Bob Rudis (@hrbrmstr), Director of Enterprise Information Security and IT Risk Management at Liberty Mutual is a huge supporter of incident sharing.
The bad guys are really good at sharing information to break into us. We’re really not that good at sharing information to prevent them from breaking into us.
“We’re afraid to do that, but we need to get better at that. We need to get a better idea of what’s going on and better protect ourselves,” said Rudis.
Rudis recommends two techniques to improve data sharing across companies:
- Share indicators – For example, DNS changes. If you have a DNS change on your network and you know how much you’ve been infected, you’d like to know how much others have been infected as well.
- Incident sharing – Need a common way to record incidents similar to the VERIS (Verizon Enterprise Risk and Incident Sharing) framework.
“I don’t understand why we’re hiding incidents,” said Rudis. “We all know that we have them. We need to share them.”
Rudis argues that these two techniques will step up the game a lot more than just buying more boxes.
When I discussed companies’ fears of sharing information, Rudis thinks this has to do with portions of organizations that don’t want to share information, like legal departments. But the reality is we’re sharing that information ex post facto anyway. We’re seeing incidents from organizations after the fact all the time.
“You’re going to get found out you’ve got stuff anyway. It’s just going to be a mandated forced legal thing from the government at some point. So why not preempt the government action. Work together to develop it in a common way that we all can agree upon and get the legal guys to certify that this is an OK thing to do. Avoid government intervention which I think everybody wants to avoid because we have enough of it already,” Rudis said. “We’re tired of spending money on doing stuff that doesn’t work. [Sharing incident and indicator data] would give us the ability to start target spending on areas that do work because we’re seeing what other people do.”
Stock photo of sharing button courtesy of Shutterstock.