Strong two-way communication between government and the private sector combined with a clear national breach notification policy will put a dent in cybercrime, experts say.
On the heels of three major cybersecurity incidents over the past six months—the SolarWinds and Microsoft Exchange supply chain attacks and the Colonial Pipeline ransomware attack—government officials and some in the private sector are reviving calls for better information sharing and national breach notification requirements.
“We seem to talk endlessly about information-sharing,” Michael Daniel, president and CEO of the Cyber Threat Alliance, a nonprofit that enables cybersecurity providers to share threat intelligence, said during a presentation at the RSA Conference last week. “Virtually every cybersecurity panel study or review for the last half-century seems to have an information-sharing recommendation in it. No one is really against information sharing in theory. Yet, information sharing never seems to quite work.”
“One of the reasons that companies feel uncomfortable talking about cybersecurity incidents or sharing information about cybersecurity incidents…is because they’re worried that somebody’s going to say, ‘Ha! You had terrible cybersecurity.'” Daniel tells CSO. “But the issue is that we actually don’t know what’s good or bad cybersecurity.” He calls for a “standard of care,” some better means of actually measuring what good cybersecurity constitutes.
This article appeared in CSO Online. To read the rest of the article please visit here.