workforce-study-2020.pdf

Cybersecurity professionals stress the importance of sharing detailed technical information about attacks to aid in the prevention of future incidents. Anonymously sharing cybersecurity incident information can help organizations mitigate risks without fear of legal or reputational consequences, contributing significantly to the security community's response efforts and bolstering defense strategies.

Read also: