We must forge alliances to combat cyber-crime, writes Liv Rowley, pictured, Threat Intelligence Analyst, at Blueliv, a cyber security threat reporting company.
Cybercriminals are masters at collaboration. They share information on new exploits, attack tools and vulnerabilities. They buy and sell manuals to improve the effectiveness of fraud and phishing campaigns and they hire out their own “as-a-service” toolkits to others in need of support. This is what helps to make the cybercrime economy the $1.5 trillion threat it is today. So, what do we do in response? The key is to embrace collaboration with the same enthusiasm. This means sharing intelligence with our fellow cybersecurity professionals in other organisations, and even outside the industry, with law enforcement and academia.
The scale of the challenge
Modern organisations are laser-focused on digital transformation. Investments in cloud, IoT, artificial intelligence and more offer the tantalising prospect of greater business agility and innovation-fuelled growth. But with this mini-revolution in corporate IT brings new risks and compounds old ones: a broader attack surface for hackers to target, a dearth of qualified security professionals able to defend systems, and ill-designed and implemented security tools that may create gaps in protection. Cybercriminals are making the most of these opportunities. One AV vendor blocked 26.8 billion threats in the first half of 2019 alone. Ransomware, fileless malware, Business Email Compromise (BEC), account checking (credential stuffing) attacks, and data breaches are all on the rise. Individual BEC and ransomware incidents have cost organisations tens of millions of pounds. Plus, regulators are starting to issue monumental fines when they see firms letting their customers down on cybersecurity.
Strength in numbers
Improved collaboration can help the white hats respond, and the good news is that there’s already evidence of a growing number of successful projects. The Blueliv Threat Exchange Network for example, is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. In the UK, the Cyber Security Information Sharing Partnership (CiSP) was created back in 2013 and now sits within the NCSC. It boasts that countless organisations use it to “exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.” The UK Government also established a Defence Cyber Protection Partnership (DCPP) — a joint Ministry of Defence (MOD) and industry initiative, to improve collaboration between the MOD and key suppliers.
Similarly, in the US, the Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs) offer opportunities for real-time, contextual sharing of threat intelligence — in the case of the latter, across multiple industries. Participating in collectives such as these enables organisations to proactively identify, mitigate and block attacks more effectively. Information sharing doesn’t even need to be this formalised. It’s heartening to hear that industry peers are starting to exchange threat data in informal networks, to the benefit of all participating organisations.
A problem shared
Unfortunately, there’s still a perception that intelligence sharing is bad for competition, bad for business and could even expose organisations to new risks. This just isn’t true. As multiple industry professionals have pointed out, security is not a competitive advantage; refusing to share threat intelligence will not inherently help your organisation. Similarly, close collaboration behind closed doors will not harm corporate reputation. Information shared can be abstracts far removed from daily operations, such as IOCs and malware signatures. Alternatively, many analysts field questions to their peers to discuss cyberthreats in general terms.
In fact, closer collaboration can help organisations reap greater cost savings ($2.2m+) than either investments in advanced identity and access management or machine learning-based security tools, according to one report. Of course, it’s important to understand how data is shared among network participants before you join said network. Establishing boundaries up front will help to build trust and foster organic growth between organisations and individual security professionals. Once you have access to these exchanges, data can be plugged into existing threat intelligence systems to enhance proactive monitoring and dynamic response to emerging attacks. The result is to spot threats earlier on, mitigate risk more effectively and build resilience into defensive tools to pre-empt the next wave of attacks.
The bottom line is that we’re all fighting a common enemy. With the bad guys innovating fast and responding quickly to emerging tech trends, we must too, by socialising cybersecurity across the industry.
