How Public-Private Information Sharing Can Level the Cybersecurity Playing Field - Dark Reading

THREAT INTELLIGENCE COMMENTARY How Public-Private Information Sharing Can Level the Cybersecurity Playing Field Sharing information is critical to help organizations protect data and systems. To be even more effective, collaboration should be inclusive — vendors, researchers, and private companies large and small. Mike Wiacek,Founder & CEO, Stairwell May 4, 2023 4 Min Read SOURCE: STUART MILES VIA ALAMY STOCK PHOTO The National Cybersecurity Strategy, released in March, calls for technology providers to assume more responsibility for maintaining the security of computer systems, rather than have individuals and small businesses shoulder the risk. But there's another potential equalizer that, if done right, can help organizations get a leg up despite having fewer resources than large companies: public-private information sharing. Effective and efficient public-private collaboration can help democratize information and strengthen the security posture of all companies, regardless of size. Today, most cybersecurity is built for the one-percenters of the tech world, who have the financial resources and cybersecurity staff and expertise to defend and mitigate with relative ease compared with smaller companies without those resources. Yet, when the bigger companies get hacked, they effectively pass along the costs of a breach to their customers. The same attack on a smaller organization can destroy its business. Shifting the cybersecurity liability will help repair the trickle-down cost burden, but better information sharing will level the cybersecurity playing field across the industry. Exchange of Information The 2015 Cybersecurity Information Sharing Act (CISA) has increased the amount of exchange of cyber-threat information between the government and the private sector. Private companies report cyber incidents and the government shares cyber-threat information. While some private organizations are hesitant to share information either out of legal or regulatory concerns or worry that it may be misused, security vendors and researchers are more motivated to participate. The government invites security researchers to collaborative working sessions on a regular basis to swap threat intelligence, but the groups tend to be exclusive and limited to the big vendors. The argument is that working with fewer but larger vendors will minimize the chance of leaks while protecting the most people because they'll have more threat intel to share. But I would argue that making the research collaborations more inclusive would not only level the playing field among vendors but also increase the diversity of threat intel sources and apply more human expert intelligence to the problems. The industry will have better defenses collectively if it is less siloed with its information-sharing processes. Security researchers understand this and are sharing information and resources on a grass roots level. Offensive "red teams" are applying their knowledge to defensive "blue team" activities. And researchers are helping each other make better use of tools like YARA, which was created to enable malware research. Researchers are swapping information about pattern detection in malicious files that other researchers are testing out. They even organized a "#100daysofYARA" campaign on Twitter last year to challenge more people to learn new techniques for creating YARA rules that everyone can benefit from. Security researchers are also releasing projects on platforms like GitHub for others to benefit from. This strengthens the ecosystem and advances the field of learning in a space where attackers have the clear advantage. The National Cybersecurity Strategy also suggests technology solutions to enable collaboration and data exchange for defensive efforts. Specifically, machine-to-machine data sharing and security orchestration can complement human-to-human collaboration efforts to drive threat response at machine speed, the plan advises. Overwhelmed by Data I support that approach, with a caveat. I find that most organizations are drowning in data and struggle to operationalize their threat intelligence effectively now. Therefore, the solution isn't necessarily to increase the volume (although that can help in some cases), but to enable businesses to analyze it and make it actionable. A good analogy is the atmospheric storms that have dumped record amounts of rain on drought-stricken California. At a certain point, reservoirs overflow. The state needs the right resources and infrastructure to manage the influx and retain it properly for long-term use. For security, organizations need the right people, processes, and technology to be able to operationalize threat intelligence at scale. It's heartening to see the Biden administration make such a bold plan and call-to-action to address the cybersecurity issues that put our country at risk. Public-private information sharing is critical to enable organizations, private businesses, and government to protect the data and systems our economy and public safety rely on. For the efforts to be even more effective, the collaboration needs to be inclusive and representative of the security industry as a whole. About the Author Mike Wiacek Founder & CEO, Stairwell Stairwell CEO and Founder Mike Wiacek has built a career around curing the biggest cybersecurity headaches. His groundbreaking achievements in the fields of threat research and cybersecurity tools have redefined how companies approach cybersecurity. His security career started early in life studying threats at the NSA during college. He worked at Internet service providers and with the US government before joining Google, where he was instrumental in identifying Operation Aurora as a nation-state attack and pioneered modern intrusion investigation techniques for APTs (advanced persistent threats). He founded and managed Google’s Threat Analysis Group, a unit with capabilities previously only found in government intelligence and defense agencies. He was a co-founder and Chief Security Officer of Chronicle, a company spun out of Alphabet’s X, the moonshot factory. He founded Stairwell in 2019 with a mission to empower organizations to outsmart any attacker. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like THREAT INTELLIGENCE React2Shell Exploits Flood the Internet as Attacks Continue by Rob Wright DEC 12, 2025 THREAT INTELLIGENCE Chinese Gov't Fronts Trick the West to Obtain Cyber Tech by Nate Nelson, Contributing Writer OCT 06, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 THREAT INTELLIGENCE Trump Targets Krebs, Revokes SentinelOne Security Clearance by Kristina Beek, Associate Editor, Dark Reading APR 10, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ APPLICATION SECURITY Microsoft Patches 83 CVEs in March Update byJai Vijayan MAR 11, 2026 4 MIN READ THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE