Security vendors and end users have access to the same technology and resources, if not more, than the threat actor community. However, the area where cybersecurity falls short as an industry is teamwork. Vendors and end users rarely talk to each other as a broader force. Thus, while innovation may happen for individual products, that innovation may not flow through a client’s work. Customers are hurt by a fragmented security landscape that may create gaps threat actors are ready to exploit.

This approach cannot last. The cybersecurity industry needs to bring change and start collaborating.

State of the Industry

Cyberattacks are at an all-time high with 8.5 billion records breached in 2019 and ransomware attacks up 67% annually in Q4 2019, according to the X-Force Threat Intelligence Index. At the same time, attacks on operational technology infrastructure increased by 2,000%. One reason is that clients often operate with a lot of autonomy, while threat actors work together in a highly collaborative environment.

Innovation in the security industry continues to grow as more venture capital funding is poured into security. This leads primarily to new product announcements from vendors across the industry. While this is great for the industry, what benefit is this really bringing to the clients? From a client perspective, these innovations may help in the short-term, but also add to the complexity of their environments, which is their biggest challenge, according to a recent Forrester report.

Today’s security environment has grown too complex. A typical organization is using an average of 25 to 49 disparate tools from up to 10 different providers. These tools (and their data) may be on-premise, on a private cloud or on one or more public clouds. Add to this the growing skills gap, and clients have too many tools, too much data, and too few resources – which lead to problems with complexity.

Breach Case Study: Mirai Botnet

For example, the Mirai botnet relied on threat actors sharing ideas and plans. Mirai is a malware that turned networked devices running Linux into remotely controlled bots. Then, those devices were used as part of a botnet in large-scale network attacks. It mostly hit online consumer devices such as IP cameras and home routers. In 2016, threat actors used Mirai and Bashlight to initiate multiple direct denial-of-service (DDoS) attacks that led to major services being down. This in turn led to loss of revenue and damaged brand reputations.

However, the most disturbing issue in this case is not the only use of that specific malware. Threat actors later published the source code in Github, where it formed a foundation for more problems. Several threat actors used the code, built upon it and executed multiple other attacks.

What Can the Security Industry Learn from Threat Actors?

Let’s go back to the example of Mirai Botnet. What was more lethal: the creation of malware or sharing the malware code on Github and making it available to their entire community? The fact that the code was posted and used as a base for subsequent multiple attacks illustrates the highly collaborative spirit of the threat actor community.

Leveraging Open Source for Innovation

Let’s take a look at other IT technologies and how they have changed over time. Within the past decade, the industry saw a seismic shift in how businesses build, deploy and manage their application and workloads.

In every major technology category, from operating systems to applications and data management, we see an open approach fueling innovation. For instance, in the last decade or two, a sprawl of proprietary server operating systems (OS) caused management issues. Today, on the other hand, almost 68% of servers run Linux, which is an open-source operating system. Similarly, open source is used in over 40% of applications and data projects, based on an IBM analysis discussed in an on-demand webinar, “Improve Risk Management and Fuel Innovation with Open Security.”

We have all seen the gradual growth in adoption of containers. Kubernetes is an open-source container orchestration platform that automates many of the manual processes involved in deploying, managing and scaling containerized applications. The open-source community has come together with some 4,000 developers working with Kubernetes, today. To put this into perspective, no single vendor can put 4,000 resources behind any single project.

Case in Point: Red Hat Ansible

An example of bringing open source to Security is Red Hat Ansible, an open-source community project sponsored by Red Hat. It helps security automation scale across applications, cloud services and development environments. This approach has worked well to address scale and interoperability concerns in DevOps. As a result, Ansible is the most popular open-source automation tool on GitHub, with more than 4 million downloads in February and 6,800 contributors developing and sharing additional automation modules to cover new and evolving use cases. This community led collaboration has led to exciting developments and updates, that are being shared at AnsibleFest 2020.

The New Frontier

If you look at some of the examples above, we can see how working in an open-source format solved the problem. For example, the complexity issues cybersecurity professionals face today are similar to the data center management issues faced a decade or two ago.

With open security, you’re no longer just trusting the vendor or even only your own developers and security experts. You have the entire community at your service. Other vendors or organizations, including universities and researchers, all are looking at the same code and improving it. They share methodologies and identify and fix problems much faster than could be done in-house.

One initiative already underway in this area is the Open Cybersecurity Alliance. Its purpose is to develop and promote sets of open-source common content, code, tooling, patterns and practices to maximize interoperability among cybersecurity tools. The aim is to simplify the integration of security technologies across the threat life cycle — from threat hunting and detection to analytics, operations and response — so that products can work together out of the box. At the time of this article, there are 28 organizations who are part of the Open Cybersecurity Alliance.

Open security is driven by community led innovation and expertise. It leverages open standards, developed from open source projects. Think of a world where the security industry and end users unite in a fight against the adversaries. It would give the industry the power to collaborate and share threat intelligence, along with best practices on staying ahead of its adversaries. Open security can make it possible.

Register for the upcoming webinar to learn more about fueling innovation with open security

More from Risk Management

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…

Cyber Storm Predicted at the 2023 World Economic Forum

According to the Global Cybersecurity Outlook 2023, 93% of cybersecurity leaders and 86% of business leaders think a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years. Additionally, 43% of organizational leaders think it is likely that a cyberattack will affect their organization severely in the next two years. With cybersecurity concerns on everyone’s mind, the topic received top billing at the recent World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. At the meeting, Matthew…

Remote Employees: Update Your Routers (and More WFH IT Tips)

As a business owner or manager, you must ensure your employees have the right tools and resources to do their jobs well — especially with more people working from home. And IT infrastructure is one of the most important considerations regarding remote work. However, the truth is that most employees don’t think about their IT infrastructure until something goes wrong. In many cases, this can leave an employee stranded and unable to complete their tasks. In a worst-case scenario, this…