Trusting your customers and partners with valuable proprietary information and data has always been a massive issue in most business sectors, borne from years of ruthless competition, battles for customers and clients and keeping that all-important ‘competitive edge’ over your rivals.
Also, in addition to the strong desire to keep useful industry and customer data solely within the confines of a business, there is also always an element of basic security at play. If a competitor or a threat actor finds information which they can use against your company, then you are laying yourself wide open to being hacked or damaged in some way.
That’s why openness and security aren’t traditionally considered to be natural, happy partners. This urgently needs to change, because it’s increasingly vital that businesses work together to share information with the cybersecurity industry to enable it to stay one step ahead of the ever-evolving threat landscape.
Sharing knowledge on the evolving threat landscape
Within the security industry specifically, openness and the concept of sharing insight on particular threats with anyone outside an organization is an awkward proposition for many.
Ironically, this distrust is often high in organizations where sharing knowledge, such as that relating to cybersecurity, is imperative to preventing further security attacks.
Trust and openness are heavyweight and complex issues that differ depending upon the nature of the business sector. To ensure that your business is properly protected against malicious cyber-attacks there needs to be a level of both in operation: it’s neither feasible nor necessary to view the matter as a black and white, one or the other dichotomy.
So what the cybersecurity industry really needs is a viable process for ‘managing distrust’, instead of pushing for a naïve and impractical ‘ubiquitous openness’ utopia.
Zero knowledge data and Blockchain sharing
With this in mind, businesses need to work closely with their trusted partners and digital security experts to develop ways of sharing insight and data on new cybersecurity threats that at the same time don’t also share valuable industry knowledge with their competitors.
So while it is vitally important that organizations share insights on threats and attacks with their competitors, it’s equally important that they do this in ways that provide insight without the full intelligence.
This is exactly where standards such as STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) can help to re-align IT security efforts.
Business owners and IT leaders responsible for digital security need to be fully informed on the various ways of sharing that provide cybersecurity experts with insight without full intelligence – including strategies such as zero knowledge data sharing or making use of Blockchain sharing methods.
Consider WannaCry, in which millions of ransomware attacks hit computers worldwide, taking down vital NHS systems, a large telecom in Spain, and hundreds of other businesses and institutions across the globe. A cybersecurity expert called Marcus Hutchins discovered a universal kill switch, saving millions of users and businesses across the world from a potentially catastrophic cyber-attack.
However, what would happen if a similar global malware attack occurred again, and the information to stop such a threat was found and needed sharing rapidly and openly with the cybersecurity industry to shut it down? Without a proper information sharing infrastructure and sharing culture in place it could, potentially, lead to a considerably more devastating outcome.
What are STIX and TAXII?
The fact is, the threat landscape is changing and global cyber threats are increasing. That’s why there are vital changes underway in industries that are particular targets of cyber-criminals, such as the financial services sector.
Financial services have seen a rapid growth in analysts sharing information through the Financial Services Information Sharing and Analysis Center (FS-ISAC), a dedicated industry forum via which businesses can safely share information on critical security threats facing the sector as a whole.
This is why standards such as the aforementioned STIX and TAXII are vital to the future of cybersecurity. Developed by The MITRE Corporation and the US Department of Homeland Security, STIX and TAXII are free, open-source standards that enable cyber threat data to be rapidly and easily shared in real-time.
The key to stopping cyberattacks on the scale of WannaCry from having devastating impacts in future is to make threat intelligence more accessible for all. Standards such as STIX and TAXII are going to help public and non-profit organizations, private companies and industry groups like FS-ISAC re-align their security efforts based on real-time information exchanges.
This is clearly the path that businesses need to follow, though the problem persists that the current use of these standards is still very much a conscious effort.
There is an educational challenge here: it’s vital to help business and IT leaders understand the benefits of embedding standards like STIX and TAXII into how their business functions in order to drive a culture of necessary openness and to keep one step ahead of the (many) cyber-criminals out there.