CDSA

Media and entertainment (M&E) companies stand to significantly benefit from sharing cyber threat information with each other, according to Aaron Perkins, customer success manager at security vendor Cyware.

As an integrated part of the Content Delivery & Security Association (CDSA), the Media and Entertainment Information Sharing and Analysis Center (ME–ISAC) is leveraging Cyware’s platform for alerts and communications in a collaborative environment.

During the session “Advantages Gained by our Members through Information Sharing” at the CDSA’s Content Protection Summit (CPS) Dec. 6, attendees heard how ISAC communications platforms can supercharge the communities/working groups and dramatically increase their overall effectiveness.

Noting that Perkins couldn’t participate in the event in person, Chris Taylor, ME-ISAC director, said Perkins provided a video presentation.

“When I watched his video to see what he was going to deliver and then compared it to my slide deck,” it was clear that Perkins’ comments about collaborative information sharing would serve as a good introduction to what Taylor planned to say, so the order of their two sessions was changed so Perkins would go first, according to Taylor.

“You are familiar with threat intelligence, and chances are you’re probably even acquainted with sharing threat intelligence, perhaps within your own organisation or with other organisations in your industry,” Perkins said in his video presentation.

“But at a summit like this, there are also going to be [attendees] who may not be as familiar with collective defence, intelligence sharing and why collaboration is the key to a healthy security posture,” Perkins noted.

“So before we even get into the agenda today, I’d like to just get all of us on the same page so we can all approach this with the same foundational knowledge,” he said.

“There are typically three categories of people,” he explained. “Perhaps you are in the category where you are well aware of the collective defence approach and you are a current member of an ISAC, or you may currently not be a member of an ISAC but perhaps you’ve been involved with ISACs in the past, and then there are those of us who maybe just aren’t even sure what an ISAC is.”

So “let’s start with defining an ISAC,” he said, noting it’s an “industry specific organisation that gathers and shares information on cyber threats.”

ISACs also “facilitate the sharing of data between public and private sector groups,” he said, noting the financial services industry, for example, has the Financial Services ISAC (FS-ISAC), while the space industry has the Space-ISAC.

He went on to explain what collective defence is, why M&E companies need to use it, and how the industry can make that happen.

Perkins pointed out that he’s a U.S. Army combat veteran, “husband to a beautiful wife [and] daddy to two teenagers and one little baby that we are in the process of adopting,” adding: “So never a dull moment in the Perkins household, I can tell you that.”

The “journey” he went on to where he is today “really began with a love of technology, and I started building websites just as a hobby in college, after which I joined the United States Army and spent about eight and a half years of my life in a traditional threat intelligence setting,” he recalled. Perkins went on to rise in the ranks from a rookie analyst to leading multiple threat intelligence teams across Iraq and Afghanistan, he said.

His career in the cybersecurity started in 2015 and, “as the saying goes, I haven’t looked back since,” he told attendees, adding: “I’ve worked in a global threat intelligence centre” for a managed security service provider (MSSP). “I’ve been a director of cyber threat intelligence production and analytics at an ISAC. I’ve done consulting work and now I’m a cyber threat intelligence specialist at Cyware, where I focus on helping our customers not only get the most out of our products, but mature their organisations toward a more collaborative, threatened intelligence strategy.”

Collective defence is a “cybersecurity strategy that is collaborative in nature,” he explained. “So not only are you sharing information both within your organisation and within a sector or industry but you’re doing so to coordinate your threat response, whether that is with your company or within your industry.”

Companies should all “want our cybersecurity programs to continually mature, and we know we need to go from a state of constant firefighting to a more proactive approach,” he said.

After all, “when we’re in a reactive mode, the majority of our time is spent with responding to incidents, and it’s no surprise then that we are increasing the risk to our business by only taking action after the attacker has already launched their attack,” he explained.

As a result, “cybersecurity analysts are burning out nearly every day, with many of them leaving the industry completely due to burnout,” he told attendees.

“They’re constantly fighting fires, so to speak, and their only measure of success is secure it, defend it, and contain the outbreak when the attack is successful,” he noted.

However, he conceded that, “while we understand that we need to get into a more proactive posture, it’s tough and it’s a lot of hard work.”

But, as M&E companies start to “mature our cybersecurity strategy toward a more proactive model, where we’re shifting our focus from firefighting mode to fire prevention mode, we can begin to make better informed decisions as we operationalise our threat intel data and our analysts are far less fatigued and more likely to stick with the organisation rather than hanging it up” due to burnout.

Last, he went on to say: “Within our organisations, we get all the way to the right side of the slide: the collective defence where we take full advantage of that collaborative cybersecurity strategy. You’ve put in the work, you’ve identified your risks, you’re operationalising your threat intelligence data, your decision making is far more intelligence-led, and you’re likely even starting to automate some of your threat orchestration and maybe even sharing that back out with your organisation.”

Getting there is not easy. “If it was easy though everyone would do it,” he said, adding: “Even if your organisation is a mature organisation and you’re well within that proactive defence category, there are significant challenges with engaging in collective defence.”

Cyware recently commissioned a study of more than 330 global security decision makers, asking them about some use cases surrounding collective defence, he pointed out.

Among the findings, he said: “Sixty-five percent of respondents said that providing their teams with cohesive access to data [is] incredibly challenging. Sixty-one percent noted that automating their incident response playbook was another significant challenge, and fifty-five percent said that, when it comes to sharing threat intelligence across departments, that is very challenging.”

If some attendees were thinking they weren’t sure if their companies were “mature enough” to have this collaborative security strategy, he said: “I have good news. You are not alone. Chances are there are likely a lot of those to your left and right thinking that exact same thing. And, not only are you not alone, collective defence within an industry – and, more specifically within the media and entertainment industry – is a strategy you can start using literally today. You don’t have to wait until you’ve gone through all the steps and mature your organisational program.”

To download the presentation, click here.

To view the entire session, click here.

Presented by Fortinet and produced by MESA, CDSA’s Content Protection Summit is sponsored by Convergent Risks, Richey May Technology Solutions, GeoComply, Signiant, Verimatrix, Shift Media, EIDR and EZDRM.