Free, unadulterated sharing

Welcome to the new 164 cyber warriors who joined us last week. 🥳

Bringing you weekly insights from the Black Hat MEA community. Discover exclusive interviews with industry experts and key moments from the #BHMEA keynote stage.

Want to stay updated with our weekly newsletters on LinkedIn? Don't forget to subscribe.

📣 Last but not least, we're thrilled to announce that registration for Black Hat MEA 2023 is officially OPEN! Register now.

📣 This week we’re focused on…

How important it is for Information Security professionals to share intelligence with one another.

Because security isn’t a competitive subject ❌

When we interviewed #BHMEA23 speaker Matthias Muhlert (ECSO CISO Ambassador, and CISO at Haribo) for the blog, he said:

“My job allows me to engage with individuals across the entire organisation, collaborate with cutting-edge technologies, travel the world due to work requirements, interact with exceptional intellects, exchange ideas freely (as security is not a competitive subject, and information sharing is often mutually beneficial), keep abreast of emerging trends in technology, and so much more.”

The point in there – that security isn’t competitive, but requires collaboration in order to be as effective as possible – is really important. It’s pretty much what Black Hat MEA is about, actually; bringing the industry together to get loads of experiences and ideas in one room.

Should companies ‘air their dirty laundry’? 🤔

Whether or not organisations should bare all when they’ve suffered a breach is an ongoing topic for debate.

On the one hand, some experts have urged companies to be as transparent as possible about the threats they’re experiencing – like Bradford Wilke (from the Cybersecurity and Infrastructure Security Agency), who said in 2018 that “cybersecurity, infrastructure security is not a competitive advantage.”

And when it comes to breaches that affect personal data, many regulatory bodies require disclosure from companies – all 50 US states, for example, have some form of breach notification law; and in Europe the Data Protection Authority requires that organisations notify them of a breach within 72 hours of becoming aware of it.

On the other hand, some legal professionals advise that companies should not share breaches unless they absolutely have to. Why? Because if a corporation is committed to acting in the best interests of its shareholders, there may be no benefit (to said shareholders) in disclosing a breach – and not sharing could help to minimise financial loss.

Within the industry, knowledge-sharing is invaluable

Among cybersecurity professionals, however, the general consensus is that sharing breach details and security strategy knowledge is a really good thing.

Speaking to InfoSecurity Magazine, Thomas Schreck (Chair of the Forum of Incident Response and Security Teams) said, “Proactive information-sharing about attacks and defensive mitigations builds resilience across organisations participating within a given trust community, evolving herd immunity against attacks that others have seen within their own networks.”

Cybercriminals are perpetually locating – and penetrating – new vulnerabilities on the attack surface. And simultaneously, cybersecurity defence professionals are constantly working to keep up (or even occasionally get ahead).

Intelligence sharing is a weapon against cybercrime. And we should use it.

So – join us in Riyadh for Black Hat 2023. Because as Muhlert put it,

“There is no better way to exchange ideas and engage in thought-provoking discussions than with some of the brightest minds in the industry.”

Read the interview: How one moment can change your trajectory

💬 Share on Twitter

Register now for Black Hat MEA from 📅 14 - 16 November 2023.

Join the conversation online using #BHMEA23 and @Blackhatmea.