Government and private sector must share intelligence more effectively to avoid cyber threats
- 17 April, 2014 17:05
Two-thirds of security information leads believe the lack of information sharing between public and private sectors is a cause for concern and only 4.8 percent would choose the government as their most trusted source for intelligence, a study has revealed.
In March 2013, the government launched the Cyber Security Information Sharing Partnership (CISP) to enable government and industry to share information on cyber threats in real time. Around 300 companies across a range of sectors were exchanging data via CISP as of February.
Out of 1,149 respondents, 67.6% say that intelligence is not shared effectively between the two parties - a critical indictment of the relationship between the government and the information security industry.
"This is something that needs to be addressed urgently," said Brian Honan, founder and CEO of BH Consulting.
"Without better collaboration between industry and governments we are at a disadvantage against our adversaries. As threats and the capabilities of those looking to breach our systems evolve we need to jointly respond better in how we proactively deal with the threat. We need industry and government to work together in ensuring a strategic approach is taken to enabling companies and citizens to be more aware of the threats to their data, to educate them in how to deal with the threat, and finally how to work together at national and international level to tackle the threats we face."
Infosecurity Europe's report also confirms the expansion of big data's effect on security within the business, with 18.6 percent of all survey respondents saying there is simply too much data to draw conclusions from and 42.6 percent reporting that the deluge of intelligence hinders the protection of information.
Although just over half of information leads surveyed believed the industry is coping with the ever-expanding data banks, 30.5 percent feel their organisation cannot make effective strategic decisions due to data growth. Just under half of respondents felt their department was suffering from 'short termism', and leaping from threat to threat.
Chief Information Security Officer (CISO) at Elvesier, David Cass, said: "The way information security is perceived is changing and events such as the Edward Snowden affair have taught both government and industry several valuable lessons.
"Threats to security and privacy occur from outside and inside organisations. The complexity of today's threat landscape is beyond the capability of any one company or country to successfully counter on their own. Experience shows there's clearly more work to be done until businesses understand the importance of information security to long-term strategy. This challenge, combined with the groundswell of data, supports the need for immediate change. Part of this change requires better sharing of information between government and industry."
Further, 58.9 percent of the 1,149 of respondents to Infosecurity Europe's survey, believe their IT department does not exert enough pressure on IT strategies to avoid infrastructure weaknesses and potential security risks.
The Infosecurity Europe Industry Survey: Security as a business enabler quizzed 1,149 Information security professionals across the private and public sectors within the UK and internationally. Over half of respondents were in the UK and 93 percent of all respondents were male.