Cybersecurity: Why sharing is more than just caring
By Sean Duca & Mihoko Matsubara August 24, 2016
- Bad guys work together tactically and strategically to achieve their nefarious goals
- Defenders also need to collaborate in the same manner … and share threat info
CYBERSECURITY is often evaluated in terms of dollars and cents: How much will this solution cost, and how much does it save for the company?
More often than not, this results in security departments facing challenges in getting their leadership and management teams’ buy-in to invest in the technology, people, and processes needed to defend an organisation against cyberattacks.
While the impact of today’s cyberthreats is growing, many organisations still consider the management of these risks an IT issue, separate from main corporate and business concerns.
In fact, PwC’s Global State of Information Security Survey (GSISS) 2016 indicates that more than half of chief executive officers in Asia do not consider cybersecurity a top business risk.
Until recently, most executives didn’t often consider cybersecurity in the context of their most common concerns, such as managing risk, preserving business operations and hitting sales targets.
Because new threats are ‘unknown,’ they do not attract enough attention from executives, who are unwilling to take immediate action or pay to mitigate such ‘unknown threats.’
This is understandable. It is hard to invest resources in something not easily measurable when we have multiple things to worry about in today’s complicated and interconnected world.
Nonetheless, it is also true that cyber-attackers are quick to take advantage of such a mindset. This means criminals can keep winning as long as they adjust the ways in which they mount successful cyber-attacks.
This can result in the grave loss of proprietary information, customers’ personal data, sensitive government intelligence, or even lead to crippled critical infrastructure.
In light of this, the importance of automated prevention and the sharing of threat intelligence cannot be overstated.
It is crucial for chief information officers to take unknown threats, turn them into known threats, and share the threat intelligence as openly and quickly as possible to bring greater security to the world.
The Cyber Threat Alliance and Financial Services – Information Sharing and Analysis Center (FS-ISAC) are two good examples of organisations that use sharing frameworks to provide threat intelligence among member companies in the same industry.
Their efforts jointly raise awareness at the global cybersecurity level and bring greater value to their customers in the form of protection from advanced cyberattacks.
This kind of framework may sound odd to traditional business minds; some businesses would rather keep what they know than give it up for free, because information is, after all, power.
However, this outlook leads to the loss of opportunities to utilise information to protect other companies against similar cyber-attacks.
The global threat of cybercrime is too great for companies not to share threat information among peers.
Bad guys – whether cybercriminals, terrorists or state actors – work organisationally, tactically and strategically to achieve their nefarious goals.
Defenders also need to collaborate in the same manner to increase the cost of successful cyberattacks – and make that cost prohibitive for attackers.
These defensive efforts do not have to be massive undertakings. A 2016 report by the Ponemon Institute, Flipping the Economics of Attacks, showed that 73% of attackers hunt for cheap, easy targets.
In fact, an increase of just two days in the time required to conduct a successful cyber-attack can eliminate as much as 60% of all attacks.
READ ALSO: The high cost of the IT security talent shortage
Sharing cyber threat intelligence efficiently allows organisations to shorten the effective lifespan of attacks, and increase the burden on attackers.
However, a swift and effective reaction alone is not the answer. Organisations must also switch from reactive defence to proactive and automated prevention.
This does not mean denying the importance of incident response. There is no 100% effective security solution, and incident response is still an indispensable part of cyber-resiliency. Automation, on the other hand, allows defenders to compress the time for incident response, which involves time-consuming manual work, and eventually reduces costs for cyberdefence.
The World Economic Forum argues that the Fourth Industrial Revolution relies on digital technology to boost the global economy and improve quality of life. This concept is dependent on people’s trust in the Internet.
As the world becomes increasingly connected, cybersecurity will be critical in promoting the trust needed to make today’s economy robust and successful. If people lose confidence in Internet security and begin to use it less, the strength of the global economy will be diminished.
In the 21st century, cybersecurity is not simply a cost as some people believe. In fact, it is a key driver of the Fourth Industrial Revolution.
Sean Duca is vice president and regional chief security officer of Asia Pacific and Mihoko Matsubara is chief security officer of Japan at Palo Alto Networks.
Threat disclosures: Governments still secretive
Companies resist mandatory disclosure, cybersecurity suffers
Cyberthreat info-sharing on the rise: Fortinet expert
The next industrial revolution is going to hurt us bad
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.