BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

The Key To Cybersecurity: Shared Intelligence And Industry Cooperation

Forbes Technology Council
POST WRITTEN BY
Itzik Kotler

Chicago in the 1930s was a hive of organized crime where the bad guys always had the upper hand. As dramatized by the film "The Untouchables," lawman Eliot Ness confides to Officer Jim Malone that he is prepared to do “everything within the law” to take down Al Capone. But streetwise Malone tells Ness that, to win, he must be prepared to do more. “He pulls a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue. That’s the Chicago way.”

Like ‘30s Chicago, the dark web is crawling with global crime syndicates, and everyone I've talked to says fighting the Chicago way sounds appealing. The problem is that the same laws that make hacking a crime also make it a crime to retaliate.

There are ways to go on the offensive, however. New technologies, techniques and data allow companies to do more than set up defenses and wait. Instead, companies can use hackers’ methods to preemptively discover and fix weaknesses.

Through working as a hacker and at the helm of my own cybersecurity firm, I've found that the ingredients for a great IT security cocktail are threat intelligence services, knowledge of hackers’ own tricks, and breach simulation platforms. What really makes it effective is cooperation across the spectrum of businesses and industries.

Threat Intelligence

According to Gartner, “Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard." Simply put, threat intelligence is like a fingerprint that helps identify specific types of attacks and hackers.

Good threat intelligence gives organizations an advantage because it helps companies know what hackers might do in the future, offering indicators of potential compromises. This anticipatory approach is a big advantage, allowing organizations to patch security before it's a problem.

Threat intelligence comes from the experiences of companies, associations, industries and governments that have experienced cyberattacks. As you can imagine, that’s a lot of data, and it would be impractical for individual companies to take on the burden of collecting and analyzing it for their own use. That’s why an entire segment of the IT security industry is dedicated to collecting up-to-date threat intelligence and offering it as actionable business intelligence for security services providers.

A Hacker's Playbook

It's useful to understand some of the hacker community’s tricks of the trade. For my firm, we found compiling our own "hacker's playbook" helpful. This is just a compendium of signature moves used to attack, penetrate and move along a network’s initial point of attack to the final objective. It includes threats, attack methods and industry-specific target information drawn from your threat intelligence and compiled from millions of security events based on different objectives, technical environments and other factors.

Such a resource ideally isn't written by one organization or individual based on their isolated experience, though. Instead, it should focus on cooperation between different organizations. So we used findings from our own deployments, security breaches in the wild, and proactive research to compile our playbook and shared it within the security community to ensure that everyone understands the types of techniques hackers are using and the best practices for securing their environments.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Automated Breach Simulation

Automated breach simulation takes the hackers' methods and continuously tests the strength of your cybersecurity. It's a method used by security companies like vThreat and my own to ensure that cybersecurity controls are working as planned and, if not, identify risks and plug holes.

Combined with threat intelligence, breach simulations can make continuous threat detection and prevention more likely. By transforming indicators of compromise (the modus operandi of attacks) into breach methods, you can quickly make decisions about the impact of an up-to-date threat that is targeting your industry. I favor an automated breach simulation approach because it helps organizations anticipate attacks and blunt them in advance.

It’s not easy, though. There are millions of security events affecting U.S. companies every day — I've seen single organizations record thousands of attacks in a day, each attack producing new threat intelligence. But by combining threat intelligence into hacker playbooks and using them for breach simulations, organizations gain the perspective of the hacker in a meaningful way.

Cooperation Between Businesses

This approach to cybersecurity requires sharing and cooperation between businesses so that industry-specific threats can be identified, as hacking techniques are often tailored to defeat the defenses of specific industries. Companies need to share their experiences to draw a richer landscape of likely attacks and be better prepared when it happens.

Fortunately, we’re seeing evidence of collaboration already. One example is the National Credit Union Information Sharing and Analysis Organization (NCU-ISAO), which recently launched operations to collect, analyze and disseminate threat intelligence targeting Credit Unions.

"This is the first operational and threat intelligence sharing organization dedicated wholly to credit unions,” NCU-ISAO executive director Gene Fredriksen told Credit Union Times. “Because the information-sharing needs for credit unions encompass more than just cyberthreats, the NCU-ISAO will support innovative, member-driven initiatives around benchmarking, process improvement, and regulatory strategies.”

Beyond credit unions, the ISAO tracks other industry organizations that are also operating, or in the process of starting, threat intelligence sharing operations. For instance, organizations like Visa are offering their own Threat Intelligence feeds for the payment industry.

Initiatives such as these are an important development in the fight against cybercrime, but they can only succeed with broad commitment and participation across industries. All interested parties -- private enterprises, business and industry associations, technology developers, law enforcement, etc. -- need to work together to stop cybercrime.

I foresee a day in the near future when the defeatist attitude is dropped and the tide is reversed in favor of the good guys. It may not be the Chicago Way, but it is a way to bring the fight to today’s cyber gangs.