Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.

Sunday, April 04, 2021

Kept under wraps: Half of companies prohibit sharing threat intelligence findings with professional communities —Kaspersky IT report

03/20/2021 08:05:04 PM

There are two-thirds (66%) of threat intelligence (TI) analysts that are involved in professional communities, but only half of them (52%, to be exact) of all those working in IT and cybersecurity roles are not allowed to share threat intelligence artifacts discovered through those communities. These were the findings from the recent Kaspersky report named, “Managing your IT security team.

For the longest time, Kaspersky is known to advocate international collaboration in cyberspace and contributes to joint initiatives across the global IT security community. The worldwide cybersecurity company sees this approach as the best way to protect from ever-evolving cyberthreats which led them into surveying more than 5,200 IT and cybersecurity practitioners globally for this report, to see if other businesses were ready to collaborate and share TI.

As its culmination, the research found that respondents with TI analysis responsibilities, in particular, are likely to participate in specialized forums and blogs (45%), dark web forums (29%), or social media groups (22%). When it comes to sharing their own findings, however, there are only 44% of respondents actually made their discoveries public. Conversely, in companies where external sharing is allowed, 77% of security analysts did so. In 8% of cases, security analysts even shared TI findings despite it being prohibited by the organization they work at.

Kaspersky experts noted that such restrictions are partly driven by concerns that if some objects are known publicly before a company can respond to an attack, then cybercriminals may realize that they have been detected and change their tactics. To help IT security teams analyze suspicious objects without the risk of exposing the investigation, Kaspersky provides a private submission mode option through free access to Kaspersky Threat Intelligence Portal. Thanks to this, a cybercriminal will not know that someone has shared samples, and an analyst can still receive the required data.
“Any piece of information – be it new malware or insights on techniques used – is valuable when protecting against advanced threats. That’s why we constantly make our threat research findings available via our information resources and through our TI services. We encourage security analysts to also give a helping hand to others in the same collaborative way,” commented Anatoly Simonenko, Group Manager, Technology Solutions Product Management, at Kaspersky.
Author: slickmaster | © 2021 The SlickMaster's Files

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!