Sharing information on threats faster is essential in the face of increasingly sophisticated attacks, says Freddy Dezeure, head of the European Union computer emergency response team (EU-Cert).
However, this is typically hampered by a lack of adequate tools, concerns about brand damage, and a tendency to make too much information classified, he told the ISSE 2013 security conference in Brussels.
“Zero day threats are also bought [on the underground market] for greater sums than security suppliers are willing to pay,” he said, which means this information is rarely available to business.
As a result, businesses are regularly targeted by cyber attacks that can take up to 48 hours to control and malware that can remain undiscovered on business networks for up to a year before it is found.
“It is hardly surprising that offensive rather than defensive responses are becoming more interesting to organisations faced with tactics such as malware infection through compromised websites,” he said.
But Dezeure said this is worrying and organisations should instead be collaborating to create trusted communities for sharing information on attacks they are seeing to help improve defences.
He also believes that the EU has a role to play in creating legislation that requires and supports greater sharing of threat information.
Guenther Welsch, head of governance at the German federal office for information security also believes governments should take a stronger hand by setting minimum security standards.
“But it must be done in a smart way. All sectors are slightly different so it must be sector specific. A one-size-fits-all approach is doomed,” he said.
Information security professionals will also have to improve and diversify their skills, said Franky Thrasher, information security manager, Electrabel, Belgium.
He believes that security professionals need to match the rate at which attackers are increasing their skills, sharing information and exploiting new technologies.
Gerold Hüber, chief product security officer at SAP, Germany, said organisations should use threat intelligence to keep raising the bar to reduce the gap between required effort and potential gain.
“Business just has to keep the bar high enough that the potential gain is not worth the time and effort that attackers need to put in to attain their goal,” he said.
Manel Medina, stakeholder relations advisor at EU cybersecurity agency Enisa, said the organisation is working on several initiatives to support cyber-threat-information sharing in the region.
These include an incident reporting tool, programmes that promote collaboration between European Certs, and the development of strategies for early warning and response.
Read more about cyber information sharing
- UK government sets up cyber security fusion cell
- UK government launches cyber threat data-sharing partnership
- Democrats support Cispa cyber bill despite White House veto threat
- OSSIM update enables cyber threat intelligence sharing
- Infosec 2013: Research shows value in crowd-sourced threat intelligence