Two-thirds (69% in META) of threat intelligence (TI) analysts are involved in professional communities, but 44% of all those working in IT and cybersecurity roles are not allowed to share threat intelligence artifacts discovered through those communities.
This is among the findings from a new Kaspersky report, “Managing your IT security team”.
The research found that respondents with TI analysis responsibilities, in particular, are likely to participate in specialised forums and blogs (48%), dark web forums (32%) or social media groups (28%).
But when it comes to sharing their own findings, only 49% of respondents have actually made their discoveries public.
Conversely, in companies where external sharing is allowed, 81% of security analysts did so. In 8% of cases, security analysts even shared TI findings despite it being prohibited by the organisation they work at.
Kaspersky experts noted that such restrictions are partly driven by concerns that if some objects are known publicly before a company can respond to an attack, then cybercriminals may realise that they have been detected and change their tactics.
To help IT security teams analyse suspicious objects without a risk of exposing the investigation, Kaspersky provides a private submission mode option through free access to Kaspersky Threat Intelligence Portal.
“Any piece of information – be it new malware or insights on techniques used – is valuable when protecting against advanced threats,” comments Anatoly Simonenko, group manager: technology solutions product management at Kaspersky.