The news is full of stories of hackers lately, whether it’s Ashley Madison or Wall Street. The king of social media -- Facebook, of course -- thinks it’s reached a solution, a program that stops spammers and hackers before they can do any damage, called ThreatExchange.
It’s like a network of companies that discuss hacking attempts on their sites with one another so that others can look out for the same activity. If it works, it could just make the internet a heck of lot safer for companies and users alike. What’s more, it could provide insight into the minds of the hackers as well, picking up on patterns and methods and identifying hacks that are similar to others.
It’s Been Done Before
If you’re a financial company, you might have heard of Soltra. It’s a finance industry-specific partnership where threat information is collected. Hewlett-Packard has Threat Central, requiring you pay a subscription fee in order to view threat details and share your own experiences.
While some people have felt sharing this information is a bad thing -- they have to share information with other companies who might be competitors, not to mention customer data may be revealed in the process -- others know that hacking must be stopped in its tracks. Facebook is taking the initiative and starting the conversation.
How It Works
Each company participating in the program receives software that keeps watch in the background of each company computer, logging any information about any cybersecurity threats it may come across. Users are able to choose what information is shared and who can see it, protecting privacy.
The service is free to users, making it even more enticing. Facebook brought the program to the table in February of this year, and 11,000 companies have applied to be part of the program. 90 groups have been chosen thus far from seven industries, including Yahoo, Pinterest, PayPal, defense contractors, colleges, and Microsoft to name a few.
You’ll note that the government isn’t part of that industry list. Facebook says there are no plans to include them in the future. Why? Firstly, government agencies are subject to public records requests regarding the information they are submitting. What’s more, Facebook does not want to provide law enforcement with ThreatExchange information.
What They’ve Learned
The program has been used by participants about a whopping 30 million times per month, typically searching for details on malicious software. A cybersecurity director at PayPal said that the fact companies can decide whether or not to trust the information provided based on who’s providing the information makes the program work for them.
Facebook doesn’t check each threat submission -- it leaves it up to the companies to decipher whether a threat is worth guarding against for their own intents and purposes. What’s threatening to PayPal is going to be quite different than what Pinterest find threatening.
You get much more than a description of the threat itself. Users also see where the software originates, and where it is transmitting to. You learn not only that the software is malicious, but also which sender should not be trusted.
This program seems to be a big step in the right direction towards cybersecurity, both for companies and for users.