Why reporting an incident only makes the cybersecurity community stronger
CISOs and cyber leaders may not see reporting a breach as the most pleasant of tasks, but experts say mandatory and voluntary sharing of intelligence around incidents can only improve the readiness and resilience of responders.
Contributing writer, CSO | APR 11, 2023 2:00 AM PDT
Reporting an incident to the correct authorities or vulnerability clearinghouses can be an experience fraught with frustration. You pour time, energy, and resources into fighting an intrusion, all while keeping company officials and stakeholders up to date and preventing sensitive information from getting into the wild. Explaining what happened might seem just like another layer of hard work and exposure to potential embarrassment when the details are out there for all to see.
But legislators have been pushing enterprise executives to share more information about security incidents and they’re creating new requirements in the United States and around the world to mandate the disclosure of such information. Why?
As painful or counterintuitive as it might seem to explain how the bad guys did what they did to your organization, there are some great reasons to report breaches. Many security leaders say they fully support requirements that mandate organizations to report incidents of compromise (IOCs) and provide information on how they occurred, saying authorities can use that intelligence to help cybersecurity community better combat bad actors.
Read the full article in CSO:
- Related Resources & News
- Health-ISAC Hacking Healthcare 8-26-2024
- What is Threat Intelligence? A Comprehensive Overview
- Why Cybercriminals Target Healthcare Data and How Organisations Can Protect Themselves
- Federal Authorities Work to Boost Health-Care Cybersecurity
- Health-ISAC Hacking Healthcare 8-9-2024
- Health-ISAC Medical Device Blog – VEX
- Podcast: Health-ISAC Featured in Cyberwire Daily episode 2021
- Health-ISAC Hacking Healthcare 8-2-2024
- Protecting Healthcare Organizations with Human-Centric Email Security
- American Hospital Association and Health-ISAC Joint Threat Bulletin