Organizations Need to Collaborate on Security Now More Than Ever

Organizations Need to Collaborate on Security Now More Than Ever

Kunal Sehgal, executive director, FS-ISAC Asia Pacific, discusses the great need for the ‘good guys’ to band together in the fight against cyberthreats. To attend FS-ISAC’s AP Summit, register here.

Read the news on virtually any given day and it’s not hard to see how prevalent cyberattacks have become. They are a persistent global challenge to consumers, businesses and governments alike. Cyberattacks are far-reaching, impacting government institutions, large corporations and small businesses alike.

According to Frost & Sullivan economic losses from cyberattacks in Asia Pacific are costing the region US$1.745 trillion or 7 percent of the blocs total GDP. While the cybersecurity research firm Cybersecurity Ventures recently found that cybercrime will cost the world $6 trillion per year by 2021. There were also 111 billion new lines of software code that need to be secured in 2017 alone. That growing scope of cyberthreats is alarming and will only continue to grow in the coming years.

As organisations around the world try to deal with the latest security threats while also preparing for what lies ahead, working together has never been more important.

Banding Together

The hard truth is that hackers and cybervillains have no problem sharing information with each other, including hacking tips, vulnerabilities, and scams. To meet these cyberthreats head-on, organisations are trying to stave off these attackers’ need to cooperate in the same way. Firms across the globe will have ato do more to keep up with cybercriminals as threat actors are proving to be exceptional at collaborating.

If the good guys don’t ban together, we are in danger of seeing cyber-risks threaten organisations. We can’t let criminals have a stronger network for collaborating. Information sharing is one of the best ways to stay ahead of cybercrime so it’s imperative to share and collaborate. This is especially true for the financial sector, a sector that tends to take on the brunt of advanced persistent threats.

Information sharing has evolved into a critical tool for cybersecurity in today’s threat landscape and should form one of the main pillars in an organisation’s day-to-day operations, incident response and subsequent business continuity planning.

We need to use threat intelligence as an essential tool in responding to and preventing future cyberattacks and share that vital information with one another to move forward.

Become Proactive

Cyberattacks are a constantly evolving threat, and the criminals behind those attacks are very good at adapting to new technology and defenses. They may come from an internal or external source, or even a third-party, and whether they are intentional or not, the amount of damage they cause can be crippling. 

As threat actors evolve their techniques, we must also evolve our detection, prevention and responses mechanisms to stay ahead of cybercrime.

Our best tool in the toolkit is collaboration to remind us we all need to work together to counter this threat.

The best place to start is to educate and train companies, employees and individuals about cyber-risks, providing tools and resources that help teach how devices are connected to the internet, how networks are secured, and how to recognize phishing emails and good website links versus bad ones.

Businesses should also continue to assess their vulnerabilities and procedures for protecting corporate and consumer information and to ensure that employees are fully trained to serve as the first line of defense.  Detailed risk assessments, employee training sessions and tabletop exercises are just a few of the educational options available to employers to inform their workforce.

The Challenges to Effective Sharing

Information sharing, while crucial, doesn’t come without its hurdles, especially among competitors. There will likely be some hesitation, maybe even push back to collaborate with outside entities for fear of reputational damage.

Establishing trust is essential to sharing information across the world. We are inherently comfortable sharing information with people we know and trust. But what happens when your circle expands to several thousand people around the world? As communities get larger and a personal connection is harder to establish, third party facilitators become important for facilitating that trust.

Organizations like ISACs allow communities, industries and sectors to get around various challenges for intel sharing. They also enable problem solving within a given sector and sometimes across multiple sectors, borders and continents to connect different entities which may be trying to solve for the same challenges. This is done through the Traffic Light Protocol (TLP) -- a set of guidelines which dictate how and with whom information may be shared --  a set of operating rules, a secure member portal and smaller trust circles created for specific communities of interest within a given sector and even face-to-face conferences and smaller country-level member meetings.

Additionally, there is a general hesitation among corporations to declare cyber incidents. Often lawyers and policy setters in organisations tend to dissuade firms from announcing breaches for fear of losing trust among their customers. There is an overall need to improve willingness to share information and share it quickly. The quicker a threat is shared the more chances other companies have to put defenses up in place to avoid the same fate.  When it comes to cyberintelligence, the more reliable data you have, the better your decisions can be. Access to data enables security teams to identify threats as they are emerging and respond quickly when they do. The stronger our connections to one another become, the more our communities will be.

Build the Relationships

The growing threat cybercrime poses to the financial sector cannot be countered just by spending more money. Organizations need to pull together while working with government and law enforcement to attack criminals’ infrastructure.

The quest for the greater good in fighting cybercrime often starts with a handshake. Use meetings, conferences, summits and the like to network and connect with like-minded individuals who understand that we’re all working toward the same end-goal: to eliminate the threat of cybercrime against our firms.

Organizations like FS-ISAC -- the premier sharing community in the world with 7,000 members in 44 countries and with users in 72 – knows the importance of making these connections.

FS-ISAC will be hosting our AP Summit, July 18 - 19, and it’s a prime opportunity for attendees to network with peers. These one-on-one interactions create trust, key to sharing in our community.

Unlike other security events, the summit will focus on the financial sector and cyberthreats.  It’s a valuable opportunity to hear from the community about the challenges and best practices for overcoming them. There will also be a closed-door session for the C-level executives to discuss the challenges they are facing. 

At the end of the day threat actors are more than willing to share their spoils with each other. Now more than ever we must ban together to share intelligence to stay ahead of cybercrime.  Register for our AP Summit today – we hope to see you there!

Copyright 1999 - 2018 FS-ISAC, Inc.  |  All Rights Reserved. Privacy Policy