By definition, an immune system is the network of biological structures and processes within an organism that protect it against disease. A weak immune system that cannot effectively fight off attacks is not just a threat to its host, but also to others surrounding it.
This concept can likewise be applied to cybersecurity: Organizations need to build a strong cybersecurity immune system in which various parts interact and work together to detect, prevent and eradicate breaches. To be effective, this immune system approach needs to operate at two levels, both internally in the organization and externally at a broader industry level.
The Need for a Better Immune System
Across the world, cyberattacks are becoming more intelligent, more regular and more coordinated. A UN study on cybercrime established that up to 80 percent of cyberattacks are driven by highly organized crime rings that share data and tools to launch sophisticated attacks on businesses across the globe.
This is where organizations need to not only identify current threats, but anticipate them before they happen and take preventive measures to avoid being breached. Think of it like regularly taking vitamins to support your health: Building a strong internal network that is resilient to sickness is far more effective than responding to an infection when it happens.
To effectively stave off cyberthreats in this manner, organizations need to have an integrated end-to-end security operation and incident response system in place. The challenge often faced is the number of variables that need to be standardized. Businesses need to bring together security analytics, forensics and vulnerability management alongside incident response into a coordinated approach for enterprise threat protection, detection and reaction.
This level of defense is often difficult to achieve, particularly in organizations that don’t have specific departments or staff dedicated to security. As an example, ransomware aimed at the Australian health care industry, and more specifically at small suburban medical and dental centers, has been a prominent threat that our incident response team has been working on in recent months.
While internal security systems are crucial, there is a much bigger and far more powerful external problem: collaboration. External assistance is often used to provide support in health care, whether in the form of doctors, specialists or medical associations. Intelligence on diseases and their associated treatments are shared quickly after testing, leading to preventative measures such as immunization being taken to eliminate the risk of the disease spreading.
Collaboration on cybersecurity can help businesses stay on the front foot as opposed to remaining reactive to threats. Indeed, plans for threat sharing centers were outlined in the Australian government’s $230 million cybersecurity strategy, indicating the local importance of collaboration.
The Road to Healthy Security
It was promising to see in the recent IBM Global C-Suite Study that over 50 percent of CEOs agree collaboration is necessary to combat cybercrime. The progression of open approaches, community development and code sharing are steps in the right direction. However, only one-third of CEOs expressed willingness to share their organization’s cybersecurity incident information externally.
This appears to be at odds with the broader technology sector, which is clearly benefiting from collaboration. According to a recent Linux Foundation study, 77 percent of business managers said that collaborative development practices have benefited their organization through shorter product development cycles and faster time to market.
The security industry is lagging when it comes to embracing an open approach. Open collaboration is critical for the evolution of security technology; for example, the IBM X-Force App Exchange enables the security community to easily create and share apps. By opening up a 700 TB database of threat intelligence data to the public, the X-Force Exchange allows companies across the world to share real-time data on threats and leverage each other’s expertise while remaining anonymous.
In some ways, security still feels like something dealt with in dark corners. A major hurdle standing in the way of a collaborative approach to cybersecurity appears to be trust; fear of IP violations and the threat of leaking valuable company information is a major deterrent for businesses. The tools and the market are ready, but the suspicious nature of companies, coupled with the ingrained attitude that cybersecurity is more responsive than preventative, is hindering organizations from taking part in security collaborations.
It may be some time before cybersecurity receives the same benefits from collaborative approaches seen in the wider tech industry. But collaboration can work. Let’s lift the lid on security and make it everyone’s problem.