September 27, 2016 By Douglas Bonderud 2 min read

Data sharing drives security. At least, that’s the word from Dan Kaminsky’s keynote speech at Black Hat 2016.

According to TechTarget, the co-founder of White Ops argued that information sharing is a key component of short-term security improvements. The act of releasing useful code, for example, can help IT professionals avoid spending valuable time tackling problems that have “probably been fixed a thousand times.”

As noted by The Indian Express, meanwhile, the Data Security Council of India (DSCI) is taking this concept on the road with its newly announced Singapore chapter. The DSCI hopes to “encourage the exchange of information, sharing of knowledge and best practices on cybersecurity.”

Sharing Is Caring

According to Kaminsky, there’s still a lot of support for the idea that cybersecurity is a zero-sum game. If one company gets a leg up in cyberdefense, others must suffer. But there’s a better way, Kaminsky contended, especially since the secure/break cycle has gone from months to minutes.

When companies share fixes for known bugs rather than keeping them close to the chest, everybody wins. It eliminates the need for IT professionals to spend time doing redundant work, and end users no longer have to wait weeks for fixes.

Cybercriminals are willing to share insights to improve their access to corporate servers. Companies must follow suit to keep up.

Collaboration Critical to the Future of IoT

This is just the beginning for security speed. Consider the Internet of Things (IoT): Companies are already struggling to secure devices and applications. What happens if the number of IoT devices balloons to 20.8 billion by 2020, as Gartner predicted?

As noted by Information Week, companies willing to share their IoT data with suppliers, customers and competitors are better positioned to take advantage of this technology than businesses that keep IoT information out of sight. It’s not hard to imagine a cybersecurity future informed by cross-company interaction. With so much data available, comparing notes provides a huge advantage over trying to do all the heavy lifting in isolation.

The Data Security Council of India Reaches Out

For the DSCI, this is a natural evolution. India has no national agency to assess and monitor cyberthreats. Furthermore, data breaches and associated costs are up almost 10 percent compared to 2015.

India, a country of more than 1.25 billion, is on the cusp of fully entering the information age. This means a huge uptick in mobile devices, data created and attack surface for cybercriminals.

The DSCI’s international information sharing efforts are crucial because “cybersecurity is a global issue and needs the attention of all stakeholders,” said the committee’s High Commissioner Vijay Thakur Singh. This means branching out to other countries in an effort to build links with government agencies, private industries and academics in addition to developing viable channels for policy development and capacity building.

Keeping security data close to home doesn’t safeguard corporations, but rather handicaps them when it comes to handling threats on a global scale. Cybercriminals are getting faster, smarter and more ruthless. Companies need to start talking rather than turning a blind eye to common security complaints.

More from

CISA chief AI officer follow-up: Current state of the role (and where it’s heading)

4 min read - At the beginning of August, CISA announced that it had appointed Lisa Einstein, Senior Advisor of its artificial intelligence division, as its new chief AI officer. This announcement came following several new initiatives in the last couple of years focused on gaining a clearer understanding of the potential security impacts of AI.With the National Cybersecurity Strategy and the supporting National Cybersecurity Strategy Implementation Plan still evolving, there has been increased awareness of the value of organizations establishing an executive seat…

Cybersecurity risks in healthcare are an ongoing crisis

4 min read - While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care. In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year,…

CVE backlog update: The NVD struggles as attackers change tactics

4 min read - In February, the number of vulnerabilities processed and enriched by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) started to slow. By May, 93.4% of new vulnerabilities and 50.8% of known exploited vulnerabilities were still waiting on analysis, according to research from VulnCheck.Three months later, the problem persists. While NIST has a plan to get back on track, the current state of common vulnerabilities and exposures (CVEs) isn't keeping pace with new vulnerability detections. Here's a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today