Keeping watch in the security neighbourhood.

Author:Kirk, Richard

We are better protected when we work together. Whether it is keeping an eye on a neighbour's house when they go on holiday or, in the case of cyber security, sharing threat data to make sure we know about the latest threats that our competitors and colleagues have faced, awareness and cooperation are key.

Cyber security attacks are occurring every day. Over the past year, more than 90 percent of all US companies suffered some form of hack, though many were not even aware that their systems had been breached. According to recent estimates, close to 400 new threats are emerging every minute, and up to 70% of attacks typically go undetected. There is only one way to describe the situation: an industrial-scale cyber crime epidemic that is only getting worse.

Although law enforcement agencies generally claim that there is no way to prevent cybercrime, such as the activity of organised drug cartels, sharing security knowledge and threat data could benefit millions of people. From what I have seen, one of the best examples of this is in the global financial services community where there is a weekly conference call. Every Tuesday, security leaders from across the financial services industry, many of them fierce competitors, get on a call and talk about the threats they are seeing and experiencing. This is a great example of how powerful it is to share - a case of strength in numbers. And it makes a lot of sense. After all, if you are walking down the street and someone robs you and then it happens again at the same place at the same time the following day, you might know to avoid that spot in the future. But your neighbours will only know to avoid this spot if you tell them. This is how neighbourhood watch schemes came into existence, with everyone looking out for the security of the whole group, and they have proven to be very effective.

Just like the Tuesday call of CISOs from financial services heavyweights, effective security programs will alert other users to threats, regardless of whether they are allies or competitors. This demonstrates the 'power of the crowd,' because in the security industry, it is not simply about one great expert, but rather the expertise of thousands of security practitioners who become the collective genius. And with the network of users and the community connected to modern platforms, sharing threat data in real-time, it can be done, and it can be even more effective in preparing everyone for the inevitable and...

To continue reading