2011 was a banner year for security breaches, including the highly publicized Lockheed Martin, FBI, Sony Play Station Network and Citigroup breaches. Lesser-known but collectively damaging attacks against lower profile targets, including credit unions, were also on the rise as 2011 ushered in a measurable increase in breaches targeting smaller organizations.
Today’s cybercriminals are banding together – learning from each other, devising new ways to attack our security defenses and wreaking havoc on their targets as well as entire industries. In the last six years, we have witnessed year-over-year growth in the scope and impact of breaches. As a result, many are left wondering if the good guys stand any chance against these cybercriminals.
As the founder and CEO of Wisegate, a private online community for senior-level IT executives, I have the privilege of working with some of IT’s best and brightest security professionals with a ringside seat to the private discussions that unfold in the aftermath of these attacks.
Our members, CISOs and senior security practitioners from brand-name companies and government agencies, come together to debate these issues, and one solution to this growing problem stands clear – collaboration. If the bad guys are getting better at collaboration, so must the good guys.
In a recent Wisegate poll, 81% of senior info security respondents agreed that “Infosec professionals collaborating more to outsmart hackers” was the preemptive measure that would have the greatest potential to reduce the frequency and scope of hacker attacks.
I like the idea of fighting crime through collaboration, which is not a new idea. It reminds me of stories told about the Wild Wild West. After all, what’s going on with hackers today is a lot like what the ranchers of the 19th and 20th centuries faced with cattle rustlers.
As the West was settled and cattle ranching flourished, rustlers showed up, banded together and stole cattle. It was a serious problem. In order for any of the ranchers to survive they had to join together – even though some of them were competitors. They realized that no one rancher had enough manpower to deal with roving bands of rustlers; they needed to create a force that was greater than that of their enemy. They couldn’t go it alone.
The ranchers fought the rustlers through collaboration and it worked. The ranchers put a serious dent in the rustling. They even retrieved a lot of stolen cattle. And when the rustlers saw that stealing cattle was no longer easy, they started looking elsewhere to cause trouble.
Fast forward to today.
Cybercriminals are using significant intelligence-gathering techniques and coordinating their efforts to get information about the consumers and sensitive data the good guys are trying to secure. Jeff Bardin who is a Wisegate member, well known financial services CISO and cyber intelligence professor, tells us that, “Cybercriminals will examine Facebook, LinkedIn, YouTube sites, anything they can think of, to gather info that they can use to find ways into corporate environments to get at valuable data.” And today data is equal to what cattle were in the Old West – money.
Phil Agcaoili, Wisegate member, chief information security officer at Cox Communications, founding member of the Cloud Security Alliance and co-chair of the FCC CSRIC Cyber Security Working Group, believes there’s a strong correlation between the increase in and sophistication of security breaches and the coordination of today’s hackers. He says, “They’ve really gotten together, shared what they know, and have done a good job of joining forces to attack the defenses that our security experts are building in cyberspace.”
Agcaoili believes that senior security professionals can counter these attacks by better coordinating their own understanding of best practices for cyber-security and sharing real-time intelligence on current issues and defenses.
Collaboration isn’t easy – it takes time and motivation. I am proud to witness the sharing of information among dedicated security professionals (the cowboys of today) who are banding together, not out of mandatory obligation, but rather in solidarity to right what is wrong.
Tom Malta, Wisegate member and senior technology risk executive in financial services, including Goldman Sachs, Morgan Stanley, and BNY Mellon explains, “When top security pros are able to share experiences and collaborate to outsmart cybercriminals, entire industries like financial services stand to benefit.”
I think Malta is right and senior IT executives agree – It’s time for the ranchers and cowboys of information security to band together, armed with their collective brainpower, to outsmart the bad guys.
Just like in the old days, there’s power in numbers.
Sara Gates is founder and CEO of the Wisegate social knowledge network for senior professionals.