We are living in a new security reality. Cybercriminals are increasing both their collaborative efforts and the sophistication of their attacks. Meanwhile, those who defend against them remain siloed and under-resourced.

Currently, 80 percent of cyberattacks are driven by highly funded, collaborative cybercriminal groups who are sharing knowledge about targets and vulnerabilities. What’s more, sophisticated threats from these collaborative groups are rising in numbers and scale, expanding to more than 4 billion records leaked in 2016. That’s more than the combined total from the two previous years.

But how well are white-hat organizations collaborating to keep pace so that they can protect, detect and respond to these growing attacks?

Poor Integration at the Technology Level

Some enterprises have as many as 85 security tools from 45 different vendors. Many of these disparate point products aren’t integrating, communicating or providing security teams with the visibility they need for seamless, holistic protection.

At the same time, the volume of data is growing exponentially, adding complexity and risk to an already fragmented infrastructure. Siloed security controls are generating more alerts than organizations can feasibly respond to with their limited time and resources. According to Cisco’s “2017 Annual Cybersecurity Report,” 44 percent of security alerts go uninvestigated, increasing the likelihood that a costly breach will go undetected for months.

Siloed Departments at the People Level

Although the IT talent shortage is contributing to successful cyberattacks, a lack of collaboration throughout the organization is another culprit. The events of WannaCry and Petya showed a dangerous disconnect between security teams, which detect threats, and IT operations teams, which implement controls to prevent threats — not to mention the growing problem of shadow IT. After all, security teams can’t protect what they don’t know about.

These organizational silos don’t stop there. Consider the lack of collaboration between the C-suite, board of directors, human resources, marketing and finance. All of these groups should be actively participating in their organization’s security efforts, but many enterprises lack a cohesive, cross-functional security strategy.

Lack of Visibility at the Processes Level

While organizations may have documented security controls and processes in place, the breakdown lies in not sharing or integrating those processes between teams. Processes often stand alone with no visibility or continuity outside of individual departments. In the examples of WannaCry and Petya, there wasn’t a fully integrated process between monitoring malware alerts and delivering patch updates.

Change control processes that are not effectively managed and communicated across the organization can increase the risk of a security breach. One team might only be able to see part of a system, fail to realize the dependency or risk to another system, and inadvertently weaken security by making an unapproved change. Even if there are tight, collaborative processes detecting threats on the front end, 3 in 4 organizations still lack a consistent incident response plan.

Connecting People, Processes and Technology With a Collaborative Defense Strategy

How can organizations better collaborate between people, processes and technology for more effective threat defense?

Many companies practice defense-in-depth strategies, which focus on deploying a multilayered defense system centered on IT infrastructure, physical assets and personnel training to protect vital data assets. While this approach is still considered one of the best defense models out there, cybercriminals are now able to circumvent many traditional defenses by launching stealthier, sophisticated attacks that are difficult to detect and stop. It’s time we modernized defense in depth to combat cybercrime with the power of collaboration.

Collaborative defense in depth solves disparate security challenges within an organization’s people, processes and technologies. It encourages a more converged approach by integrating and streamlining threat defense.

This strategy starts with technology at its core. By embracing the practice of building strong, open integrations — both within a security vendor’s portfolio and between solutions from multiple vendors — organizations can accelerate threat defense and extend security capabilities beyond what each technology could provide on its own.

Dive Deeper at Think 2018

Learn more about how IBM Security is supporting collaborative defense in depth at Think 2018. There you can hear the latest about the IBM X-Force Exchange and how IBM security experts are working with other threat intelligence platforms to improve threat defense.

Learn about open APIs in products such as IBM QRadar SIEM and IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform, which are spurring the development of new plug-and-play integrations with IBM business partners. You can also look at the latest apps on the IBM Security App Exchange to streamline and strengthen your security posture while maximizing technology investments. More than 20 partners will be at the Think Security and Resiliency Campus to showcase these collaborative solutions and integrations.

Of course, collaborative defense doesn’t stop at technology — it’s the people and processes that drive those technologies. We know cybercriminals are collaborating, so we should be too.

Watch the full session from Think 2018: Collaborative Defense — Accelerating Threat Protection with Partnerships and Advanced Integrations

More from Intelligence & Analytics

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read