Half of companies prohibit the sharing of threat intelligence insights with expert groups. Two-thirds (66 percent) of threat intelligence analysts are active in professional communities, but 52 percent of those who work in IT and cybersecurity roles don't have permission to share threat intelligence artifacts generated by them communities were discovered. This emerges from the current Kaspersky report “Managing your IT security team”.
Kaspersky has been an advocate of international collaboration in cyberspace for many years and has initiated collaborative initiatives in the global IT security community. The company sees this approach as the best way to protect against evolving cyber threats. Kaspersky therefore surveyed 5.200 IT and cybersecurity experts worldwide to find out whether other companies are willing to collaborate and share threat intelligence.
Study shows: only a few share information
The study shows that respondents with responsibility for threat intelligence analyzes in particular are increasingly participating in specialized forums and blogs (45 percent), dark web forums (29 percent) and social media groups (22 percent).
However, when it comes to sharing their own findings, only 44 percent of those surveyed actually made their findings public. In companies that allow such information to be shared externally, 77 percent of security analysts shared their findings. Almost a tenth (8 percent) even shared this, although this is prohibited by their company.
Cyber criminals could read along
Such restrictions are partly due to concerns that cyber criminals may learn they have been detected and change their tactics if some objects are publicly known before a company can respond to an attack. To support IT security teams in analyzing suspicious objects without running the risk of their investigations being uncovered, Kaspersky offers a protected submission mode via the free access to the Kaspersky Threat Intelligence Portal. With this option, corresponding samples can be passed on to an analyst without cybercriminals knowing about it.
"Any information about cybersecurity threats - be it new malware or insights into techniques used - is valuable for protection against advanced attacks," comments Anatoly Simonenko, Group Manager, Technology Solutions Product Management, at Kaspersky. “That's why we always make our threat research insights available through our information resources and threat intelligence services. We encourage security analysts to help others in the same way."
More about the study on the blog at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/