News of cyber attacks seems to be almost a weekly occurrence. These headlines are indicative of a much broader trend that promises to fundamentally shift the balance of power in the cyber security landscape. The age of the cyber offensive is here and regularly puts on display the futility of cyber defense. Some of the victims of cyber attacks have been lax in their cyber security practices; however, even organizations considered role models have not been spared. Over the past few years, we have witnessed a surge in the sheer number of cyber attacks, greater occurrences of successful breaches and increases in associated costs to affected organizations as well as individuals. While cyber threats are not a new phenomenon, the scale, frequency and degree of socio-economic impact are much more significant and threaten to continue growing if left unchecked.
In order to devise a strategy to effectively counter this trend, it is first necessary to understand the conditions that have led us to this current state. Individuals' personal data ranging from credit card details to health records are being traded in well functioning underground markets. The growing economic incentive for cyber attacks all but guarantees that governmental institutions and enterprises are not immune either. The risk to the digital economy is compounded with state actors entering the fray with extensive resources to conduct their own cyber offensives. A key interesting observation is that each successful attack or breach proliferates the skills, tools and supporting ecosystem necessary for cybercrime. One additional factor worth noting is that technology innovation invariably outpaces security controls, increasing the threat surface area of organizations. Technological innovation is now increasingly consumer led forcing organizations to adopt faster to serve them or it diffuses into the work environment leaving the traditional IT to play catch-up.
Cyber security professionals today find themselves facing significant odds. They have to constantly shore up their defenses to new threats emanating from a multitude of sources as well as keep pace with new capabilities their organizations deploy. While budgetary pressures are easing given that cyber security is now a boardroom conversation, budgets are still finite and skills are still hard to acquire. Many organizations invest in a portfolio of security solutions and are forced to deploy their precious resources to complex integrations rather than conduct security operations. Taking these challenges into account and interpreting recent events involving state actors, it almost appears as if an offensive response might be a better deterrent than attempting to establish an effective cybersecurity posture. However, given the anonymity that the cyber landscape affords, the best offense doesn't guarantee the best defense, in fact it might just lead to an escalation of hostilities.
If cyber defense cannot be conducted individually against all attackers perpetually in a dynamic environment with flawless efficiency, then the natural evolution of cybersecurity has to be playing defense in ranks. Playing defense in ranks is essentially a collective approach to cyber security, with greater emphasis on security content and portability of security analytics. The pre-requisites for playing defense in ranks are:
- Pooling of security knowledge: If each participant contributes knowledge of threats, vulnerabilities, and exploit methodologies then the community is able to provide each participant a more complete view of their security risks. Nascent industry efforts to share indicators of compromise (IOCs) among private or public communities validate the necessity of pooling security knowledge. Moving forward, not only will the knowledge be richer in breadth and detail but also the communities will feature intelligence that proactively deliver relevant knowledge to participants.
- Rapid dissemination of capabilities and operational methods: A platform to distribute security analytics and procedures as either a public good or through a monetary exchange will enable participants to incorporate effective and timely security functionality into their security practices.
- Collaboration and coordination of best practices: Successful development of security policies and deployment of security infrastructures are honed through experience so the only way to gain experience under time constraints is to learn from the experiences of other participants. Today, resources may be available but are often disjointed, require non-trivial efforts to discover and are not standardized all contributing to a time overhead.
This collective approach to security will enable organizations to close ranks each time any member of the community is faced with a cyber attack. Collective intelligence has the potential of not only reducing the efficacy of the initial cyber attack but also reducing the shelf-life of malware and attack methodologies.
Playing defense in ranks promises to reimagine the traditional individualistic approach to cybersecurity in 2015 and beyond.
Vijay Dheap is a Cybersecurity Strategist and currently leads IBM's Cyber Forensics and Advanced Security Intelligence business.