The growing scale and sophistication of cyberthreats makes it increasingly important for public and private sector organizations to collaborate and share cybersecurity data, cyber leaders say in a new podcast.
While the divergent demands of government and private sector have historically made data sharing challenging, the creation of industry consortiums to catalog and share threat intelligence has proven to be a beneficial model, explains Mark Ford, industry sector leader for higher education and Deloitte’s Risk and Financial Advisory Services business.
Working through the process of information sharing using public-private consortiums has been one way to build trust between private and public sector enterprises, adds Linda Walsh, managing director at Deloitte and cyber risk services leader at Deloitte’s Risk and Financial Advisory. That effort has also contributed to efforts to protect the United States’ critical infrastructure.
Walsh and Ford share examples of how public-private partnerships are improving cybersecurity efforts, along with other insights and recommendations, in this latest episode of the “Cyber Everywhere” podcast series, produced by CyberScoop and underwritten by Deloitte:
Public-private collaboration to improve critical infrastructure security
“I think every major industry out there now has some sort of consortium, where they get an aggregate of intelligence groups to share information about malware, so they can pivot quickly to patch those vulnerabilities,” says Walsh.
Walsh says one of the most fruitful examples she sees is the Financial Services Information Sharing and Analysis Center (FS-ISAC). “It’s an industry consortium that’s dedicated to reducing cyber risk. And not only does it help in the U.S., but it really extends to our global financial critical infrastructure.”
Ford adds that the health care industry has also greatly benefited from information sharing initiatives. After the 2010 health care law took effect, significant attention was put on controls to be in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and upgrades to electronic medical records.
“With the investment that the government was making in health reform, and especially the infusion of money to help upgrade systems, that allowed the industry to really focus on this and make it a priority. And just in time, because they got hit with a massive number of these ransomware attacks that have decimated in some cases, those who were unprepared. But the industry as a whole did, I would say much better than they would have five years earlier because of [information sharing],” says Ford.
How enterprise leaders can improve information sharing
Information sharing is not without its challenges, says Ford, because “there still seems to be some limitations relative to the amount and the depth of the information that can be shared. And of course, that ties back to national security.”
However, the benefits will outweigh the challenges, Ford asserts. “One of the things that we’re seeing in higher ed now, especially around research integrity, is federal agencies like the FBI actually starting to have some of the higher ed cybersecurity people have clearances so they can bring them under the tent, so to speak, and start to see more and learn more about what the real threat looks likes,” shares Ford.
Universities are an important piece of public-private partnerships
Walsh says there is a need for universities to join in these partnerships because of the changing landscape of technology and vulnerabilities.
“I feel like the best private-public partnerships flourish when two partners are like minded around their goals,” she says, and that one way in which partnerships can be formed is by meeting cyber and IT skills needs.
Mark Ford has more than 24 years’ experience in cyber risk consulting. In that time Ford founded Deloitte’s identity and access management practice. Linda Walsh previously served as supervisory special agent with the FBI before joining Deloitte. She specializes in minimizing network security exposure through next-generation threat and vulnerability modeling.
Listen to the podcast for the full conversation on the future of cyber. You can hear more from the “Cyber Everywhere” series on our CyberScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by CyberScoop and underwritten by Deloitte.Deloitte is formally known as Deloitte & Touche LLP, a subsidiary of Deloitte LLP. For more details, see www.deloitte.com/us/about.