October 19, 2018 By Calvin Bench 3 min read

Two years ago, most people had never heard of ransomware. In 2017, it came out of nowhere to become the fastest-growing form of malware, costing enterprises $8 billion in the process, per IBM’s “2018 X-Force Threat Intelligence Index.”

Then, this year, everything changed. Cryptomining malware became a top data security threat, according to Comodo, while ransomware occurrences declined significantly. What’s more, cryptomining malware is evolving at an unprecedented rate, with more than 100,000 variants already detected. And while ransomware occurrences declined, researchers have still identified 70,000 new variants in the field this year.

The threat landscape is changing faster than ever, and that means our approach to prevention and containment needs to change as well. Cybercriminals use the dark web to exchange sophisticated toolkits for building malware and techniques for penetrating corporate firewalls. It’s impossible to predict the form or timing of the new threats they create, so security teams are forced into a perpetual game of catch-up.

Traditional linear approaches to security software development simply don’t work anymore. By the time a new point release is budgeted, scheduled, developed, tested and released, the criminals are miles away.

How the App Store Model Enables Accelerated Innovation

The key to reversing the tide may lie in the app store concept that Apple introduced a decade ago. The company understood that it couldn’t possibly anticipate all the ways in which people would use iPhones, so it empowered third parties to integrate with its platform. Developers could identify gaps or opportunities that their products could fill and add value to the platform by integrating via published application program interfaces (APIs). In return, Apple would make it easy for developers to reach the massive pool of iPhone users. Everyone benefited: Users got a wide range of value-added options at low cost, developers gained access to a vast audience of potential customers, and Apple’s platform became more valuable with each new app.

Since then, the app store model has been adapted to many other environments. Now it’s touching data security as well, giving customers rapid access to new innovations developed by the community.

For example, users of IBM Security Guardium are especially concerned about ransomware because it destroys data and access. The Guardium development team could have built its own ransomware detection and defense capabilities into the platform, but the process would have taken months.

As it turned out, a team at the IBM Cybersecurity Center of Excellence in Israel had already done much of the work. By taking advantage of the APIs built into Guardium, the developers were able to quickly adapt their solution as an application plug-in that detects ransomware files on monitored database servers. Now, instead of waiting for a new version release of Guardium, customers can immediately get state-of-the-art ransomware protection via the IBM X-Force Security App Exchange.

Why the Wisdom of the Crowd Is Crucial to Data Security

The app store model requires a different approach to software development. Closed and self-contained applications can’t evolve quickly enough, and no single team can keep up with the changing threat environment. A new approach based on RESTful APIs is opening the doors to the wisdom of the crowd.

RESTful APIs provide a highly efficient, flexible and secure way to make a limited range of applications’ services accessible to external functions. For example, developers can do such things as access reports to modify field options, integrate visualization engines with log analyzers and add new data sources.

This more open approach to software development is fueling the growth of what some people call the API economy. ProgrammableWeb’s directory of public APIs has mushroomed from about 2,000 examples in 2010 to more than 20,000 today. Applications that leverage services and integrate smoothly with each other benefit all members of the ecosystem by making innovations immediately available and expanding the value of the underlying platforms.

The wisdom of the crowd has been shown to be the most effective way to solve a wide range of problems because the intelligence of the collective exceeds that of any individual member. Security leaders will need to harness that wisdom if they hope to protect their organizations from the ever-broadening scope of challenges they face today.

More from Data Protection

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today