Cyberattacks don’t happen in a vacuum. While your organization may be specifically targeted by cybercriminals, the style of attack they are using isn’t unique to you. It’s one they will use over and over, especially if it is successful, and will sell on the Dark Web for other cyber criminals to buy, use and modify.
Security analysts know that. And yet, while cyberattacks tend to be universal, cybersecurity teams tend to work in a vacuum. They are siloed in their approach rather than reaching out to others in their industry for advice. This prevents them from sharing their approach to threats or collaborating with skilled staff in an emergency.
It’s understandable why organizations don’t cooperate more in cybersecurity. There is legitimate concern about revealing too much information about intellectual property or corporate trade secrets. Data privacy leaks and possible compliance violations are also a concern. Overall, there is a great deal of trust required. Who’s to say that the person you are contacting for support isn’t an insider threat at their own company?
At Zero Trust World 2023, executives addressed the importance of cooperation in cybersecurity and approaching the potential for bad outcomes. The solution, they said, is cybersecurity through co-opetition.
What is co-opetition?
Co-opetition (also spelled coopetition) combines the words cooperation and competition, and it is the strategy of bringing together those who would normally be business competitors to work together to bring about a mutually beneficial result. In this case, the result would be improving overall cybersecurity posture and gaining a better understanding of current cyber threats and how to mitigate them. It’s a chance to see peers as trusted advisors rather than adversaries.
Co-opetition can occur with industry competitors, vendors and third-party contractors, customers, or with anyone who has a desire for a shared outcome. It’s a concept we frequently see in action but don’t even notice, such as in e-commerce marketplaces that share a platform with a variety of vendors or the ability to use one website’s login credentials across multiple sites instead of creating a unique credential.
Managed security services providers
In cybersecurity, one example of co-opetition is managed security services providers (MSSPs) who are working together to address concerns like the overall shortage of security talent or to partner with competencies that a company is missing.
“You can know a lot of things, but you can’t know everything about everything,” Dawn Sizer, CEO at 3rd Element Consulting, said during the Zero Trust World event. Sizer’s team has stepped in to help other companies that might not have internal resources to manage data loss protection or offer different types of training. The goal is to help other organizations fill their cybersecurity knowledge gap.
Take ransomware attacks against the healthcare industry. These incidents are excellent examples of how co-opetition and working with peers can improve a hospital’s overall security process. Every facility addresses attempted ransomware attacks; the goal is to keep them from going live. Through co-opetition, different hospitals can learn where the weak points are in their systems, help each other to develop effective ransomware awareness training and gather advice from those experienced with putting together a response team. Healthcare facilities are going to remain competitors. However, by working together and sharing valuable information about threats and mitigation tactics, there will be less risk to patients. In the end, every hospital shares that goal.
A business-first approach
A common denominator for organizations is building an effective cybersecurity program. When leadership works together to that end, they are able to strengthen their security weaknesses. But it is difficult to do that when there is also a level of competition between the organizations that might be fighting for the same customer base, or have proprietary information they don’t want to leak out. Friendships between those in leadership positions can also blur the lines between business and personal relationships.
With co-opetition and any type of collaborative effort in cybersecurity, it has to be a business-first approach. Friendship and familial relationships are fine. But co-opetition requires doing things from a business perspective, explained Danny Perry, Managing Partner at ITCubed, during the conference session.
When you are working with other companies to improve your cybersecurity, you can’t get offended if they ask for things like an NDA or a non-compete clause, Perry stated. You want to work with people you not only feel comfortable with but with those who you believe will be a real asset in helping you achieve your security goals.
How to build your village
Your co-opetition partners are out there; it’s just a matter of knowing where to look. It begins with corporate leadership. Executives who serve on boards together or who meet regularly at industry events already have a relationship. The next step is building off those relationships and then openly communicating about their cybersecurity concerns and needs. It’s also a matter of listening because, as Perry pointed out, sometimes people are doing things better than you are.
“Don’t forget to leverage your vendors, as well,” said Sizer. “They know a lot more people than you do, and they can recommend somebody.” They might not be your peers, but vendors rely on your success, so most will be willing to help.
Why you need your village
Why do you need to build your village to improve your cybersecurity program? Because threat actors are using their village to improve their tactics. Research has found that ransomware gangs are working together to launch attacks, which makes recovery more difficult for victims. The attacks could happen simultaneously or happen in waves, days or weeks apart. But multiple successful attacks leave the organization with layers of encrypted files.
Organizations also need to work together to build stronger defense systems, relying on each other to fill internal vulnerabilities and to learn from each other’s cyber incidents. Maintaining the integrity of your data and network is important to your business operations. No one should have to go on their cybersecurity journey alone when help is just a phone call away.