April 25, 2023 By Sue Poremba 4 min read

Cyberattacks don’t happen in a vacuum. While your organization may be specifically targeted by cybercriminals, the style of attack they are using isn’t unique to you. It’s one they will use over and over, especially if it is successful, and will sell on the Dark Web for other cyber criminals to buy, use and modify.

Security analysts know that. And yet, while cyberattacks tend to be universal, cybersecurity teams tend to work in a vacuum. They are siloed in their approach rather than reaching out to others in their industry for advice. This prevents them from sharing their approach to threats or collaborating with skilled staff in an emergency.

It’s understandable why organizations don’t cooperate more in cybersecurity. There is legitimate concern about revealing too much information about intellectual property or corporate trade secrets. Data privacy leaks and possible compliance violations are also a concern. Overall, there is a great deal of trust required. Who’s to say that the person you are contacting for support isn’t an insider threat at their own company?

At Zero Trust World 2023, executives addressed the importance of cooperation in cybersecurity and approaching the potential for bad outcomes. The solution, they said, is cybersecurity through co-opetition.

What is co-opetition?

Co-opetition (also spelled coopetition) combines the words cooperation and competition, and it is the strategy of bringing together those who would normally be business competitors to work together to bring about a mutually beneficial result. In this case, the result would be improving overall cybersecurity posture and gaining a better understanding of current cyber threats and how to mitigate them. It’s a chance to see peers as trusted advisors rather than adversaries.

Co-opetition can occur with industry competitors, vendors and third-party contractors, customers, or with anyone who has a desire for a shared outcome. It’s a concept we frequently see in action but don’t even notice, such as in e-commerce marketplaces that share a platform with a variety of vendors or the ability to use one website’s login credentials across multiple sites instead of creating a unique credential.

Managed security services providers

In cybersecurity, one example of co-opetition is managed security services providers (MSSPs) who are working together to address concerns like the overall shortage of security talent or to partner with competencies that a company is missing.

“You can know a lot of things, but you can’t know everything about everything,” Dawn Sizer, CEO at 3rd Element Consulting, said during the Zero Trust World event. Sizer’s team has stepped in to help other companies that might not have internal resources to manage data loss protection or offer different types of training. The goal is to help other organizations fill their cybersecurity knowledge gap.

Take ransomware attacks against the healthcare industry. These incidents are excellent examples of how co-opetition and working with peers can improve a hospital’s overall security process. Every facility addresses attempted ransomware attacks; the goal is to keep them from going live. Through co-opetition, different hospitals can learn where the weak points are in their systems, help each other to develop effective ransomware awareness training and gather advice from those experienced with putting together a response team. Healthcare facilities are going to remain competitors. However, by working together and sharing valuable information about threats and mitigation tactics, there will be less risk to patients. In the end, every hospital shares that goal.

A business-first approach

A common denominator for organizations is building an effective cybersecurity program. When leadership works together to that end, they are able to strengthen their security weaknesses. But it is difficult to do that when there is also a level of competition between the organizations that might be fighting for the same customer base, or have proprietary information they don’t want to leak out. Friendships between those in leadership positions can also blur the lines between business and personal relationships.

With co-opetition and any type of collaborative effort in cybersecurity, it has to be a business-first approach. Friendship and familial relationships are fine. But co-opetition requires doing things from a business perspective, explained Danny Perry, Managing Partner at ITCubed, during the conference session.

When you are working with other companies to improve your cybersecurity, you can’t get offended if they ask for things like an NDA or a non-compete clause, Perry stated. You want to work with people you not only feel comfortable with but with those who you believe will be a real asset in helping you achieve your security goals.

How to build your village

Your co-opetition partners are out there; it’s just a matter of knowing where to look. It begins with corporate leadership. Executives who serve on boards together or who meet regularly at industry events already have a relationship. The next step is building off those relationships and then openly communicating about their cybersecurity concerns and needs. It’s also a matter of listening because, as Perry pointed out, sometimes people are doing things better than you are.

“Don’t forget to leverage your vendors, as well,” said Sizer. “They know a lot more people than you do, and they can recommend somebody.” They might not be your peers, but vendors rely on your success, so most will be willing to help.

Why you need your village

Why do you need to build your village to improve your cybersecurity program? Because threat actors are using their village to improve their tactics. Research has found that ransomware gangs are working together to launch attacks, which makes recovery more difficult for victims. The attacks could happen simultaneously or happen in waves, days or weeks apart. But multiple successful attacks leave the organization with layers of encrypted files.

Organizations also need to work together to build stronger defense systems, relying on each other to fill internal vulnerabilities and to learn from each other’s cyber incidents. Maintaining the integrity of your data and network is important to your business operations. No one should have to go on their cybersecurity journey alone when help is just a phone call away.

More from Risk Management

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today