Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Collaboration and Information Sharing Should Also Happen Internally

We often discuss the importance of external collaboration and information sharing in security. Frequently overlooked, however, is the importance of also collaborating and sharing information internally among the various teams and functions comprising our organizations. 

We often discuss the importance of external collaboration and information sharing in security. Frequently overlooked, however, is the importance of also collaborating and sharing information internally among the various teams and functions comprising our organizations. 

Indeed, this concept underpins the rise of intelligence fusion centers in the commercial sector. Although fusion centers originated in the public sector as a means of optimizing collaboration between law enforcement and defense agencies with respect to matters of national security, they are quickly becoming a must-have for businesses seeking to reduce operational risk.

These businesses recognize that information sharing is essential even among teams and functions that don’t routinely cross paths, such as the following examples:

Anti-Money Laundering & Fraud

Fraud is often a precursor to money laundering, which is why anti-money laundering (AML) and fraud teams that routinely share information tend to be able to identify, understand, and track suspicious individuals and behaviors more efficiently and effectively.

For example, let’s say that a fraud team identifies a case of identity theft. Because the fraudster in question appears to have also been laundering funds through a falsified bank account, the fraud team immediately notifies the AML team. After examining the account’s activity and verifying several red flags, the AML team was able to confirm the presence of money laundering and apply mitigations before further damages ensued—and in much less time than if each team had operated independently from one another.

Cyber Threat Intelligence & Physical Security

Cyber threat intelligence (CTI) and physical security are another two teams that don’t usually interact with one another but can benefit significantly from doing so, largely due to two reasons.

Advertisement. Scroll to continue reading.

First, some of the data sources on which CTI teams rely for detecting cyber threats can also provide visibility into physical threats. There are certain illicit communities online where both cyber and physical adversaries congregate and plot schemes ranging from phishing campaigns and DDoS attacks to highly targeted acts of physical violence and even terrorism.

But because access to data from these communities is often limited to CTI teams—not to mention that such teams are generally not trained to identify indicators of physical threats—many physical security teams tend to lack visibility into threats that could potentially impact the personnel and/or physical assets they’re responsible for safeguarding.

Second, many of the cyber threats CTI teams encounter can have physical consequences. Destructive malware, for instance, originates and deploys online but can wreak havoc on critical systems and the physical assets and infrastructure they maintain. Case in point: the WannaCry ransomware attack that halted operations for thousands of organizations worldwide, including numerous hospitals, public transit systems, and utilities providers. 

It’s relatively commonplace for CTI and incident response teams to establish a coordinated response plan in preparation for a cyber attack, but—as demonstrated by WannaCry—it’s imperative for physical security teams to be involved in such plans as well.

Insider Threat & Human Resources

Most insider threat programs (ITPs) have access to certain human resources (HR) datasets and may also receive some degree of HR support during insider threat investigations. Otherwise, however, these two functions don’t usually interact, although they should. Pre-employment screening is one area where collaboration and information sharing can be particularly valuable. 

Specifically, HR functions are usually responsible for conducting or overseeing background checks on prospective employees. Certain high-risk indicators aren’t always visible via traditional screening procedures, but in some cases the external datasets and sources to which many ITPs have access can help reveal and provide additional context around these indicators. 

For instance, some adversaries have been known to seek employment in order to obtain and exploit sensitive data, intellectual property, or other assets from a business. A moderately sophisticated ITP would be aware of these tactics and likely even have visibility into the illicit communities where adversaries discuss related schemes. But because the same cannot be said for most HR functions, maintaining alignment with one another can help both functions more effectively identify and mitigate these threats and the potentially serious risks they pose.

Lastly, I must emphasize that the examples described in this article represent only a select few combinations of teams and functions that can benefit immensely from closer and more frequent collaboration. Above all else, keep in mind that similar to sharing information externally, doing so internally—and effectively—can be challenging and requires ongoing adjustments, clear objectives, and enterprise-wide support.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...