“do SMEs need some type of digital transparency for business information security issues?”

Now, I’m not suggesting some form of digital whistleblower that champions the transparency of digital and software vulnerabilities, although that could be one option. But I am suggesting some form of ‘collective intelligence: a shared intelligence that emerges from a collective and transparent collaboration of individuals dealing with similar problems’.

Let us consider this option first; the use of collective intelligence directed at security breaches. I would argue, that an effective means of transparently sharing details without fear of recrimination and embarrassment would greatly reduce the impact of such breaches. Fine idea, but the key words here are, ‘recrimination’ and ‘embarrassment’ – how can this be achieved?

Unfortunately, SMEs are reluctant to share information; ‘what about my competitors’; ‘will this sharing be reciprocated’; ‘will it open me up for further attacks, more expense, loss of reputation’; ‘what will my customers/clients think?’ But given privacy and anonymity safeguards, SMEs might just be persuaded to share information with a ‘trusted’ independent security ‘broker’; able to exchange security information from many similar sources. Ok trusted broker step forward!

The Cyber-security Information Sharing Partnership [CiSP] initiative!

The Cyber-security Information Sharing Partnership [part of CERT-UK], is a joint industry government initiative to share cyber threat and vulnerability information in order to increase overall situational awareness of the cyber threat and therefore reduce the impact on UK business.

CiSP allows members from across sectors and organisations to exchange cyber threat information in real time, on a secure and dynamic environment, whilst operating within a framework that protects the confidentiality of shared information.

CiSP members are also able to receive network monitoring reports. This free service allows users to receive tailored feeds of information from CERT-UK covering any malicious activity that we see on your network.

Users can sign up for this service when they join CiSP or register your interest and a member of the team will get back to you when you have the necessary information.

CiSP members receive enriched cyber threat and vulnerability information from the ‘Fusion Cell’, a joint industry and government analytical team who examine, analyse and feedback cyber information from a wide variety of data sources – ultimately adding value to CiSP members and helping those organisations of all levels of cyber maturity. The Fusion Cell also provides a range of products and services including alerts and advisories, weekly and monthly summaries, as well as a capability to conduct bespoke malware and phishing email analysis on behalf of CiSP members.

So what are the benefits for SMEs of becoming a member of the CiSP:

  1. Engagement with industry and government counterparts in a secure environment
  2. Early warning of cyber threats
  3. Ability to learn from experiences, mistakes, successes of other users and seek advice
  4. An improved ability to protect their company network
  5. Access to free network monitoring reports tailored to your organisations’ requirements

More information on the CiSP initiative can be found here: https://www.cert.gov.uk/cisp/