Written by Adriana V. of FTI Consulting. Originally published on LinkedIn.
Outside the cybersecurity industry, most business executives do not know what an ISAC is or what’s in it for them. However, these powerful, and at times, underestimated industry consortiums bring tremendous value to their companies, industry sectors, and societies at large.
Industry-Specific Collaboration Hubs
Information Sharing and Analysis Centers (“ISACs”) were created in 1998 in response to a US Presidential Directive which called for the creation of sector-specific organizations tasked with protecting critical infrastructure by sharing cyber intelligence.
However, the role and reach of these organizations, which now cover nearly 30 industries and are no longer confined to US borders, have expanded significantly. Today, ISACs are unrivaled hubs for CISOs, threat intelligence, communications, public affairs, business continuity, and incident response experts to share best practices, coordinate, and thwart cyberattacks.
Propellers of Global Cyber Maturity
Since cyber threats are borderless, some ISACs have globalized rather quickly. Some ISACs participate in markets with little to no cyber regulation and limited local cyber talent. Through their platforms and events, ISACs enable online and offline collaboration between cyber talent from highly sophisticated global companies and their local counterparts, raising the maturity of those with fewer resources within their jurisdictions.
For instance, the global systemically important banks, which are known for their advanced cyber programs and substantial investments in cyber, send their talent to the ISACs Summits. These events gather hundreds to thousands of cyber folks, sometimes in geographies with limited cyber maturity. These advanced cyber experts often showcase at “member-only” sessions the latest technologies and strategies against industrialized cybercrime. By learning battle-tested information from well-funded ISAC members, those with less resources can accelerate their evolution and allocate the resources at their disposal more effectively.
Efficient Capability Creators
Given their status as not-for-profits, these organizations fund their operations through membership dues and events. In most cases, the annual membership is substantially less than what many of their member firms pay to cybersecurity vendors, and, when membership benefits are maximized, they far exceed expectations.
These organizations are laser-focused on their industry risks and disseminate information at warp speed, especially when facing a large-scale cyber threat against the sector. The ability to log into a platform with hundreds or thousands of industry peers to share and/or consume the real-time information related to a threat – and how to mitigate it - is truly priceless. Over time, the ISACs’ ongoing collaboration helps identify cyber-attack trends that can bolster industry-wide defenses, raising the costs that cybercriminals must incur to launch effective attacks. If thousands of companies know the emerging criminal tactics within hours, the tactic will likely fail.
Trusted Views with an Authoritative Voice
With an unparalleled visibility of an industry’s cyber state, ISACs are uniquely positioned to provide an authoritative voice to critical stakeholders, including regulators. From the vantage point of a mission-driven global operation, the ISACs can bring clarity and perspective to the most pressing issues facing the sector they represent. From the role of AI and Quantum Computing to the steps an industry has taken to mitigate the most common cyber risks, ISACs are a welcomed source of credible information, especially when highly publicized threats or incidents fill the market with mis/disinformation.
Crucially, vendors can efficiently and effectively provide timely and precise information during a large-scale security upgrade, outage, or threat by leveraging dedicated member communication channels across an ISAC.
Long-lasting Impact
While I was fortunate to discover ISACs as a member of FS-ISAC's executive team a few years ago, today I have the privilege of collaborating with other ISACs such as the Crypto ISAC and multiple members of the National Council of ISACs. Over time, it has become acutely evident that their contributions leave a positive long-lasting impact across borders, verticals, and areas of expertise. Lastly, at a time when #globaloutages, #supplychainattacks, and #disinformation campaigns warrant expeditious, large-scale information dissemination, ISACs have become the most efficient funnels for cyber companies to provide clarity and actionable intelligence when companies and societies need it the most.
Comments