Lessons Learned: What Uber’s Approach to Decentralization Can Teach the Cybersecurity Industry

Notorious Uber founder Travis Kalanick’s idea for a decentralized transportation system in which any person with a valid license, no criminal history and proof of insurance could generate income as an on-demand driver has disrupted the transportation industry in ways few could have ever imagined. While the reality of Kalanick’s vision has in fact devastated the taxi industry in many ways, there is no denying that Uber has made it more efficient, more comfortable, more transparent and more affordable for people to get around.

Uber has been so influential that several other industries have adopted the term “uberization” to describe the transition to decentralized platforms as a means to connect buyers and service providers. Accenture has noted the uberization of exploration and production in the oil and gas industry. wrote that many legal service buyers are looking to new platforms for basic document preparation. Medical Tourism Magazine says there’s uberization in healthcare. And on websites such as Upwork and Fiverr, clerical and professional service providers offer a new market for on-demand talent.

Nowadays, such decentralized communities are allowing buyers and sellers to share information and transact any virtual service from anywhere in the world. This ability is enabling organizations to access talent and information that they may otherwise not have found at their desired price or on their desired terms.

When thinking about cybersecurity, the number one issue plaguing the industry is the labor shortage. There are simply way too many jobs available and not enough qualified people to fill those jobs any time soon. Presently the most common solutions under discussion to mitigate this deficit are to start promoting cybersecurity careers to students at a much younger age and the adoption of AI technology to replicate human actions. Both are fine solutions; but neither of them alone or combined will make a large enough dent in the labor deficit.

In order to truly help companies and government agencies of all sizes reduce risk, the cybersecurity industry must look to Uber’s decentralization model and apply it to threat intelligence sharing. This is the best and most realistic option for society to reduce the many constraints currently caused by the lack of cybersecurity talent available to the market.

Uberizing the cybersecurity market

At a time when organizations are scrambling for cybersecurity talent while facing more threats than ever, Uber’s decentralized model could offer both a short-term solution and a long-term answer to the cybercrime epidemic.

Currently, there are nearly 3 million open and unfilled cybersecurity positions around the world, according to ISC, and the demand is only expected to grow. While organizations used to leave security roles to general IT staff, the explosive growth of cloud-based solutions, devices and new connected technologies has made the picture far more complex. Employers of all sizes need in-house talent with hands-on cybersecurity skills and knowledge of the latest threats and remediation tactics, and that is proving hard to find when there’s a lack of traditional education programs and not nearly enough people entering the industry.

Now, imagine if your organization had access to hundreds of thousands of analysts from around the world. Much like not every driver on Uber becomes your driver, not every analyst would be of immediate assistance to you. But that’s not the point. Rather, the simple existence of decentralized threat intelligence sharing could lead to the greatest level of threat reduction ever seen by simply allowing for ubiquitous access to threats, solutions and other invaluable information.

The cybersecurity industry has talked a big game about decentralization in recent years, yet there hasn’t been much action to make it a reality due to profit-driven vendors and a lack of public-private partnerships. And what threat-sharing is available usually only identifies problems without offering solutions. Think about Uber: It doesn’t just show cars that are available or let people post that they need rides. It connects the two and solves the problem.

True decentralization to overcome the labor crisis

Despite the fact that new cybersecurity products, services and platforms continually come online, cybercriminals remain one step ahead of defenders. As evidence, both ransomware and spoofing attacks grew by 350 percent and 250 percent respectively in 2018, according to an article in Industry Week.

While decentralization is key in the fight against cybercrime, true decentralization will require the global analyst community to share both threat intelligence and practical solutions in terms that are applicable for people of various skill levels. In addition, the threat intelligence shared must be actionable and automated to reduce training costs, improve analyst efficiency and enable organizations of all sizes to easily identify and mitigate threats. Imagine if Uber required more than two clicks to schedule a car - it would have never become such a monumental success.

In the never-ending fight against data breaches, fraud and cybercrime, even competing organizations can find great benefit in the decentralization model brought into the mainstream by Uber. In truth, there’s no other realistic opportunity to make a significant dent in the labor shortage any time soon. And even if it were possible to fill all of the available jobs, the decentralization of threat intelligence would only serve as another safety net against attackers who have the time, money and resources to stay ahead of our best defenses. To the cybersecurity community, let’s use Uber’s success to our advantage, for failure to do so would certainly leave businesses and government agencies highly exposed.

Eyal Benishti is the founder & CEO of IRONSCALES, a provider of advanced phishing threat protection technology.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.