<p>Cyber threat intelligence (CTI) provides actionable insights into the threat landscape, helping organizations strengthen their defenses. Because commercial CTI is costly, inter-organizational sharing can reduce expenses, yet adoption remains limited. Still, the design of effective incentives for CTI sharing and their embedding in a sharing platform remains underexplored. We conducted 15 semi-structured interviews with security professionals to elicit incentive requirements and design options. We find that organizations prefer to share CTI with known recipients to build trust and support GDPR compliance. They also value mechanisms that lower coordination costs, such as a reputation system and price guidance to help prioritize scarce analyst time. Further, a major barrier is skepticism about the net benefits of sharing. To address this, we propose financial compensation for contributed CTI and a marketing label that signals proactive cybersecurity to partners and customers. We implemented these incentives in a platform prototype and assessed their effects in 14 hands-on sessions with security experts. Participants reported increased willingness to share, suggesting that well-designed incentives can catalyze CTI-sharing ecosystems. Put simply, organizations can share and benefit.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Share and benefit: incentives for cyber threat intelligence sharing

  • Tobias Reittinger,
  • Johannes Grill,
  • Günther Pernul

摘要

Cyber threat intelligence (CTI) provides actionable insights into the threat landscape, helping organizations strengthen their defenses. Because commercial CTI is costly, inter-organizational sharing can reduce expenses, yet adoption remains limited. Still, the design of effective incentives for CTI sharing and their embedding in a sharing platform remains underexplored. We conducted 15 semi-structured interviews with security professionals to elicit incentive requirements and design options. We find that organizations prefer to share CTI with known recipients to build trust and support GDPR compliance. They also value mechanisms that lower coordination costs, such as a reputation system and price guidance to help prioritize scarce analyst time. Further, a major barrier is skepticism about the net benefits of sharing. To address this, we propose financial compensation for contributed CTI and a marketing label that signals proactive cybersecurity to partners and customers. We implemented these incentives in a platform prototype and assessed their effects in 14 hands-on sessions with security experts. Participants reported increased willingness to share, suggesting that well-designed incentives can catalyze CTI-sharing ecosystems. Put simply, organizations can share and benefit.