BT blazes trail in cyber intelligence threat data sharing

Written by Deborah Ritchie
08/02/2018

BT has called on UK ISPs to follow its lead in sharing threat intelligence data across the community in a secure and trusted way, in an effort to protect businesses and consumers from cyber crime. The telecoms provider is the first telecommunications provider in the world to start sharing information about malicious software and websites on such a scale, and is in direct response to an initiative led by the UK’s National Cyber Security Centre (NCSC) to enable ISPs to share detection events.

The development sees BT alert other ISPs in the UK to any malicious domains associated with malware control that it identifies using its advanced threat intelligence capabilities. ISPs can then choose whether to take any action to protect their customers by blocking the harmful malware.

Domain Name System (DNS) filtering is a key plank of the government’s Active Cyber Defence Strategy, and BT has been supporting this by automatically blocking tens of millions of malware infections which try to cross its infrastructure every week.

CEO BT Security, Mark Hughes, said that only by working together with government and the rest of the telecommunications industry can the tide of cyber crime be stemmed.

“We’ve been taking a more proactive and automated approach to blocking malicious code and harmful website content on our infrastructure for some time, in line with the NCSC’s Active Cyber Defence strategy. This allows us to mitigate a high volume of cyber threats before they have a chance to take hold and impact our customers. By sharing our malware data, we’re empowering other ISPs to provide their customers with the same level of protection, should they choose to take action,” he explained.

Technical director for the National Cyber Security Centre, Dr Ian Levy, praised what he called a “fantastic initiative”.

As a result of the growing industrialisation of cyber crime, and the increasing complexity of malware, BT has identified and shared over 200,000 malicious domains since initiating the sharing of threat information at the end of last year. The company's global team of 2,500 cyber security experts are currently preventing the delivery of 50 million malicious emails with 2,000 unique malicious attachments every month – or 20 malicious emails a second.