The Importance of Utilizing Your Professional Networks to Collaborate Against Cyber Criminals
By Marc Ashworth, Senior Vice President and Chief Information Security Officer, First Bank
The need of individuals for fresh water and clean air is about the only thing that compares to the need of businesses and government for more data. As we see on almost a daily basis, this thirst for data comes with a price. That price is the cost of protecting it and subsequently losing the data. In the US, various states and federal agencies require breach notifications to be reported. The security industry typically waits eagerly to know details in the reports, especially for large, high-profile breaches.
Knowing how a past breach occurred provides security teams a better understanding of how to protect their environment. Information such as malicious IP addresses, exploits used, and other compromise details are all beneficial. It is understandable why some organizations do not disclose the weaknesses in their security posture in the reports. Hopefully, by the time the report is released, those risks are mitigated and the company can be more upfront on the details.
This all leads to the importance of sharing of information and why it should be a two-way conversation. Rather than just reporting to an agency of incident, that agency should provide anonymous information of details that can benefit others. Some agencies do this well, while others provide little public information. This information can be a beneficial source of current threat intelligence and lessons learned information. The information needs to contain minimal standardized information to be reported so proper aggregation can be provided to others.
Relying solely on threat intelligence data from the government or the press could place your organization at risk due to the timeliness of the information. Having alternate sources of information from third-party threat intelligence companies or even your personal network of other organizations may be timelier.
We all know the benefits of collaboration and communication and doing so with a trusted group of professional colleagues can provide a wealth of valuable information. Building this network by joining local groups of IT and security professionals or attending local conferences is a great way to expand your network. We all have information that could benefit other teams or even help answer questions on whether a phishing email or IP address scanning your firewalls is a targeted campaign or not. Creating a community of trusted professionals to discuss threats, security products, policies and other topics reinforces the fact that you are not in the fight alone.
There are formal groups that may already be in your community to assist with this, such as various user groups, industry ISACs, InfraGard, ISC2, and ISACA local chapters, to name a few. These are great resources to build your network of other security or IT professionals in your area and industry.
The other option is to build your own user group. For example, in the St. Louis area, there are several groups that meet regularly made up of CISOs and security managers. These groups provide a great way to discuss security issues in a trusted environment. Other communities may also have similar groups and if there isn’t one, then consider starting one. It is important to keep these groups vendor free, so there is no biasness or pressure towards a product. There are various professionally organized groups sponsored by several marketing and professional conference management companies. However, it has been my experience these private informal local groups have the best conversations.
The benefit of growing your professional network is great. Having a trusted set of individuals that you can regularly bounce ideas off benefits not only each person in the group, but also their organizations. Experiment with the various groups out there to find out which is best for you or start your own. No matter how you do it, don’t stop sharing because we are in this fight together to protect our systems from cyber criminals.
Marc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, author and a public speaker. He is a board member of St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank’s information security, fraud, physical security, and the network services departments.