Collaboration between security teams and also on a more wider scale – between organisations – is key to fostering a strong cybersecurity culture and tackling sophisticated cyberthreats. Neil Thacker, CISO EMEA, Netskope, explores this further and discusses the importance of collaboration in reducing the time between new threat discovery and protection implementation which allows organisations to keep up with the ever-evolving threat landscape.
Collaboration has always been integral to combatting cybercrime. Crime does not respect international borders so nation states cannot operate in silos; they must work together to share information and best practices if they are to give themselves the best chance of identifying and resisting threats as they emerge.
Despite this, geo-political events have in recent years cast uncertainty around long established methods of collaboration. For example, up until 2015 state-level involvement was becoming increasingly integrated and constructive. However, Brexit placed a hurdle in UK/EU cross-border collaboration and the International Safe Harbour and Privacy Shield frameworks between EU and US were deemed invalid by the ECJ.
Despite these challenges, the appetite for working together is still strong among security professionals. At Web Summit in 2019, Michel Barnier from the European Commission urged attendees to collaborate in tackling cyberthreats: ‘Our new partnership should include the exchange of information on cyber incidents, attackers’ techniques, threat analysis and best practice, including when those target the correct functioning of democratic systems. Crucially, we need to have capacity to respond jointly to such attacks’.
It’s not just security professionals that are keen to join forces, threat actors also thrive when working together. In instances when government agencies manage to flip cybercriminals, the intelligence they provide suggests that there is a vast network of recruiters, programmers, hosting providers and distributors; all working towards one common goal.
The power of collaboration
Collaboration comes in many forms, with the exchange of information being just one of the many examples. As cybersecurity professionals, there are three things we can all do to be more collaborative: we can work better with our colleagues in non-tech departments; we can form better connections with our peers from other organisations; and we can insist upon our technology partners working in a much less siloed manner.
Let’s concentrate on the latter of those to begin with. Working closely with technology partners has not always been easy. Historically, security vendors worked in pursuit of a vision of their brand being the sole or primary provider of a customer organisation’s security estate. If other vendors had to be involved, there was a clear hierarchy and anyone seen as a competitor was kept at arms’ length by the bigger vendor who wanted to control access to the key decision-makers: the CIO and CISO.
Fortunately, however, the benefits of collaboration between vendors are now widely recognised and the growth of cloud and APIs have opened up greater opportunities for vendors, who are now much more open to working together. Collaboration reduces the time between new threat discovery and protection implementation, allowing organisations to keep up with the ever-evolving threat landscape.
Interpol works incredibly hard to identify and stop malicious actors but we cybersecurity professionals still need information on the latest threats in order to effectively protect our organisations. Speeding up the delivery and dissemination of threat intelligence is therefore crucial. By breaking down barriers between security teams, we can in turn build a stronger cyber defence.
One example is the way that the cloud is being used by threat actors to attack in new ways, a trend exaggerated by the surge in remote working. According to Netskope’s Cloud and Threat Report, between January 1, 2021 and June 30, 2021, malware delivered via the cloud grew to 68% compared to malware delivered via traditional web services. To stop these attacks, organisations need multiple unique defences to fend off phishing, malware and data theft. The level of defence needed can only be achieved when details of each unique attack are shared across an organisation’s controls and countermeasures.
Bringing vendors together
In 2020, Netskope took steps to encourage greater collaboration across the industry by bringing together vendors, including VMware Carbon Black, CrowdStrike, Cybereason and SentinelOne, to collaborate in a Cloud Exchange. A year later, the Cloud Exchange has evolved, extending to sharing risk assessments and ratings, cross-platform ticket raising and log shipping; all of which aid a holistic approach to security.
This collaborative effort aims to rise above the isolating nature of working in competition, combining knowledge that will allow organisations to improve their threat protection capabilities. By sharing real-time threat intelligence across security touchpoints, we can produce actionable insights that will reduce the time taken to protect and further narrow gaps in an organisation’s armour.
Fostering collaboration is now a core part of the CISO role
Not only are vendors working together, the pandemic has brought on a new wave of collaboration among CISOs. Facing new and unique challenges, peer support among security professionals has strengthened. We‘ve seen a growing openness to knowledge and idea sharing in CISO forums, with security leaders sharing challenges and discussing best practices in a safe space. These sorts of peer networks can, in time, also become a powerful influencer driving security vendors to further collaboration for the benefit of customers.
Over the years, the cybersecurity profession has seen new challenges that had the potential to make our jobs very difficult. Threat actors are growing stronger due to funding and operational collaboration, making their attacks more sophisticated and harder to predict. However, as the attackers have grown together, so has the cybersecurity profession. Collaboration is the key to success and by working together we form a stronger alliance and industry.