October 19, 2018 By Calvin Bench 3 min read

Two years ago, most people had never heard of ransomware. In 2017, it came out of nowhere to become the fastest-growing form of malware, costing enterprises $8 billion in the process, per IBM’s “2018 X-Force Threat Intelligence Index.”

Then, this year, everything changed. Cryptomining malware became a top data security threat, according to Comodo, while ransomware occurrences declined significantly. What’s more, cryptomining malware is evolving at an unprecedented rate, with more than 100,000 variants already detected. And while ransomware occurrences declined, researchers have still identified 70,000 new variants in the field this year.

The threat landscape is changing faster than ever, and that means our approach to prevention and containment needs to change as well. Cybercriminals use the dark web to exchange sophisticated toolkits for building malware and techniques for penetrating corporate firewalls. It’s impossible to predict the form or timing of the new threats they create, so security teams are forced into a perpetual game of catch-up.

Traditional linear approaches to security software development simply don’t work anymore. By the time a new point release is budgeted, scheduled, developed, tested and released, the criminals are miles away.

How the App Store Model Enables Accelerated Innovation

The key to reversing the tide may lie in the app store concept that Apple introduced a decade ago. The company understood that it couldn’t possibly anticipate all the ways in which people would use iPhones, so it empowered third parties to integrate with its platform. Developers could identify gaps or opportunities that their products could fill and add value to the platform by integrating via published application program interfaces (APIs). In return, Apple would make it easy for developers to reach the massive pool of iPhone users. Everyone benefited: Users got a wide range of value-added options at low cost, developers gained access to a vast audience of potential customers, and Apple’s platform became more valuable with each new app.

Since then, the app store model has been adapted to many other environments. Now it’s touching data security as well, giving customers rapid access to new innovations developed by the community.

For example, users of IBM Security Guardium are especially concerned about ransomware because it destroys data and access. The Guardium development team could have built its own ransomware detection and defense capabilities into the platform, but the process would have taken months.

As it turned out, a team at the IBM Cybersecurity Center of Excellence in Israel had already done much of the work. By taking advantage of the APIs built into Guardium, the developers were able to quickly adapt their solution as an application plug-in that detects ransomware files on monitored database servers. Now, instead of waiting for a new version release of Guardium, customers can immediately get state-of-the-art ransomware protection via the IBM X-Force Security App Exchange.

Why the Wisdom of the Crowd Is Crucial to Data Security

The app store model requires a different approach to software development. Closed and self-contained applications can’t evolve quickly enough, and no single team can keep up with the changing threat environment. A new approach based on RESTful APIs is opening the doors to the wisdom of the crowd.

RESTful APIs provide a highly efficient, flexible and secure way to make a limited range of applications’ services accessible to external functions. For example, developers can do such things as access reports to modify field options, integrate visualization engines with log analyzers and add new data sources.

This more open approach to software development is fueling the growth of what some people call the API economy. ProgrammableWeb’s directory of public APIs has mushroomed from about 2,000 examples in 2010 to more than 20,000 today. Applications that leverage services and integrate smoothly with each other benefit all members of the ecosystem by making innovations immediately available and expanding the value of the underlying platforms.

The wisdom of the crowd has been shown to be the most effective way to solve a wide range of problems because the intelligence of the collective exceeds that of any individual member. Security leaders will need to harness that wisdom if they hope to protect their organizations from the ever-broadening scope of challenges they face today.

More from Data Protection

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today