On January 23rd, CTA turned four.  It seems like both a long time and a brief moment since our six founding members officially incorporated the organization as a non-profit.  Since then, CTA members and staff have worked hard to turn the company into a viable long-term sharing organization.  In that effort, we have succeeded.  We now have five times as many members with headquarters in four times as many countries.  CTA members share at far greater volumes and with more diverse data on a completely rebuilt platform.  We’ve expanded our sharing efforts to include human speed activities and our engagement efforts now span blogs, webinars, conferences, panels, social media, and traditional media.  Organizational processes, the mundane stuff it takes to run and sustain an organization, are well-established.  While we are still learning and growing, CTA has matured substantially.
As a result, CTA proves that regular, sustained threat intelligence sharing can work in the cybersecurity industry.  To put a fine point on it, CTA shows that cybersecurity providers can regularly share threat intelligence with each other and still make money – no business models have been harmed in the making of CTA.  In fact, sharing through CTA makes member companies more competitive, not less.
We have learned, though, that while such sharing is beneficial, it’s also hard work.  Sharing is particularly difficult to sustain at scale with quality over a long period of time.  Threat sharing requires focused attention, regular engagement, and leadership support; otherwise, it simply fizzles out.  As CTA heads into its fifth year, I would highlight three lines of effort that will sustain CTA’s sharing activities:

  • Increase the value of membership: we will develop and deploy new capabilities to make our automated sharing activities easier and the resulting data easier to analyze.  We will continue to improve the quality, diversity, depth, and breadth of our shared data, and we will continue to grow our membership.  We will maintain our outreach activities that help increase our name recognition.  All of these activities will increase the return members get on their investment in CTA.
  • Reduce the effect of ransomware: ransomware has evolved from economic nuisance to national security threat.  As a result, the cybersecurity industry needs to aggressively counter this activity.  CTA will work with its members, other companies, non-profits, industry associations, and governments to develop policies and actions that will reduce the impact of ransomware on the digital economy.
  • Facilitate industry collaboration: sharing information is the foundation of what CTA does.  However, we share information not for the sake of sharing itself, but so that cybersecurity providers and other organizations can take actions to make the digital ecosystem safer overall.  To that end, CTA will work to increase collaborative action against malicious cyber activity, especially criminal organizations.  These activities will include internal working groups focused on key threats as well collaborations across organizational lines.

Taken together, these efforts will further CTA’s three-pronged mission to enable members to better protect their customers, disrupt malicious cyber activity, and raise the level of cybersecurity across the digital ecosystem.  As a more mature organization, CTA is well positioned to pursue these goals.
As part of our efforts to mark this occasion, in February I will host a virtual panel with Ken Xie, Mark McLaughlin, and Chris Young – three key players in CTA’s founding.  We will talk about what led them to found CTA, how they worked to make it a reality, and how CTA can continue to evolve as the digital environment changes.  That should be a great discussion.  Stay tuned for more details.
Happy birthday, CTA.  Here’s to another successful year.

Back to News