A survey by Kaspersky Lab found that over half (52%) of IT and cybersecurity professionals are barred by company rules from sharing their findings with outsiders. This may have major cybersecurity implications and in many ways, preventing hacks, discovering vulnerabilities, and securing systems are all harder to do if professionals aren’t exchanging knowledge.
Worryingly, the survey also pointed out that only 44% of respondents have actually made their discoveries public. In companies where external sharing is allowed, 77% of cybersecurity analysts did so. But when it isn’t allowed, only 8% did – presumably in a clandestine manner and at the risk of being terminated.
Kaspersky experts noted that company-mandated secrecy is driven by worries that cybercriminals may react and adapt if they know they’ve been detected. Sergey Soldatov, head of Kaspersky Lab’s Security Operations Center, emphasised the need for balance.
“Any information about a threat will help your peers to investigate an attack and plan an effective response,” he said, but added, “until you know whether a response’s actions will be successful or not, you can’t reveal that a company is doing something, since attackers will easily understand that they were detected and go underground.”
The results from the survey which is titled IT Security Economics 2020 were based on correspondence with over 5,200 IT professionals across 31 countries in June 2020. The final report is rather long but if you want to have a go with it yourself, check out Kaspersky Lab’s blog right here.