When it comes to threat intelligence collaboration and sharing, there are several ways in which SA businesses are going wrong. In many regards, threat intelligence has become just another ‘marketing phrase’ and companies often don’t have a proper understanding of what threat intelligence really is.
So says Jason Jordaan, MD of DFIRLABS (DFIS LAbs), who will be presenting on 'Best practice in threat intelligence collaboration and sharing', at the ITWeb Security Summit 2020, to be held as a virtual event, from 25 to 28 August this year.
According to Jordaan, there are a number of different ‘flavours’ of threat intelligence, too often with no consistency. “This runs the gamut from actual threat intelligence programs all the way through to threat intelligence feeds. In many instances, information is confused with actual intelligence.”
In other words, he says we often don’t do threat intelligence correctly.
“Another area in which we are going wrong, is that we attempt to commercialise threat intelligence. While I can understand why this happens, the commercialisation of threat intelligence often means we are not as effective as we could be as a community. We simply don’t share. Even when we build national cyber security centres they often end up being one-way streets.”
Local organisations need to gain a real understanding of cyber crime and cyber threats, and how they can harness threat intelligence to protect themselves. “However, to do this, they need to have a proper understanding of what threat intelligence is, how it works, and what type of skills and expertise are needed.”
He adds a caveat: “Threat intelligence is not buying a tool or a feed. When it comes to threat intelligence, everyone is an information collector, and can, and should share information about threats, so that it can be analysed and shared with the community as actual threat intelligence.”
Everyone has a responsibility when it comes to securing the society as a whole, and organisations need to be willing to openly share and contribute to the analysis of threats for the benefit of the entire community.
Delegates attending Jordaan’s talk will come away with a far better understanding of what threat intelligence is, as well as how it fits into a holistic security strategy. In addition, they will gain a better understand the risks associated with not being active participants in the threat intelligence lifecycle, and how to become active participants.
This year, because ITWeb Security Summit 2020 is being held as a virtual event, delegates will be able to access the content from the comfort of their own homes or offices, cutting out travel time, and can juggle work deadlines with the sessions that appeal to them the most. All conference materials and recordings can be accessed online.