Over two-thirds (69%) of threat intelligence (TI) analysts are involved in professional communities, but 48% of all those working in IT and cybersecurity roles are not allowed to share threat intelligence artifacts discovered through those communities, a new research from Kaspersky claims.
Based on a survey of more than 5,200 IT and cybersecurity experts from around the world, the report says that research found that respondents with TI analysis responsibilities are more likely to participate in specialized forums and blogs (41%), dark web forums (33%) or social media groups (21%).
When it comes to sharing their own findings, only 50% of respondents have actually made their discoveries public. Conversely, in companies where external sharing is allowed, 79% of security analysts did so. In 7% of cases, security analysts even shared TI findings despite it being prohibited by the organization they work at.
Kaspersky experts note that such restrictions are partly driven by concerns that if some objects are known publicly before a company can respond to an attack, then cybercriminals may realize that they have been detected and change their tactics. To help IT security teams analyze suspicious objects without a risk of exposing the investigation, Kaspersky provides a private submission mode option through free access to Kaspersky Threat Intelligence Portal. Thanks to this, a cybercriminal will not know that someone has shared samples, and an analyst can still receive the required data.
“Any piece of information – be it new malware or insights on techniques used – is valuable when protecting against advanced threats,” said Anatoly Simonenko, group manager for technology solutions product management at Kaspersky. “That’s why we constantly make our threat research findings available via our information resources and through our TI services. We encourage security analysts to also give a helping hand to others in the same collaborative way.”