Communication and Information Sharing
The challenges to effective risk management in relation to Targeted Attacks have already been stated. The ability for risk management processes to effectively inform the operational needs for protection, detection, containment and recovery is made even more difficult if the necessary information is unavailable. Establishing sources of actionable information, whether through public sources or through specific relationships, is therefore vital.
Communicating openly about what happened to a victim organization can help other similar organizations take appropriate measures to avoid the same fate. However, it is not enough to simply share information. The key to successful information sharing is to be clear about the practical outcome. For example, an organization may share the internet address of a system that is attacking it so that other organizations can block that same address, or an organization may want to share their analysis of an event to see if other organizations have seen similar patterns of attack.
Sharing information about Targeted Attacks is very hard. This is in part because sharing information on these attacks might have consequences for an organizationâ€™s brand, regulatory compliance, shareholder concern, and its bottom line. Selective sharing between private organizations is though possible, and has been demonstrated to have a high level of effectiveness and is worth the investment.