“I do feel like there are some practical regimes that can be put in place. There is a little bit of responsibility to help influence the thinking about defense, not just the standards. What it comes back to is good breach management. We have to be teaching them to think about the ‘how’ because that’s what gets them out of the compliance mindset,” Plunkett said.
One additional hurdle is deciding just how wide of a net to cast when determining with whom information is shared. “When you think about how you want to organize, whatever sector you are in, you need to decide whether you are organizing because of the commonality of issues in your sector or by geography because of the commonality of relationships. There is a value proposition at each layer,” Darling said.
If decisions are guided by outcomes, Darling continued, they have a clearer understanding of what they are trying to do, what they are protecting, and what sensitive issues they have to deal with. Everything comes down to value proposition.
While there are barriers to sharing cybersecurity information, including regulatory requirements, legal implications, and impact on reputation, Guenther said, “Collaborative defense is here to say. Large scale sharing has value, but we also heard about false positives, so the power of small groups is still a credible operating thesis.”
Before diving head first into a collaborative defense community, security teams need to build their networks with a purpose. First understand the objective, then consider what they are getting out of it, but also they must have a plan for how to measure success.
Sign up for CIO Asia eNewsletters.