Information sharing has long been one of the topics that many security leaders have preached about, yet many organizations have yet to jump on the bandwagon and share their “secret sauce” when it comes to their cybersecurity experiences. Given the slew of headline-grabbing breaches, many may think it’s not best to share that their organization has indeed become a target, even though nearly all have experienced some type of intrusion.
Furthermore, if you consider a sports analogy, why would one team share their approach to the game with another when they’re after the same prize? While it’s understandable to think that way, security leaders may benefit from information sharing a lot more than keeping everything to themselves. After all, there’s a lot to learn from a competitor’s experiences, according to Peeyush Patel, vice president of information security at Experian.
“The best way for us to change the [look of the battlefield] is to be able to share information with a lot of our competitors,” Patel told InfoSec Insider during recent the IT Security Leadership Exchange in Jacksonville, Florida. “We do that routinely through our user groups and other forums either on the record or off the record.”
The concept of information has changed dramatically over the last decade, and more recently it’s has been about sharing threat intelligence, according to Chris Carlson, vice president of product management at Qualys.
“In the last couple of years it has changed to really help threat intelligence drive more operational policies,” he said.
In the full-length interview below, Patel and Carlson discuss the importance of leveraging information sharing to one’s advantage as a security leader and why you should jump on the threat exchange bandwagon.