There’s a mountain of data available about actual and potential cyber threats. Some might say too much.
In fact, 70% of organizations are overwhelmed by the volume of cyber threat data that’s available to provide actionable insights, according to a Ponemon Institute study.
Private equity and global investment firms such as KKR & Co. attempt to minimize this issue by leveraging a tight network of peers for sharing threat intelligence with one other. The challenge, said KKR Principal and Head of Cybersecurity, Thomas Sammel, is being able to effectively filter the threat intelligence you receive daily “so that it’s tailored to give your organization what it needs and at the time that it needs it.”
Insofar as it’s necessary for cyber teams to continually refine threat intelligence, Sammel believes that organizations can substantially benefit from greater information sharing across the public and private sectors. This aids companies’ expanding knowledge and awareness of specific threats.
“The financial services ISAC (Information Sharing and Analysis Center) does a pretty good job of this,” said Sammel. “But you’re often limited to what individual members are willing to post and how timely the posts are.”
Like his peers, Sammel said he’s not always prompt with posts he makes to the financial services ISAC, often because he’s “dealing with multiple issues at any given time.”
“Within the financial services sector, the ISAC does a good job of sharing information with each other. But that type of sharing needs to occur across a greater base of organizations and sectors.”
Sammel doesn’t believe data or organizational silos are obstructions in the distribution of threat intelligence between organizations. “It’s more of a recognition that good organizations must realize the benefits of effective intelligence sharing. There really exists an intrinsic need to come together against those groups that want to do malicious things against us individually or collectively.”
Going forward, he believes CISOs are best served to take an analytical approach to obtaining and acting on threat intelligence.
“You’ve got to have good intelligence – synthesized in a usable format and the ability to act on it quickly,” said Sammel. “You want to get inside the decision cycle of the attacker before the attacker gets into yours.”
