By now, you know the adage: It’s not whether you’ll be the victim of a cyberattack, it’s when. With the growing number of high-profile attacks and the awareness that small businesses are equally at risk, more business decision-makers need to deploy the right tools to protect corporate and consumer data. However, organizations still struggle to put together a solid cybersecurity strategy that allows them to identify the best tools and approaches to improve their overall security stance.
We talk a lot about cyberattacks in terms of ransomware or malware disruptions. However, the threats and the consequences go much deeper than that. Threats from Internet of Things (IoT) devices could cause infrastructure disruption or even a threat to life. Insider threats—whether deliberate or accidental—are other attack vectors that a cybersecurity strategy must address.
Though disgruntled users can do a lot of damage from inside the network, the accidental threat—for example, the user who responds to a phishing email by clicking a bad link—has also become a major problem. Many companies approach this problem by incorporating it into employee training or emailing announcements, but it is difficult to implement in a universal way. As senior director of product management, cybersecurity, Simon Ball observes, “It doesn’t matter how many posters are up in the break room, someone is going to click on a bad link.”
The people shortage makes monitoring threats and improving training more difficult. Not enough skilled cybersecurity workers are available to meet the demands necessary to run a security operations center (SOC).
Knowing the weak points and attack vectors in your network is the first step toward developing a solid cybersecurity strategy. In order to make sure you are doing all you can to keep your data safe, you’ll need to collaborate, communicate, and share indicators internally to prevent and mitigate possible attacks.
This must happen on a variety of levels. SOCs already offer a number of collaboration and communication tools that enable analysts to share information easily, which is important. An easy way to communicate shareable information, allowing less experienced users to communicate with more experienced users, is also necessary. This enables those without a strong security background—or most everyone within an organization—to seek help and get questions answered quickly. It can also help scale some of the people shortage.
Once you communicate the problem, you’ll need the tools to mitigate the possible attack. This is often where even a good strategy tends to hit a roadblock: although the tools are out there, they are too often proprietary. Security vendors don’t collaborate because they’re competing with each other. On the other hand, cybercriminals collaborate through open-source options, giving them the upper hand. Learn from the adversaries’ playbook, and add the collaboration and innovation of open source to build a better, more flexible and efficient security tool.
“Open source gives you a common platform to share data,” says Ball. “With community collaboration, you create a base from which the community can build. This means that a company doesn’t have to start from scratch every time they need a new tool.”
Open source gives users many sets of eyes on a problem, and many people providing unique points of view. This range of input helps to create a broader set of detection capabilities. It also allows for open and frank discussions of priorities for different organizations—or different areas within an organization—that provide greater perspective on what the threats are and how to address them. This increases the ability of SOCs to collaborate. The involvement of active end users in the community is crucial to getting the right input on what’s relevant and cutting down on false positives.
Right now there is a need for a platform that serves as the algorithm that other tools plug into. For vendors, the push is to become that platform, but Ball doesn’t think it’s something that can be owned by a single proprietary vendor.
“Individual vendors creating standards that compete with other standards is not the way forward,” Ball adds. “The best way to have a genuine emerging standard is to create it in an open community and base it on real use.”
Getting an enterprise on board with the idea of open-source communication and collaboration won’t be easy. Most are already tied down by with their traditional, inflexible software. Even though they know it’s a broken system, they are locked into their leases and purchases. Unfortunately, that also means they are locked into those security fixes and solutions, and this puts data at risk and stifles their overall cybersecurity strategy.
“With open source, they are able to participate more directly and have more flexibility,” Ball says. “Innovation is much faster than you’ll ever get from a single vendor.” And it’s flexibility and innovation that will be the keys to building a strategy to meet your network’s needs.
Learn more on how open source can be the starting point to build a cybersecurity ecosystem.