With the turning of a new calendar page comes the tendency to take stock of the prior year and think ahead to how key aspects of business and personal lives might be improved in the coming months. As you ponder your plans for 2017, we encourage you to actively pursue opportunities to collaborate with external and internal entities. And before you write off the suggestion, consider this: Multiple experts state that while legitimate organizations and infosec professionals approach the idea of collaboration with concern and suspicion, cybercriminals have embraced the practice and are using shared intelligence to strengthen their operations and maximize the effectiveness of their attacks.
The Advantages of External Collaboration
At SecureWorld Denver in October 2016, keynote speaker Paul Kurtz stressed the need for active intel exchange between legitimate business entities because, he said, cybercriminals are working together more and more frequently — to their advantage. According to Kurtz, 25% of cyber-attackers claim they are having more success due to collaboration (and, as such, are outpacing organizations that are continuing to operate in silos).
Kurtz is far from alone in asserting this trend; when speaking to CIO for a recent analysis piece, Information Security Forum’s Steve Durbin said he expects criminal syndicates to increasingly move out of “start-up mode” and become more sophisticated about the business of monetizing cybercrime. “What we're seeing is a whole maturing of that space. They've moved from the garage to office blocs with corporate infrastructure,” Durbin said. “They've become incredibly good at doing things that we're bad at: collaborating, sharing, working with partners to plug gaps in their service.”
According to Colonel Cedric Leighton, another keynote speaker at SecureWorld Denver, the issue is compounded in countries like the U.S. because of the struggle to develop partnerships between public and private entities. With a rapidly diminishing divide between “virtual” and “real” worlds, intelligence agencies are in desperate need of access to data and systems to actively monitor for cyber warfare and terroristic threats. Leighton cautioned that prominent nation-states like China and Russia have an advantage because they have actively integrated their military, government, and cyber operations. In contrast, countries like the U.S. tend to be less organized on the cyber front and (for better or worse) have much less visibility into cybersecurity threats that are affecting private organizations and citizens.
Given how quickly threat actors are moving and how devastating attacks are becoming, it’s critical that organizations start thinking about how they can best pool their resources and improve their defenses. A shared intelligence could certainly help to limit the reach of some attackers, who tend to move from organization to organization and industry to industry, using the same techniques to hit their marks. Because the details and methods related to successful attacks are often kept private by affected companies, opportunities to be proactive are limited. Instead of working together to stop a fire from spreading, individual entities are fighting the same fires in isolation.
Though calls for collaboration are nothing new, there is renewed hope for improvements on that front for 2017. In a late-2016 Infosecurity Magazine article, several infosec professionals voiced their thoughts about the importance of intelligence sharing. Raj Samani, CTO EMEA for Intel Security, believes the benefits of having real-time insights into failed and successful cyber attacks will far outweigh any disadvantages, saying:
In 2017, threat intelligence sharing organizations will form among cloud service providers, which will improve identification of and reaction time to attacks. While some businesses and cloud service providers do not perceive the benefits of threat intelligence sharing today, this will shift within the next few years. Whether driven by legislation or the aggressiveness of attacks, we will see much more threat intelligence sharing among businesses and cloud providers — and the benefits will quickly become clear.
To gain the upper hand in cybersecurity, businesses must reject conventional defense paradigms in favor of radical new thinking. One key step is working to be collaborative instead of hoarding information and learning to prioritize cyber defense. On a large scale, this makes life harder for cybercriminals — and ensures data remains more secure.
How did you do on your resolutions for 2016?
Take a look back at the suggestions we offered last year.
The Advantages of Internal Collaboration
The notion of “working together for the greater good” isn’t strictly limited to inter-organizational partnerships. In too many cases, departments don’t share critical information with one another, which can lead to frustrations all around. This is common when an individual or team is tasked with launching a corporate-wide initiative like a security awareness training program.
If you feel you are facing an uphill battle with regard to security awareness and training, some of your issues may be rooted in lack of communication and understanding, which is leading to a lack of support.
We encourage all of our customers to open the lines of communication across their organizations prior to kicking off a cybersecurity training program. It’s critical to get buy-in from key stakeholders — not just executives, but teams like corporate communications, human resources, and IT response. When you explain the need, outline the potential ROI, and get others involved, you make the road smoother. And couldn’t we all use a smoother road in 2017?
Here are a few prior blog posts that can help you with stakeholder buy-in, program planning, and building a culture of security within your organization:
