- Security TWENTY
- Women in Security
The constantly evolving threat landscape means that organisations are often unclear about exactly what they need to be protecting themselves from. Malware knows no borders, writes Chris O’Brien, Director, Intelligence Operations at EclecticIQ, a cyber security product company.
Barely a day passes without yet another new cybercrime victim hitting the headlines. What’s more, these ever-changing threats from cyber-attacks not only affect businesses and individuals, but also – following the reports that Russian hackers targeted 21 US states during the election campaign in 2016 – national economies and the international political landscape.
Plus, attacks are becoming more global and widespread in the potential havoc that they wreak. Consider, for example, the WannaCry ransomware attack, which affected millions of computers across the globe. And took down vital NHS systems in the UK, a major telecom company in Spain and thousands of other organisations worldwide.
In that particular attack, the victims’ computers were frozen and they were being blackmailed into paying the hackers responsible around $300 in bitcoin to regain access to their systems. And these types of transnational cyberattacks simply cannot be prevented or adequately protected without businesses and organisations sharing more details about the latest hacks with each other.
In the case of the WannaCry ransomware attack, it was a godsend that a cyber security expert called MalwareTech found a universal kill switch. Had that not have happened, then millions of businesses and organisations worldwide could well have been victims of a cataclysmic cyberattack. It’s highly likely that we will see something like this again, so what happens when a similar worldwide malware attack takes place? If the information to shut down such a threat is found and needs sharing immediately with the global cybersecurity community, would there be a potential issue?
The truth of the matter is this: there is still a widespread unease in the business community around the concepts of openness and of sharing insight on particular threats with anyone outside an organisation, with companies (understandably) concerned about sharing valuable proprietary data with competitors. Ironically, this distrust is usually highest in those industries and organisations where sharing knowledge is imperative to preventing further security attacks.
Trusting your clients, customers or business partners with valuable proprietary business information is a longstanding issue in most industries. After all, if you give away your product, service or customers details to your competitors, you may as well shoot yourself in the foot, right?
Openness and security are not, traditionally, thought of as being natural bedfellows. Yet the fact is that businesses and organisations must learn to share information about evolving and new threats with the cybersecurity industry to stop and thwart new attacks and protect themselves against future attacks damaging their business.
The real issue is neither black nor white. It’s not a matter of ‘being open’ or ‘not being open’, of course, which is why the cybersecurity industry really needs to develop an agreed-upon process for ‘managing distrust’, as we are never going to live in a world in which businesses freely share information between competitors. The key to this approach is for businesses to work closely with trusted partners and digital security experts to share insights and data on new cybersecurity threats, without sharing valuable industry knowledge with potential competitors.
New standards such as STIX and TAXII (Structured Threat Information eXpression and Trusted Automated eXchange of Indicator Information) are vital in the global fight to protect industries and government departments from cyber threats. These are free, open-source standards supported through the OASIS CTI Technical Committee that allow cyber threat data to be quickly and easily shared in real time. And they are helping companies, industry groups and public or non-profit organisations to better align their joint security efforts. Most importantly, business owners can share the information that digital security experts need, employing these standards and exploring innovations such as zero knowledge data sharing or making use of blockchain sharing methods, to ensure that their competitors aren’t going to be privy to valuable trade secrets!