Light Dark
November 21, 2016 By Caleb Barlow 3 min read
CISO
Threat Intelligence

There is little question that the perpetrators of cyberthreats spend little time thinking inside the box — that’s how they stay ahead of their victims. It’s time for some out-of-the-box thinking of our own to get serious about fighting back. It’s time for the democratization of cybersecurity data.

Here is the challenge to users, organizations and security vendors alike: First, we should aggressively democratize the threat data we all have and share it securely yet freely with each other. Second, we should pivot a full 180 degrees from the accepted practice of automatically classifying, by default, all cyberthreat data. Instead, we should declassify threat data by default. Hence, the democratization of cybersecurity data.

Thinking Outside the Box

Cybercrime information sharing is nothing new. Unfortunately, the wrong people have been doing the sharing, and they have elevated the practice to a commercial art form. Cooperating and collaborating on the Dark Web, the most sophisticated cybercriminals build and peddle attack software to each other. They even have seller ratings and rankings for their malware, with the most effective earning five stars. They offer gold, silver and bronze levels of service — even money-back guarantees if the malicious efforts fail.

Related: Is Cybercrime the Mafia of the 21st Century?

With thieves as organized and sophisticated as they are, it is a small wonder that estimates of their annual take in illegal profits total $455 billion These aren’t amateurs. The United Nations estimated that highly organized, well-funded criminal gangs account for 80 percent of breaches today.

For these and so many other good reasons, the time is now for businesses, governments and other organizations to elevate cyberthreat information sharing to entirely new levels. The public sector has initiated steps in this direction. Last year the U.S. passed the Cyber Information Security Act (CISA). Its goal is to help organizations share cyberthreat information and actual attack data anonymously and without fear of liability.

Democratization of Cybersecurity Data Dents Cybercrime

There are massive collections of cybercrime data largely kept under lock and key in individual organizations. Security vendors, including IBM, typically have the largest repositories.

Why has it been kept secret? Both security vendors and businesses tend hold onto this data for its perceived competitive value. It is valuable to some extent, but the potential gains of having that much threat data and information can be an even more formidable competitive weapon. After all, it isn’t possessing the data that yields an advantage; it’s what each organization or vendor does with it.

This kind of sharing is not new in our business. The whole open source movement that gave us Linux, OpenStack, Hadoop, Spark and so much more resulted from aggressive information sharing. It can be the same with cyberthreat data. Large-scale sharing of threat data will signal a new high water mark in fighting cybercrime.

We are walking the walk at IBM, recognizing that we were as much a part of the problem as any other business or organization. That is why IBM published all of its actionable, third-party global threat data — all 700 terabytes of it. This includes real-time indicators of live attacks.

We believe the free consumption and sharing of real-time threat data from our repository can put a sizable dent in cybercrime efforts. Think of what else we can accomplish with the democratization of cybersecurity data.

Information Sharing at the Speed of Business

As mentioned earlier, sharing is only one part of the out-of-the-box thinking we need to adopt. We have to share this information as soon as possible, not weeks or months after a major breach.

The default action today is to immediately classify such information, rendering it unshareable until it is eventually declassified. Instead, put a timeline on classification of new threat data — maybe 48 or 72 hours, no more. If no valid, justifiable case is made for continued classification within that period, release it to be shared among other organizations. The aforementioned CISA spells out methods for doing this securely so the information doesn’t fall into the wrong hands.

We must abandon the Cold War mentality that leads us to classify all information and share nothing. We are all engaged in a very hot war with cybercriminals. Speed matters when it comes to using relevant data to stop active attacks and thwart future threats. Information sharing at the speed of business can be a formidable weapon — we just need to unleash it.

Learn more about staying ahead of threats with global threat intelligence and automated protection

 |  |  |  |  | 
Caleb Barlow

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature