Security is a team sport. Both threat actors and cybersecurity professionals are teaming up and collaborating in greater numbers than ever. In fact, a United Nations study found that crime rings that regularly share information drive around 80 percent of cyberattacks. The dark web has become the standard platform to share security data, as well as an effective marketplace to monetize cybercrime activities.
On the defensive side, mature security programs are developing approaches to integrate different teams. According to The New York Times, some companies are even building fusion centers where employees from a range of backgrounds — from fraud detection to forensic analysis to customer service — work together to fight threats. Motivated by the demand from customers, IBM Security built a cyber range and a mobile Cyber Tactical Operations Center (C-TOC) to help battle-test security teams with crisis simulations.
How Can Cybersecurity Professionals Foster More Collaboration?
While many organizations are using the Department of Homeland Security (DHS)’s fusion centers as a model to foster collaboration among teams, the vast majority of companies are facing a skills shortage. According to ISACA, 27 percent of U.S. enterprises are unable to fill open roles for cybersecurity professionals. Given this challenge, how can enterprises promote collaboration and, more importantly, use it to drive better security outcomes?
When considering how to prevent cybercrime, it’s critical to break down barriers to collaboration. It’s time for us to learn from each other, and not reinvent the wheel when it is already working for someone else. We must use the spirit of community to inoculate ourselves against threats and gain long-term immunity. The human race has conquered many deadly diseases, such as smallpox and polio, through community immunity — so why not bring this concept to cybersecurity?
Here are three ways to foster collaboration among teams and achieve community immunity with the help of a security data integration platform:
1. Gain a Global Perspective
We should be able to leverage insights from our peers to enrich our own decision-making. One way to do this is by using a threat score or another normalized method of sharing threat intelligence. Threat sharing should always be anonymous to protect the privacy and security of enterprises and individuals. Threat intelligence should also be specific, whether at the regional or industry level, to make it relevant and actionable.
2. Reduce Blind Spots
Threat intelligence is just one part of security. Analysts need visibility into many other areas, such as database vulnerabilities and fraud analytics. Having a single, collaborative platform to share this security data allows other analysts and researchers to build on and refine the information and, in turn, share improved data with the security community.
3. Generate Personalized Recommendations
The power of global analytics is in leveraging the learnings from a broader environment and making them relevant to us. We often see this approach in retail, where websites recommend a product based on your purchase history or user profile. In security, a recommendation engine that proactively surfaces improvements to your existing program or tips to fine-tune your deployments can be incredibly useful. In addition, as customers move toward purchasing micro-apps and services and when they need them, a recommendation engine can proactively suggest solutions so analysts can stay ahead of threats and leverage the latest innovations available to them.
Don’t Go It Alone
So, how will you build your team? If anything is certain about today’s evolving cyberthreat landscape, it’s that you can’t go it alone. By fostering relationships with peers, improving visibility into databases and vulnerabilities, and investing in systems that generate personalized recommendations, security leaders can launch a more coordinated and collaborative counterattack in the ongoing battle against cybercrime.