By definition, an immune system is the network of biological structures and processes within an organism that protect it against disease. A weak immune system that cannot effectively fight off attacks is not just a threat to its host, but also to others surrounding it.

This concept can likewise be applied to cybersecurity: Organizations need to build a strong cybersecurity immune system in which various parts interact and work together to detect, prevent and eradicate breaches. To be effective, this immune system approach needs to operate at two levels, both internally in the organization and externally at a broader industry level.

The Need for a Better Immune System

Across the world, cyberattacks are becoming more intelligent, more regular and more coordinated. A UN study on cybercrime established that up to 80 percent of cyberattacks are driven by highly organized crime rings that share data and tools to launch sophisticated attacks on businesses across the globe.

This is where organizations need to not only identify current threats, but anticipate them before they happen and take preventive measures to avoid being breached. Think of it like regularly taking vitamins to support your health: Building a strong internal network that is resilient to sickness is far more effective than responding to an infection when it happens.

Download the white paper: Combat security attacks with global threat intelligence

To effectively stave off cyberthreats in this manner, organizations need to have an integrated end-to-end security operation and incident response system in place. The challenge often faced is the number of variables that need to be standardized. Businesses need to bring together security analytics, forensics and vulnerability management alongside incident response into a coordinated approach for enterprise threat protection, detection and reaction.

This level of defense is often difficult to achieve, particularly in organizations that don’t have specific departments or staff dedicated to security. As an example, ransomware aimed at the Australian health care industry, and more specifically at small suburban medical and dental centers, has been a prominent threat that our incident response team has been working on in recent months.

While internal security systems are crucial, there is a much bigger and far more powerful external problem: collaboration. External assistance is often used to provide support in health care, whether in the form of doctors, specialists or medical associations. Intelligence on diseases and their associated treatments are shared quickly after testing, leading to preventative measures such as immunization being taken to eliminate the risk of the disease spreading.

Collaboration on cybersecurity can help businesses stay on the front foot as opposed to remaining reactive to threats. Indeed, plans for threat sharing centers were outlined in the Australian government’s $230 million cybersecurity strategy, indicating the local importance of collaboration.

The Road to Healthy Security

It was promising to see in the recent IBM Global C-Suite Study that over 50 percent of CEOs agree collaboration is necessary to combat cybercrime. The progression of open approaches, community development and code sharing are steps in the right direction. However, only one-third of CEOs expressed willingness to share their organization’s cybersecurity incident information externally.

This appears to be at odds with the broader technology sector, which is clearly benefiting from collaboration. According to a recent Linux Foundation study, 77 percent of business managers said that collaborative development practices have benefited their organization through shorter product development cycles and faster time to market.

The security industry is lagging when it comes to embracing an open approach. Open collaboration is critical for the evolution of security technology; for example, the IBM X-Force App Exchange enables the security community to easily create and share apps. By opening up a 700 TB database of threat intelligence data to the public, the X-Force Exchange allows companies across the world to share real-time data on threats and leverage each other’s expertise while remaining anonymous.

In some ways, security still feels like something dealt with in dark corners. A major hurdle standing in the way of a collaborative approach to cybersecurity appears to be trust; fear of IP violations and the threat of leaking valuable company information is a major deterrent for businesses. The tools and the market are ready, but the suspicious nature of companies, coupled with the ingrained attitude that cybersecurity is more responsive than preventative, is hindering organizations from taking part in security collaborations.

It may be some time before cybersecurity receives the same benefits from collaborative approaches seen in the wider tech industry. But collaboration can work. Let’s lift the lid on security and make it everyone’s problem.

Sign up for a free trial of the IBM X-Force Exchange

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today