Recent research conducted by Unified Security Management supplier AlienVault revealed that only 2% of surveyed EU companies would be willing to go public should they suffer a security breach. Thirty-eight percent opted to inform the relevant authorities and 31% said they would tell their employees. A mere 11% said they would share the information with the security community.
Organisations who suffer a security breach face a Catch 22, said Barmak Meftah, President & CEO of AlienVault. "On the one hand, publicising a breach would help other businesses avoid falling prey to attacks. On the other, damage to your brand and reputation could be significant."
He says this is even more pertinent when considering the European Commission's proposed overhaul of its data protection laws, that will see companies face fines of up to 2% of their global annual turnover should they suffer a breach. "This would see the fallout from a breach being potentially disastrous not only for a company's good name, but also for their bottom line.”
Another troubling find from the survey was that 5%, when asked 'what is the first thing you do when a new malware hits', said they do nothing at all. Fortunately, Meftah said the vast majority of respondents (52%) said they would research the impact, 31% said they look for a patch and 1% said they wait to see the full impact.
When it came to sharing intelligence with competitors following a hack, the survey revealed that an encouraging 50% said they would share -- 35% said they would be willing to reveal it anonymously, and 15% they would be happy to be named.
"Sharing information about the source and nature of attacks allows the security community to act fast, and quickly isolate malicious or compromised hosts," said Meftah. "In addition, it helps identify attack methods, tools and patterns, all of which help fuel research on new defence technologies."
Meftah says AlienVault created its Open Threat Exchange (OTX) for exactly this reason – sharing threat intelligence. Since it was launched early last year, OTX has expanded to become a place where security professionals can connect with their peers, find free tools for security monitoring, and learn about the latest threats and defensive tactics from industry experts and security researchers. OTX Reputation Monitor™, included in both AlienVault’s commercial USM product and open source OSSIM project, issues alerts should any member of the community be attacked.
"In this way, the whole community has the intelligence needed to cope with an attack of a similar nature."
"The growing complexity and sophistication of threats make it difficult for security professionals to have a clear view of possible vulnerabilities, threats, and attacks that are out there."
Sharing information can give the security industry a better understanding of these threats, and help them learn about and develop more secure products and services, as well as improve their defences, he added.
According to Meftah, this is clearly illustrated by the responses to another of the survey questions: 'How do you learn about security you need'. Informal communication channels such as blogs (14%), underground forums 6% and through peers at 13% were almost equal to more formal channels. "News web sites numbered only 13%, through partners / resellers 10%, and via education / training, 14%. Those who said through advertising and marketing numbered only 6%, the same number as those who learned through their superiors. Responders who cited using their own research following a problem came in at 16%."
All in all, said Meftah, attitudes are changing. "Security professionals are starting to share more and more. They are getting their information from different sources. AlienVault is aware that the only way to beat cyber criminals is to understand the security landscape as a whole and continue to facilitate this sharing among all security practitioners and the wider security community in general."