The news media has been awash with salacious gossip surrounding the latest high-profile security breach of a multinational internet-based business.
And while the issues currently causing so much damage to Ashley Madison and its 37 million users may seem a whole dubious other world away, there’s nothing like a massive leak of extremely sensitive customer data, credit card details, and internal emails from the CEO to resharpen the focus of enterprise IT leaders on that perennial bugbear of cybersecurity.
As cybersecurity incidents multiply in both frequency and complexity, the resulting enterprise countermeasures are often woefully mismatched against the technological prowess of those doing the hacking.
Attacks are improvised, targeted, technically focused, and rapidly adaptable, and as we have seen this past week, they can have truly devastating consequences.
The hackers can be well-financed criminal enterprises or acting as agents of nation states, and interspersed in this spectrum of malfeasance is a sinister motley crew of privateers who improvise heists for political or theft reasons.
The damage typically follows a period of extensive reconnaissance and is usually both swift and unrelenting in nature. Tasked with defending their networks against increasingly capable adversaries that have the technical resources to innovate their methods, organisations therefore require rapid and reliable communications across all computing sites that are exposed to cyberthreats.
Compounding this already gloomy picture is the fact that the current raft of cyberattacks are not confined to targeting individual applications. Indeed, not only does today’s threat landscape extend beyond the boundaries of individual applications, the breaches in security now involve a combination of penetrations that extend beyond the scope of any enterprise, industry, or even geographic region.
The magnitude and complexity of cyberspace has grown exponentially, and as a consequence threat now emanates from anywhere and everywhere; the origin of attack sources is practically without limits.
And while governments around the world have made myriad attempts to gain control over this rapidly escalating threat landscape, their efforts have all too often been found wanting. Indeed, legislation typically only addresses the policies that organisations must put in place, when what is really needed is the provision of comprehensive guidance on how to implement all-encompassing cybersecurity measures. It is little wonder, then, that many CIOs feel like they are fighting an extremely lonely — and ultimately futile — battle against insurmountable odds.
If you’ve managed to read this far without seeking refuge in the nearest underground bunker until it all blows over, you’re probably thinking that there must surely be a better way.
Fortunately, you’re not alone, and that is why we’re increasingly seeing the formation of industry partnerships that are focused on minimising the most damaging effects of cybercrime by disseminating proven rapid-reaction cyberattack methods among their peers.
This collaborative approach is rapidly becoming a necessity in certain high-profile industries. Globally, firms in banking, financial services, pharmaceuticals, chemicals, oil and gas, telecommunications, and defence have already been compromised and are therefore vulnerable to further breaches.
In such scenarios, threat-partnering alliances make perfect sense as they facilitate the sharing of knowledge, common experiences, and joint capabilities, and enable the participants to better anticipate and mitigate incoming threats.
With this in mind, intelligence-sharing partnerships should jump-start defensive tactics by learning about successful practices in peer organisations. However, this only becomes possible if the sharing of information is effective and the coordination of responses is rapid. By sharing experiences and drawing on the collective knowledge of their peers, enterprises can gain immediate insights into attackers’ methods and instant benefits as cyberattacks occur.
To facilitate the effective sharing of information, all the members of any alliance must employ standard data formats and compatible transport protocols. Common data vocabularies are also helpful in establishing a shared understanding of the logical structures of attacks, especially in cases that will allow the encapsulation of exchanged data for further analysis.
This use of common terminology allows each firm to catalogue malware conditions in a uniform manner and enables them to then apply countermeasures that can be used to stop incursions across a broad range of targets.
Given the parlous nature of today’s threat landscape and the inability of governments around the world to tackle the problem through legislation, it is imperative that enterprises start exploring their own proactive solutions.
Peer-to-peer information exchanges that enable partners to share protective methods and best practices certainly have a key role to play in improving the resilience of enterprise infrastructure and reducing vulnerability to repeat or copycat attacks.
The victims of the Ashley Madison hack might not agree right now, but sometimes sharing really is caring.
The columnist is group vice president and regional managing director for the Middle East, Africa and Turkey at global ICT market intelligence and advisory firm International Data Corporation (IDC) He can be contacted via Twitter @JyotiIDC.
