More than three quarters of IT security professionals (81%) believe the government should be sharing more threat intelligence information with the private sector, according to research conducted by Unified Security Management vendor AlienVault.
In a survey of more than 300 UK-based IT security professionals, when asked how they viewed the government in protecting their business from hostile nations and major threats, a quarter of respondents (23.5%) perceived the government as consuming threat intelligence but not sharing. A further 13% said they would have no idea who to contact if they needed to share intelligence with the government.
In addition, UK companies do not depend on government sources for their own intelligence. When asked which sources of threat intelligence they rely on, only a quarter (26%) thought that government information was reliable, while most (58%) rely on their own detection processes, and nearly a third (28%) on that of their trusted peers.
Javvad Malik, Security Advocate at AlienVault, said: "It's worrying that so few security practitioners view government information as reliable. But it's a case of chicken and egg – unless the private sector shares intelligence with government sources, its information is bound to be out of date. Without a consistent process for intelligence sharing, the situation will continue."
When security professionals discover a threat, only a fifth (20%) will share intelligence with the government. But over a third (40%) will share details with a closed community of their trusted peers. On the other end of the spectrum, 43% will only share information internally, and 10% won't share it with anyone at all.
Javvad Malik continues: "Ultimately people trust people – they don't trust faceless organisations. This is especially true with threat intelligence when security professionals fear that they might damage their company's brand and reputation by reporting a breach.
"One of the main factors we believe is behind this is that people worry about inadvertently sharing sensitive company information when they share threat intelligence. While this is a legitimate concern for many, it shouldn't be a stopping point – many items such as hash values, suspicious IP addresses and domain names are shareable with relative ease and without exposing any internal information."
When asked which specific types of attacks were of most concern to them, 43% cited insider threats from disgruntled employees. 40% were most concerned with hacktivists and 0-day exploits, and a third (30%) were most concerned about state sponsored attacks.
Javvad Malik continues: "As nation-state attacks become more frequent, and reportedly become more involved in launching attacks against businesses, the role of the government becomes crucial. These types of attack are often politically motivated, and companies would benefit from access to improved intelligence about them. If no one shares, you won't get good threat intelligence."
The survey also asked about the role of law enforcement and the role it has to play in post-breach analysis. Just under a fifth (19%) of participants had called police and law enforcement agencies to help investigate a breach at their company. The vast majority (71%) of those deemed the service provided to be effective, with only 13% describing law enforcement response and support to be ineffective.
"As attacks become more prevalent, it's not a matter of if organizations get attacked, but when," Malik continues. "A robust view of the threat landscape allows companies to improve their own security posture, as well as that of their partner ecosystem, making it difficult for adversaries to undertake successful attacks repeatedly. But unless the government and private sectors can learn to trust each other and share intelligence effectively, our overall response is being slowed down."