In a world of rapidly escalating cyber threats, enterprises across industries are constantly trying to build up their defense systems. Notably, supply chain attacks have become more prevalent: According to the Accenture State of cyber resilience report, indirect attacks into the supply chain now account for 40% of security breaches.
Most recently, SITA, an air transport information technology company fell victim to a cyberattack that compromised passenger data stored on servers of SITA Passenger Service System Inc. This breach affected multiple airlines around the world, including Singapore Airlines, Malaysia Airlines, and Air New Zealand.
In the face of highly sophisticated cyber adversaries with nearly limitless time and resources, individual organisations are still struggling to defend themselves.
A paradigm shift to Collective Defense is urgently needed. When groups of organizations that share a common interest — such as a supply chain, a group of portfolio companies, organizations in a shared industry sector, state, or country — can collaborate and share real-time cyber threat information within a secure operational community, they can more effectively prepare and defend against attacks that may be headed their way. This is a powerful, systematic, and actionable approach to cyber defense that can provide organizations the path to get ahead of these relentless attacks.
Why we think cybersecurity should be top of mind, rather than a by-the-way
The concept of Collective Defense is not new, and we see it being increasingly adopted. In Singapore, the Critical Information Infrastructure (CII) Supply Chain Programme was recently initiated to establish best practices to better manage cybersecurity risks across the supply chain amongst all stakeholders – the Cyber Security Agency (CSA), CII owners, and their vendors.
However, with regards to Collective Defense, some organisations still have questions about how it works; how to operationalise threat information; and why it is safer, more beneficial, and much needed.
Six common misconceptions towards Collective Defense addressed
Misconception #1: Collective Defense gives away one’s competitive advantage
It can be unsettling, but often true, that some organisations would rather see their competitors affected from a cyberattack than work together to confront cyber threats at large, but there is a cost to this position.
Sophisticated threat actors can probe entire sectors looking for points of entry, and once in, they move laterally to other organizations in the sector and cause damage or gain network access for later use. So, a successful attack on one organization is a potential entry point to another organization.
Due to the shared global infrastructure and complex interdependencies, operating in silos will only reduce the visibility and intelligence that could potentially be shared more broadly.
Misconception #2: Collective Defense places data privacy at risk
Many perceive that Collective Defense compromises data security and privacy. With the right Collective Defense platform, however, organisations can securely share threat information even between competitors with confidence, because the data within the platform is not public, and the data being shared is anonymised within, and encrypted to and from, the ecosystem.
In other words, no company will have to give up their data ownership and privacy while having access to see a common operating picture.
Misconception #3: Threat information sharing is no different from Collective Defense
Collective Defense should not be confused with today’s threat intelligence platforms. Most threat information feeds contain noise and are based on known indicators of compromise, such as hashes or IP addresses.
Within a Collective Defense ecosystem, analysts can share information and insights about observed threats and share important contextual information — which makes the security operations and response functions more efficient, timely, and relevant for all members. When a threat alert has been detected in their network environment, analysts can quickly determine if the behavior has been observed in other members’ environments; learn details of the observed behaviors, associated web domains; and see the actions other members have taken to mitigate and respond.
Misconception #4: Integrating Collective Defense into one’s existing security software stack requires too much time and extra resources
Organisations are currently researching and responding to cyber threats individually, when they could be leveraging information shared within the Collective Defense community and optimize their limited resources to remediate the most urgent threats.
Misconception #5: Sharing information with the government is ineffectual
Without shared visibility of cyber threats between both the public and private sectors, government cannot help defend the private sector as it is not aware of events that are taking place in the moment. With quicker detection and response, governments can rapidly take down attackers in ways that private organisations cannot do so alone.
Misconception #6: The current system is good enough
Threat actors are continuously adapting threat techniques to create more sophisticated attacks — and this means that current, signature-based security tools are ineffective. Even with robust, layered defenses in place, attackers can find and exploit vulnerabilities with their sophisticated, deceptive, and constantly changing tactics.
The future of widespread cyber defense is reliant on how organisations work together to identify attacker behaviour and, at the same time, better protect our own networks. Only then can organisations strengthen cybersecurity and build herd immunity against the adversaries who are running rampant to unravel our global digital economy.
This article was contributed by Gaurav Chhiber, VP of Asia Pacific & Japan for IronNet Cybersecurity
About the author
Gaurav Chhiber is the VP of Asia Pacific & Japan for IronNet Cybersecurity. He is responsible for managing the IronNet business in APJ. IronNet’s mission is to deliver the power of collective cybersecurity to defend companies, sectors, and nations. The team consists of expert offensive and defensive cybersecurity operators with unmatched experience defending commercial and government networks against advanced threats Gaurav has over twenty years of experience in security, IT and network solutions and has worked across different Enterprise markets in Asia Pac.
Before joining IronNet, Gaurav was Director of security software, APJ for Hewlett Packard Enterprise (HPE). He extensively worked across the region by leading teams and helping customers to improve their Risk posture by securing Application, Data and Network.
Gaurav also worked in Verizon Enterprise Solutions for over 13 years during which time he managed the South Asia and India Sales business.