Attackers work together, so victims should too
Modern cybersecurity is about responding rapidly, isolating attacks and sharing information. Innovative technologies such as cloud-based solutions and big data analytics are helping.
“One big trend which is helping on this front is the rise of ISAOs [information sharing and analysis organisations] which enable the sharing of information about cyberattacks ” says Karl McDermott, head of connected solutions at Three.
An Obama White House initiative, “the concept behind ISAOs is that the hackers are working together, so the potential victims should be too”.
It marks a major shift for organisations that, until recently, would have found the idea of admitting an attack, let alone sharing information with competitors about what was lost and how, anathema. “With ISAOs, if a threat is found, that information is shared, as a way of mitigating it,” he says.
Banks are also establishing cyber defence alliances.
The European Union recently approved a Network and Information Security Directive with similar objectives. The directive requires that member states form a Computer Security Incident Response Team, and that businesses in critical infrastructures notify national authorities when cybersecurity incidents occur. It also mandates that businesses set up a co-operation group to facilitate sharing of information about risks.
Accountancy and professional services firm PWC identifies this trend in Toward New Possibilities in Threat Management, essentially key findings from its Global State of Information Security 2017.
It looks at pioneering work by the US state of Virginia, which announced a state-level ISAO two years ago. Virginia was also the earliest state to implement the US’s NIST Cyber security Framework, which encourages the sharing of cyberthreat information.
It paved a path that organisations in this part of the world are likely to follow. And it is still leading the way. Virginia recently established a public-private working group with Virginia State Police to address the potential for cyberattacks on connected automobiles.
Detect and prevent
The working group comprises stakeholders from federal and state government agencies, academia and private sector cybersecurity companies. It aims to help officials understand how to detect and prevent cybersecurity attacks on vehicles and on other consumer devices. The rise of the so called Internet of Things – smart, connected, digital devices – makes this a pressing issue .
Virginia leads the way in implementing a threat-intelligence solution from a cybersecurity solutions provider. Like public organisations the world over, the US state is a repository of personally identifiable information about its residents, from births and deaths to tax returns and health information.
In 2016 the state’s officials noted an increase in phishing attacks. It implemented a solution that enables it to monitor inbound and outbound traffic. The solution also helps security analysts execute and inspect advanced malware, ransomware and advanced persistent threat attacks, known as APTs.
The PWC report says this united front “makes the commonwealth’s motto Sic Semper Tyrannis – Thus Always to Tyrants – more fitting than ever.”