Most threat intelligence (TI) analysts are members of professional communities, but half of those working in IT and cybersecurity positions are not allowed to share intelligence with others, a new report from Kaspersky claims.
Based on a poll of 5,200 IT and cybersecurity experts from around the world, the report states that TI analysts often participate in various forums and social media groups, but less than half (44 percent) share their own findings as a result of company policy.
Of those employed by companies that allow for intelligence sharing, more than three quarters (77 percent) of TI analysts seize the opportunity. Every once in a while, analysts share their findings even if it means going against corporate policy.
Although these bans could have a negative impact on the community’s ability to respond to threat, the logic is sound. According to Kaspersky, by keeping knowledge to themselves, analysts also keep cybercriminals in the dark. If criminals know they have been compromised, they are likely to change their tactics sooner, making detection and remediation that much more difficult.
Still, Kaspersky believes that there are ways the industry can share data, away from the prying eyes of cybercriminals.
“Any piece of information – be it new malware or insights on techniques used – is valuable when protecting against advanced threats. That’s why we constantly make our threat research findings available via our information resources and through our TI services. We encourage security analysts to also give a helping hand to others in the same collaborative way”, said Anatoly Simonenko, Group Manager, Technology Solutions Product Management at Kaspersky.