On the modern battlefield, commanders and others can share information in real time and have a common and accurate view of what is happening, allowing armies to react quickly to whatever is happening.
Fighting cybercriminals is no exception.
Information is key to identifying the ever-changing attacker tactics and the best defensive strategies.
Unfortunately, too often this is not the case today. The public and private sectors lack formal mechanisms for the rapid sharing of threat information, impeding the broad and seamless collaboration necessary to address the ever-worsening cybersecurity problem.
According to research firm Cybersecurity Ventures, the cost of global cybercrime is growing 15% annually and is expected to reach $10.5 trillion by 2025. When measured as a country, cybercrime makes it the world’s third largest economy after the United States and China.
Ransomware attacks designed to cripple organizations by locking computer systems until cryptocurrency payments are on the rise. The Cybersecurity and Infrastructure Security Agency (CISA) reported that 14 out of 16 critical infrastructure sectors in the US experienced ransomware attacks last year.
As everything goes digital, businesses and government agencies must face a disturbing reality. Only his one person in the organization has a bad day. Whether Bob from Finance is tricked into phishing her email into clicking on malware, or Betsy from IT, who wields commands while configuring network devices, exposing the enterprise to hackers. Cyber defense is always affected by the weakest link in the chain.
It’s tempting to believe that technology alone can solve the entire cybersecurity problem, but while solutions for protection and post-attack recovery are powerful and highly valuable, they’re only part of the puzzle.
Winning a war where malicious actors are constantly coming up with new tricks also requires a greater flow of threat intelligence and breach reports through formal processes. We need cybersecurity leaders and allies in both the public and private sectors, constantly working together, coordinating and keeping in touch to keep up with the bad guys.
After all, businesses and governments are deeply interconnected when trying to meet cybersecurity challenges. To prove it, we have to look to the SolarWinds hack. In this hack, attackers, believed to be directed by Russian intelligence agencies, targeted companies that contract with the government to obtain classified government information.
Unless enterprise and government security professionals become more intentional and systematic in learning from each other about emerging threats in real-time or near real-time, critical information often remains siled. I have. The world can no longer afford it. Cyber defense should be a team effort.
Fortunately, there are signs of progress. In mid-March, President Biden signed the U.S. Cybersecurity Enhancement Act into law. It requires companies deemed “critical infrastructure” to report cybersecurity incidents to federal agencies within his 72 hours and ransomware payments within his 24 hours. I’m here.
Implementation details are still being considered by CISA, but the law does require that the vulnerabilities exploited, the defenses put in place, the types of information compromised, and, if compromised, be made available for everyone to see. Add to the nation’s collective knowledge of cyberattacks by creating a record. Any information about the attacker.
Additionally, President Biden’s executive order on improving national cybersecurity, issued in May 2021, includes actions aimed at removing barriers to threat information sharing between the public and private sectors. I’m here.
With this order, CISA will work with the Office of Management and Budget to recommend contractual language that facilitates the sharing of critical data, establish a Cyber Security Review Board co-chaired by government and private sector leaders, and I was instructed to convene and analyze after a major cyber incident. Find out what happened and make recommendations to improve security.
While these steps are a useful starting point, they have also been removed from the public sector, like when I stepped down as the CIA’s Chief Information Security Officer (CISO) in May and held a similar role at cybersecurity firm Rubrik. It is available to anyone who has transitioned to the private sector. — fully recognizes the need for more substantive threat intelligence sharing partnerships.
But how? Here are some ideas:
1 – CISOs often talk privately with each other about what’s going on, but their insights stay within the group. This wastes opportunities to inform others and leads to isolation of time-sensitive knowledge. You need a way to disseminate threat intelligence and best practices to more people.
For example, in June my company appointed CISA’s first director, Chris Krebs, to serve on a strategic CISO advisory board to help private and public sector organizations combat the rise in ransomware and other cyberattacks. created and led. This demonstrates how companies across the cybersecurity industry, along with key government stakeholders, can collectively act as an information clearinghouse and trusted authority on the latest threats and how to mitigate them. This is an example showing
2 – Businesses can sponsor a network of cybersecurity leaders and authorities similar to Gartner’s Peer Connect. Peer Connect describes itself as “the world’s most influential network of business his leaders” and “a community of peers to discuss important issues and provide critical information.” business decisions. ”
3 – Anyone can visit the State Department website to learn about any country’s threats, from armed conflict to crime to disease, and decide whether to travel there. The Department of Homeland Security maintains a National Terrorist Advisory System that provides timely and detailed information on terrorist threats. Perhaps CISA could do something similar on the front lines of cybersecurity.
National cybersecurity regimes would greatly benefit from such open channels of communication. Those on the front lines must always learn from each other. With a more collaborative approach, cybercriminals face a greater defense than the sum of their individual parts.
Michael Mestrovich is Chief Information Security Officer at a Zero Trust data security company. Rubric Former acting CISO of the Central Intelligence Agency.