While there’s no silver bullet in cyber security, we do as businesses have access to artillery and air support in the form of collaboration.
In the past few years, we’ve seen Threat Intelligence sharing become commonplace and various government initiatives help foster more open cyber defence dialogue.
Just recently, for example, the Government’s Australian Cyber Security Centre announced a partnership with the Australian Information Security Association that will see both parties combine their expertise and stage a shared event – The Australian Cyber Conference – later this year. In past years, each would hold their own separate events, but by combining the two, attendees can learn from a far larger cohort and tap into a deeper well of knowledge across industry, government and academia.
This is just the latest example, but it is another data point that shows the private and public sectors are taking collaboration seriously. While there have been many advances when it comes to sharing in cyber security, we can’t rest on our laurels and think the job is done.
This is because collaboration – like security – is a journey, not a destination.
Critically, cyber attackers also see the value of collaboration. The internet, both the public-facing and the more shadowy recesses, are littered with forums where hackers share vulnerability intelligence, tweak each other's code, and offer advice and materials to make attacks more successful. While some of these forums have been taken down by law enforcement, like Darkode in 2015, the highly-decentralised, distributed, and disguised nature of cyber criminals means for each site removed, another hundred lurk beneath the surface.
Whether you’re a newbie hacker looking for tips on how to dip your toe in the water, or a more experienced malcontent seeking feedback on the latest social engineering techniques, these forums are a place to turn for support and guidance.
As the ‘good guys’ in this dichotomy, we should always be striving for more in the area of collaboration, to do it better than the ‘bad guys’. One example where we could improve is through the sharing of ‘Solutions Intelligence’. This is shared feedback on the tactics and strategies that have worked – or failed – in the past, as opposed to just the indicators of compromise typically shared in Threat Intelligence.
By improving Solutions Intelligence sharing, businesses wouldn’t need to constantly reinvent the wheel and waste already limited security resources.
If one organisation has tried a particular security strategy and found that it failed to deliver the desired results, why needlessly force other businesses to repeat the same mistakes?
This is what collaboration is truly all about: finding ways to leverage the combined intelligence of peers, not only to identify a security problem, but also how to solve it.
A perfect example is the global panic caused by the recent KRACK attack. Cyber experts were falling over themselves to warn the end was nigh and that Wi-Fi traffic would never be secure again. In reality, however, an attacker would need a very specific set of circumstances (such as more or less being inside your office) to actually exploit the vulnerability. Your Windows NT boxes were, and still are, a much bigger problem.
The level of panic this very niche threat caused, underscored one of the uglier sides of the security industry – so much attention is placed on these ‘sexy’ and obscure attacks, at the expense of the fundamental basics of security.
Threat Intelligence sharing, when done responsibly, is extremely beneficial. Blowing the potential consequences of a threat completely out of proportion, however, can scare and distract people away from less exciting, but infinitely more beneficial, security strategies – like proper patching procedures and the retiring of out of date technologies.
Sharing Solutions Intelligence is where businesses will see the greatest benefit. Security budgets are limited, so why should organisations be forced to repeat the same mistakes others have already made? This needless repetition is holding us back. Through peer-to-peer sharing, across industry verticals, budgets can be focused on the solutions that have been proven to work. These can then be tweaked and customised for the size and risk profile of each individual business.
This is what true collaboration really is. By sharing what we know works, and what we know doesn’t, businesses can present a united front. We can build upon the successes of the past and continue improving security strategies in order to stay a step ahead of those who would harm us all.