At the beginning of the year, we announced at our annual Cyber Summit our vision and theme for 2020: Collaboration. At ITC, we believe that we defend better when we defend together. Halfway through the year and in the midst of a global pandemic, who knew that word would become so prevalent.
Last week, on 17th June, we hosted a webinar with IronNet and Recognex. Our panel of national security and industry experts asked the question, ‘Why? Why does working together keeps us all more cyber safe?’ We focussed particularly on the supply chain and the skills and resources gap, demonstrating why cyber security is more powerful when done collectively. We summarise the key takeaways from the webinar below, including the panel Q&A.
No business is an island. No business benefits from having a competitor compromised. Our industries suffer, consumer confidence falters and insurance premiums go up. By sharing our experience of cyber security and data on cyber incidents we can help each other become more secure. Gaining collective insight into what others, particularly those in the same industry, are facing is invaluable. Collective defence is an important aspect of threat intelligence strategies.
Bad actors have long been sharing information with each other about the best attack vectors for specific industries and organisations.
Some sectors have attempted to collaborate on cyber security, but it is still sporadic and ad hoc and needs to be done better.
Barriers to intelligence sharing
Businesses willing to share intelligence are being hampered by manual processes. By attempting to manually share, a Security Operations Centre (SOC) would have to decide how much resource it should dedicate to sharing information, compared to protecting its own environment. Chances are that sharing information would be pushed to the side.
However, through automation, intelligence and behavioural analytics information can be shared in real time and can then be used by others to protect themselves.
The lack of awareness amongst businesses that manual processes can be made more efficient and viable through automation is a leading barrier to collaboration. So too is the lack of ownership. Who owns this? Regulators no doubt will want to champion it, but the onus is on the industry itself to get together their associated trade bodies to take this on.
Intelligence sharing also requires a degree of trust. Intellectual property is the value proposition of many businesses and they don’t want this in the public domain. One way around this is anonymisation. Businesses will be able to see key cyber security data, but nothing of commercial interest. Think of it like a radar – we can see the plane and where it is headed, but we can’t see what it is carrying.
How would this work?
Each vertical would need to have its own consortium of attack intelligence sharing. In this way, businesses would be able to not only access information that would indicate a potential threat, but also give them the opportunity to benchmark themselves against others. Bad actors know which companies have weaker defences, so being aware that they need improvement can reduce an organisation’s chances of being a target.
Further, these consortia need to be communicating with each other to ensure protection along the supply chain.
We will touch on this further in our next webinar, more details below.
Collaboration in action
A prime example of where collaboration or collective defence will work well is in the supply chain. Look at FinTech businesses. These cloud-native entities are built to be agile and leverage economies of scale. As such, they will quickly swap providers to gain business advantages.
Yet this presents significant risks that need to be mitigated. By working in isolation, FinTechs have to spend a disproportionate amount of time investigating supply chain risk and continuously monitoring it while at the same time continually improving security and resilience. This means a team is spread very thin on the ground.
By working together and defending collectively, FinTech companies will be able to find out from others in real-time if there is an issue with a provider and take steps to mitigate it, before it gets out of hand.
After the webinar there was a Q&A session with the panel.
Q: Has the pandemic increased cyber risk and what can be done to mitigate it?
A: The pandemic hasn’t increased the risk, but it has changed it. There has been an increase in phishing and scare tactics. Cyber criminals used to have to research what topic would motivate people to act, but COVID provides them with the ideal motivator.
The focus has changed and is now much more about the people. Employees need to know what their responsibilities are for keeping the organisation safe.
Q: What should FinTechs be thinking about their responsibilities to the regulators in terms of prioritising resources during the pandemic? What can we expect to see from data protection regulators during this time?
A: This is the new normal. We need to develop solutions to protect the system as it is right now. We are going to continue to see remote working and software as a service and so on. Things are not going to go back to the way they were.
There is not much chance of any leniency from the regulator. They will expect businesses to have already had in place the systems to maintain data protection controls throughout this period.
Q: Could central banks act as a place for collaboration in their countries?
A: Central banks can encourage collaboration conversations using stimulating measures. But they will need to look at how that would work. Would there be financial incentivisation?
Watch the full webinar here.
Implementing a collective defence strategy
Working with IronNet, we are working to establish a series of Collective Defence Domes. These enable customers to leverage each other’s expertise; anonymously share previously unclassified threat behavioural analytics; and collaborate to identify threats early in the kill chain, quickly triage and rapidly remediate.
To mirror the paradigm shifting framework that IronNet has developed in the US and AsiaPac, the Domes will encompass a variety of verticals e.g. – finance and FinTech, energy, defence, government and oil and gas.
To join our next webinar on Wednesday 15th July, please register here.
We will take a sneak peek at a day in the life of a threat hunter and how they navigate through networks to detect and isolate advanced threats that evade existing security solutions.
We conclude with a panel of industry experts who join us for an interactive discussion.
- Detecting the unknowns
- Stories from the front line
- Best practices
- Panel: Ask the Experts
- Arno Robbertse, Chief Executive, ITC Secure
- Ade Taylor, CTO, ITC Secure
- Joel Bork, Senior Threat Hunter, IronNet Cybersecurity