Conrad Constantine, research engineer, AlienVault
Open information sharing develops an intrinsic capacity for intelligence and sustainable security practices within the fabric of business itself, freeing us from an artificial reliance on the business model of any particular vendor. Just as true scientific progress is robbed of the ability to make unintended discoveries when data is held behind a paid curtain, we cheat ourselves of the providence of progress via pure research in the field. The nature of the “information age” leaves no business an island. Being less insecure than your competition is an illusion of competitive advantage. Individually, nobody knows all the pieces to the puzzle, while collectively we hold most of them. When a few organizations hold all the cards, government regulation is inevitable. Our failure to realize our obligation to share intelligence and take a collective stand is why the Cyber Intelligence Sharing and Protection Act (CISPA) is the regulation we deserve, not desire. We can either make efforts to change our approach to defense, or continue to let our misery be monetized.
Abe Getchell, principal consultant, Cyber Security Professionals
Implementation of often-ignored basic countermeasures is a more effective way to protect critical information. The majority of recent, impactful security breaches could have been prevented by implementing these measures to protect information and systems considered critical to their respective organizations. These countermeasures, such as encryption of sensitive information in various formats and ongoing user-awareness training programs, are a few examples of universal best practices widely regarded as “the basics.” Every organization that conducts business on the internet is at risk, and threat agents will do the bare minimum to achieve their goals. Implementing basic countermeasures as a comprehensive approach to security will raise the bar for threat agents, increase their cost of doing business, and reduce their ROI. Basic security controls are usually effective enough to counter most threats. It is only when organizations have a handle on the basics can the full value of shared intelligence be realized.