The principles of information sharing for pandemic viruses can also be applied to prevent cyberattacks
With a global pandemic taking over the spotlight on all of news and media, we are all familiar with the likes of what a virus is and the negative implications if not properly mitigated. What hasn’t shared the same spotlight is perhaps a similar-acting type of digital threat -- the cyber virus. The cybersecurity community has long existed to detect and mitigate these types of cyber threats.
These cyber threats often earn the name of being called a “virus” because they act in similar ways as biological viruses. Here are some shared characteristics of cyber threats:
- There are always new cyber threats looming on the horizon, called zero day attacks. The cyber criminal community is always devising new ways to hack and exploit organizations.
- Cyber threats can mutate. The cyber criminal community has shifted to a cycle of innovation that has inspired a myriad of copycat attacks -- each new attack learning and building on the previous.
- Cyber threats have the capability to infiltrate quickly at a moment’s notice. With new attacks that are AI-powered, trusted individuals can be impersonated, attacks can blend into the background, and infiltrate faster and more effectively.
Much like the virus the world is currently dealing with, new cyber threats cannot be fully prevented, and our best bet is to quickly detect and mitigate any new attacks. To effectively do so, the cybersecurity community can leverage a lot of the same principles around information sharing that the scientific community embraces to combat viruses.
Which principles can be leveraged to combat viruses?
Strength in numbers: The more players we have collecting and sharing threat intelligence information means the more opportunities we have to detect a zero day attack and share mitigation strategies. The goal is to reciprocally empower one another to achieve a herd immunity.
Trust and expertise: The community of players sharing threat intelligence must all share a level of trust with one another. Their sources for threat intelligence data and threat mitigation strategies must be up to date and reliable.
High relevance: The threat intelligence data must be highly relevant to the organizations using it. Cyber attacks within industries and verticals have the ability to be highly targeted and contextualized, so the threat intelligence used counter to these attacks must also be specialized and relevant.
Equally important to the quality of the threat intelligence data sources are the methods used to share the data between one player to another. Data needs to be shared on a regular and on-demand basis in forms that can be digested by others. Here are some examples of types of threat intelligence data that can be beneficial to share:
- Common vulnerabilities and exposures (CVE) metadata -- a CVE metadata service allows recipients to look up CVE vulnerabilities connected to the location via SHA-256 encrypted files.
- File reputation -- a file reputation service allows recipients to look up the data provider’s classification of malicious files recorded based via SHA-256 encrypted files.
- URL database -- a URL database allows recipients to look up the data provider’s classification of certain malicious URLs and IPs detected.
- Scheduled feed -- all of the types of data above can be scheduled for a regular export from the data provider to the data recipient.
So, who's at risk?
It's important to note who is at risk of a cyber attack and who can benefit from receiving threat intelligence data. In short, everyone is at risk of a cyber attack at any given moment. There are already many examples of existing threat intelligence sharing relationships:
In regards to private to public sector sharing, government agencies can benefit from gaining access to the threat intelligence data many private businesses own. There are many examples of this already happening, such as with the FBI’s Infraguard and the UK’s Defense Cyber Protection Partnership, in which the private and public sectors are encouraged to work together for the greater common good.
Regarding private to private sharing, many businesses and organizations can benefit from sharing threat intelligence. Examples of such partnerships can include industry-specific partnerships. Retail businesses receiving consumer-based threat intelligence data from consumer cybersecurity companies. Cybersecurity companies that typically provide the data can also benefit from bolstering their threat detection capabilities with incremental data from other cybersecurity companies.
In essence, a successful partnership is defined by the opportunity to gain reliable, relevant, and incremental data -- more data creates stronger threat detection and mitigation capabilities. At Avast, we understand what it takes to be a partner in providing up-to-date and reliable threat intelligence data with over 30 years of consumer cybersecurity expertise. We collect big data on the most current cyberthreats today with our large network of sensors around the globe feeding data into our threat detection algorithms. Our partners can bolster their offerings and gain access to the same threat intelligence data used by our teams to power our AI-powered security solutions.