Data sharing drives security. At least, that’s the word from Dan Kaminsky’s keynote speech at Black Hat 2016.
According to TechTarget, the co-founder of White Ops argued that information sharing is a key component of short-term security improvements. The act of releasing useful code, for example, can help IT professionals avoid spending valuable time tackling problems that have “probably been fixed a thousand times.”
As noted by The Indian Express, meanwhile, the Data Security Council of India (DSCI) is taking this concept on the road with its newly announced Singapore chapter. The DSCI hopes to “encourage the exchange of information, sharing of knowledge and best practices on cybersecurity.”
Sharing Is Caring
According to Kaminsky, there’s still a lot of support for the idea that cybersecurity is a zero-sum game. If one company gets a leg up in cyberdefense, others must suffer. But there’s a better way, Kaminsky contended, especially since the secure/break cycle has gone from months to minutes.
When companies share fixes for known bugs rather than keeping them close to the chest, everybody wins. It eliminates the need for IT professionals to spend time doing redundant work, and end users no longer have to wait weeks for fixes.
Cybercriminals are willing to share insights to improve their access to corporate servers. Companies must follow suit to keep up.
Collaboration Critical to the Future of IoT
This is just the beginning for security speed. Consider the Internet of Things (IoT): Companies are already struggling to secure devices and applications. What happens if the number of IoT devices balloons to 20.8 billion by 2020, as Gartner predicted?
As noted by Information Week, companies willing to share their IoT data with suppliers, customers and competitors are better positioned to take advantage of this technology than businesses that keep IoT information out of sight. It’s not hard to imagine a cybersecurity future informed by cross-company interaction. With so much data available, comparing notes provides a huge advantage over trying to do all the heavy lifting in isolation.
The Data Security Council of India Reaches Out
For the DSCI, this is a natural evolution. India has no national agency to assess and monitor cyberthreats. Furthermore, data breaches and associated costs are up almost 10 percent compared to 2015.
India, a country of more than 1.25 billion, is on the cusp of fully entering the information age. This means a huge uptick in mobile devices, data created and attack surface for cybercriminals.
The DSCI’s international information sharing efforts are crucial because “cybersecurity is a global issue and needs the attention of all stakeholders,” said the committee’s High Commissioner Vijay Thakur Singh. This means branching out to other countries in an effort to build links with government agencies, private industries and academics in addition to developing viable channels for policy development and capacity building.
Keeping security data close to home doesn’t safeguard corporations, but rather handicaps them when it comes to handling threats on a global scale. Cybercriminals are getting faster, smarter and more ruthless. Companies need to start talking rather than turning a blind eye to common security complaints.