Trust is a huge issue in most sectors. Borne from years of ruthless competition, battles for customers and getting ‘one up’ on rival companies, trusting partners and customers with valuable information is difficult for businesses.
Distrust derives through the fear of giving away valuable product information and business data you don’t want leaked or customer contact details. But it is also because of basic security. If competitors or cyber criminals can access data and find information they can use against your business, you’re opening yourself up to a whole host of threats, reputational damage and the potential loss of customers.
The concept of sharing insights with those outside of an organisation is an awkward proposition given the current high levels of cross-border and competitive distrust. Ironically, trust forms a fundamental part of many business models in industries such as the public sector or aerospace, yet distrust is often highest in the organisation where sharing knowledge is imperative.
This needs to change. Especially in the cybersecurity industry where it’s becoming increasingly important for businesses to work together and share information to stay one step ahead of the ever evolving threat landscape.
Beating cybercrime through knowledge
Trust and openness are both complex issues that differ depending upon the nature of the business sector – yet, to ensure a business is properly protected against malicious cyberattacks, both are vital. With this in mind, the security industry needs a process for managing distrust, as opposed to pushing for ubiquitous openness which is, quite frankly, an out of reach utopian view.
Businesses need to work closely with their trusted partners and digital security experts to develop ways of sharing insight and data on new cybersecurity threats that don’t also share valuable industry knowledge with their competitors.
There are already ways of sharing data that provide insight without the full intelligence – zero knowledge data sharing and making use of blockchain sharing methods for threat intelligence, for example. These methods can provide enough information to stop an attack without threatening the competitive industry spirit that has been built up over many years.
This is also where standards such as STIX (Structured Threat Information eXpression) – itself a community-driven effort, STIX relies on information sharing all while making threat intelligence flexible, automatable and understandable for humans – and TAXII (Trusted Automated eXchange of Indicator Information) can help to re-align IT security efforts. The ability to express threat intelligence in a structured format allows you to more easily separate potentially sensitive data from that which is easily shareable. Adding granular data markings to the entity level, based on that sensitivity, means you can have full visibility on how your data can be shared and what the potential impact may be.
Protection through sharing
Business owners and IT leaders responsible for digital security need to be fully informed on the various ways of sharing that provide cybersecurity experts with insight without full intelligence.
Consider last year’s WannaCry attack which saw ransomware hit millions of computers, taking down vital NHS systems, a large telecom in Spain, and hundreds of other businesses and institutions worldwide. Victims were held ransom and their computers frozen until the hacker’s demands of around $300 in bitcoin were paid.
Thankfully, cybersecurity expert MalwareTech saved millions of users and businesses across the globe from what could have been one of the worst cyberattacks in history by discovering a universal kill switch. What if that it wasn’t a universal kill switch but a local one that needed to be shared with all of those millions of victims to be able to implement? Remediation needs to keep pace with the scale of the impact.
To really be able to stop cyberattacks in the future, especially those on the same scale of WannaCry, threat intelligence must be accessible and available to all. Standards such as STIX and TAXII will be able to help all organisations and industry groups organise their security efforts based on real-time information.
While it is obvious that this is the best path for organisations across the globe to follow, changes need to be made. The use of these standards currently seems to be a conscious effort and not something businesses are taking as seriously as they should. Now more than ever though, it the time for security professionals within businesses to drive a culture of openness and stay on top of the inevitable cyberattacks which are yet to come.