Undoubtedly, today’s borderless networks pose security challenges and provide hackers with greater scope to cause chaos. A data breach in one organisation’s network can provide hackers with an avenue into another, and initiate a chain-reaction of breaches compromising the confidential data of numerous organisations.
Though data sharing is actively encouraged, there has not been a big push to ensure that organisations are sharing threat intelligence with their partners and peers. Instead, it has been too easy to dismiss the importance of ensuring that organisations are collaborating on security.
Share and share alike
Since the political, reputational, and financial consequences of admitting to a breach can be severe, it is no surprise that most organisations choose to remain quiet about the threats they encounter. Informal information sharing is already taking place to an extent behind closed doors, with partners exchanging data through ad-hoc email or personal discussion. However, confidential, peer-to-peer networks shrink the pool of insight and make it almost impossible to coordinate large-scale, industry-wide responses.
What’s more, data classification legislation including the upcoming European General Data Protection Regulation (GDPR), means that many sectors are restricted in what information can be shared. As a result, many collaborations are only of limited use. This leads to poor response times, general unpreparedness and a lack of coordination once a threat has been detected.
Fortunately, attitudes are changing. Cybersecurity is losing its reputation as something that must be hidden at all costs. Crowdsourcing information has seen considerable success in both healthcare and law enforcement, and there is no reason why these advances cannot be repeated in cybersecurity. As a result, information sharing within collaborative groups of trusted peers is set to be a game-changer in tackling and enabling defences against industry-specific threats.
Crowdsourcing and community construction: the potential of peer-review
Already, a growing number of organisations are collaborating across industries and competitive divides to share valuable insights that can protect their shared industries. For example, in 2013, the UK Government established the Defence Cyber Protection Partnership (DCPP), with the aim of boosting cybersecurity collaboration between the private and public sectors. It is a combined effort between the Ministry of Defence, the Department of Culture, Media and Sport, trade associations and the TechUK organisation. It enables officials to coordinate the nation’s response to emerging threats. The same information is available to participants in defence, commerce, innovation, and the civil service, boosting the chances of a successful threat response.
Information Sharing and Analysis Centres (ISACs), Information Sharing and Analysis Organisations (ISAOs) and communities of cybersecurity analysts work in a similar way, built on trust and the common desire for large-scale collaboration. Members agree on the rules and principles that govern community participation, including the level of anonymity and what data should be shared at what time. Collective goals and values as well as clear, agreed-upon boundaries encourage initial sharing. Trust grows, working relationships expand, and collaboration eventually occurs organically.
Participating in ISACs, ISAOs, and other collectives enables a distributed defensive intelligence network that quickly identifies and disrupts attacks across that network. Intelligence sharing helps organisations identify additional indicators, capabilities, and tactics that adversaries may employ against them.
Work together, thrive together
Any time you can force the adversary to step away from the battle, lick their wounds, and ultimately abandon operations against your organisation because it’s no longer worth it, is a success. If done successfully over time, information sharing and research supports an organisation’s day-to-day defences while also potentially approaching a tipping point with respect to the adversary’s perceived risk.
Sharing intelligence with like-minded organisations and communities that seek to understand the same adversaries is an essential way to enrich companies’ understanding of common threats, and turn that into actionable insights that counter the adversary in question. Denying the adversary any degree of success and punishing them for each intrusion attempt, through information sharing and exposure, presents the adversary with a cost/benefit decision point.
Strength in numbers
Every day, more organisations are collaborating in the fight against cybercrime. Regardless of sector or cybersecurity maturity, businesses are seeing the benefits of having their security specialists working and communicating with each other. For example, recent partnerships between GCHQ and Wayra UK and competing banks Santander, Deutsche and Barclays point towards a larger trend of public-private and cross-competitor cooperation.
Forward-thinking organisations recognise that unifying people, technology, resources and intelligence are the foundations for future cybersecurity. Ultimately, it only takes one weak link to break the chain during an attack and allow an adversary to breach all parties. However, collaborating organisations can piece together a more comprehensive profile of a given threat and gain a better understanding of enemy tactics without significant added time. Community collaboration notably reduces the costs involved in understanding an evolving threat landscape. It helps participants gain insights that may not have been otherwise available to them, leading to faster and more targeted threat response.
By Adam Vincent, CEO at ThreatConnect