1. Threat intelligence is not intellectual property
Organisations have historically been hesitant to share data on threats. From a security vendor side, this stems from a common belief that their product differentiation is dependent on keeping this intelligence a closely guarded secret.
From a user perspective, many organisations have also operated under the assumption that sharing intelligence with their competitors could expose sensitive information or put them at a competitive disadvantage. But, in 2016, we will see more vendors come to the realisation that their users, and the community, have come to expect more from them. In order to offer the best protection possible, vendors will begin to share intelligence with each other on a wider scale.
2. Public and private data sharing
There has never been more focus from the United States government on the sharing of threat intelligence, with President Obama directing the Department of Homeland Security (DHS) to lead the charge to enable public and private entities to share intelligence with each other in Executive Order 13691.
This coming year will see the result of these efforts being formalised and put into practice, with Information Sharing and Analysis Organisations (ISAOs) being established and intelligence shared across private, non-profit and government agencies. Spurred by this innovation, we expect to see governments across Asia Pacific adopting similar policies.
3. Campaigns, not samples
We will see an evolution in what is being shared, with a move toward more adversary- and campaign-oriented intelligence. Traditional efforts have been focused on indicators such as hash values, which provide minimal actionable value to the organisations receiving them. Instead, we will see more effort around malware family and adversary attribution, which provide the context needed to understand the threat and develop relevant protections against them. Simply sharing data will no longer be good enough; we have to share the right intelligence, with actionable recommendations.
2016 represents the fruition of the great promise in threat intelligence sharing. The world is changing, and both vendors and users must adopt a more proactive stance to sharing, lest they risk being left in the dust by those who do.
We have a responsibility as a security community to do everything in our power to prevent cyberattacks, which includes sharing as much intelligence as possible. While there is a great deal of momentum in 2016, we can do more to reap the benefits of this trend. Ask yourself how your organisation can integrate and contribute to keeping our community safe online.
Sign up for CIO Asia eNewsletters.