The World Economic Forum posted an article discussing insights in information sharing from a recent cybersecurity conference in Copenhagen, Denmark that gathered participants from the public and private sector. The three major takeaways were the sharing of lessons learned, the adoption of the EU’s Network and Information Security Direction 2 (NIS 2.0), and the need for consolidating security solutions.
With regards to the first takeaway, the tension between organizations not wanting to share information about their own cyber attacks, yet desiring information about others’ cyber attacks was acknowledged. Participants urged organizations to share the lessons learned during the attacks they’ve suffered with peers, so the experience can make the overall sector/community more cyber resilient. Read more at World Economic Forum.
Analyst Comment (Jennifer Lyn Walker): Reporting is relative to resilience. Receiving non-attributable reporting is why ISACs and ISAOs exist. ISACs/ISAOs thrive on being able to help their sectors/communities understand the threats facing them. We do that best when we receive member reports that we anonymize and report out for the benefit of all members. A little sharing can go a long way.
Additional WaterISAC reporting on the benefits of information sharing: