With the U.S. Department of Homeland Security’s (DHS) Automated Indicator Sharing (AIS) capability not only disseminating but also officially accepting shared cyber threat indicators (CTIs) and defensive measures (DM), finance firms are taking a closer look at automating processes for sharing threat intelligence. This raises the question: How can financial firms leverage advanced security technology to improve the quality and sharing of threat information while staying compliant with data privacy regulations?
This issue is coming to the forefront in the face of ever-widening threats and the federal government’s Cybersecurity Information Sharing Act of 2015 (CISA) of 2015. The act aims to improve cybersecurity by encouraging public and private sector companies to share threat intelligence and provide legal protections to companies choosing to participate.
Many companies — especially in sectors like finance — have acknowledged that threat sharing can make identifying and mitigating threats faster and more efficient, but they also fear the potential liability implications to customer privacy and their infrastructure.
In fact, a recent survey found that while 97% of companies who received shared threat intelligence thought it helped them better protect against threats, only 24% said they were likely to share their own data.
CISA aims to provide liability protections and antitrust exemptions so that intelligence – as long as it is scrubbed of personally identifying information (PII) – can be shared more freely.
Old Threat Intelligence Is No Threat Intelligence
Manual threat sharing is slow at best. As attacks evolve, shared threat indicators that are just hours old become stale fast. Automation, like that used by the DHS’s AIS, promises to speed both the dissemination of threat indicators as well as defensive measures.
While the finance industry has been on the forefront of both the threat sharing and automation pushes, there are still pockets of resistance. According to John Carlson, chief of staff at the Financial Services Information Sharing and Analysis Center (FS-ISAC), the financial industry has taken steps to automate the process but should continue down that path.
An example is Soltra, a tool run by both FS-ISAC and the Depository Trust & Clearing Corp that distils threat intelligence, automates sightings, prioritizes actions and routes intelligence. Soltra uses two standards – STIX and TAXII – to automate the threat categorization process and make threat intelligence both machine-readable and -actionable. FSI-ISAC is working closely with DHS to coordinate the usage of STIX and TAXII to streamline threat intelligence with AIS.
Roadblocks To Automated Sharing
Ultimately, the goal is to commoditize cyber threat indicators to enable all organizations to use real-time data to better protect against cyber threats. Despite the progress, however, roadblocks to automated threat intelligence sharing remain. Financial firms that are considering taking part in threat intelligence sharing are paying close attention to liability concerns, such as:
-
PII scrubbing: Once a threat stream is automated, discerning whether it includes PII or other sensitive data becomes much more difficult. Ensuring strict data classification policies and inserting human review strategically within the process can help.
-
Encryption: Ensuring that PII and other corporate identifiers remain safe and secure is a top priority. To that end, many financial firms are including security controls such as encryption and data loss prevention to ensure threat intelligence remains anonymous.
Will Your Financial Firm Automate Share Threat Intelligence?
Having timely access to real-time threat intelligence can make a big difference in protecting organizations and firms against data breaches and security incidents, but business, privacy and legal concerns are proving to be roadblocks in the public efforts to share data. This is leading many security vendors to develop solutions to infuse their platforms with threat intelligence based on their own client data and research to offer better protection against threats.
Cybercriminals have been sharing intelligence for years to great success and the cybersecurity community needs to take note. Will your financial firm automate your threat intelligence sharing? Join the discussion.