Collaborating to build Collective Defence

When it comes to achieving effective cyber security, it must be remembered that there is no silver bullet.

Cyber-security teams that are incident driven are constantly overwhelmed by information, alerts, and artefacts inhibiting their ability to respond effectively as the cyber threats grow exponentially in scope, size, and complexity. They are falling behind the cyber attackers who are coordinating attack campaigns, collaborating, and sharing information with each other.

Being able to respond in a more contextualized and proactive manner is swiftly becoming the vanguard of cyber-security, with relevant and timely cyber threat intelligence (CTI) becoming critical to supporting this proactive approach for mitigating risk, rather than simply reacting to present and potential threats. In essence, this means evolving from an incident-driven, reactive approach to becoming threat-led to proactively get ahead of attackers.

CTI is the process of acquiring multiple pieces of information from different sources, to gain knowledge about threats in a particular environment. CTI sharing is a fundamental part of effective cyber security that supports Collective Defence, involving collaboration within and between organisations via sharing and coordinated threat response actions against the most critical threats.

Security Operations Centre (SOC), Incident Response (IR), and Vulnerability Management (VM) teams need to leverage automation while collecting, enriching, analysing, and disseminating threat intelligence derived from the huge troves of structured and unstructured threat data ingested from various internal and external sources. This can help dramatically shorten the time required to take threat intelligence from simple ideas to concrete defensive actions.

A collective defence approach enables organisations to share threat intelligence in real-time to help all stakeholders gain greater situational awareness, accurately identify the major cyber risks, and take the requisite mitigation actions to help secure their vital assets. It also enables the early detection and swift response against hidden threats by smartly coordinating threat-hunting operations using threat intelligence insights gained from other organisations that face similar threats.

By smartly leveraging strategic, tactical, operational, and technical intelligence, security decision-makers can optimise their resource allocation and gain comprehensive visibility over their threat environment. When security automation and collaboration are added to the mix, organisations can achieve several other positive outcomes, such as reduced chances of analyst fatigue, better prioritisation of the most relevant threats, and elevating the maturity of their security operations as a whole.

By inculcating a collective defence mindset, organisations with varying levels of security expertise and resources can amplify their defensive capabilities to mount a proactive response against the most critical threats to their assets, operations, and business continuity.

With the renewed focus on Australia’s critical infrastructure and the expanded number of sectors, most of the organisations across the 11 sectors won’t have SOC, IR and VM teams, let alone the capability to share ‘machine to machine’ intelligence. An industry partner is needed as the enabler/facilitator for CTI and collective defence via other means. By taking on the role of the trusted advisor/facilitator for the intelligence exchange, CI-ISAC ensures the overall quality of information flowing through its systems and out to the critical infrastructure members.