While not a shocking revelation, a thought resurfaced among a group of like-minded security peers that deserves an in-depth glance, especially in today's threat climate.
Recently, I was on a panel group where we were discussing ransomware. Someone asked if it was known how many ransomware groups were currently operating globally. One of the panelists answered that the FBI was tracking about 100 of them as of 3 years ago. That number is likely too conservative, as the reality is that there are many more groups or individuals involved.
However, the bigger concern is that the criminal actors are working together. Each criminal actor has a unique skill, toolset, or other thing of value they bring to the table, so they collaborate with the agreement to split the ransom.
The resulting thought was this: If the criminal actors are finding success in collaborating with one another, then so can we. Members of the security community should collaborate not only to protect themselves but to fight back.
Stronger Together
A year ago, at the RSA Conference, the theme was “Stronger Together.” The idea behind this theme was that the security community has long fought criminal actors on their own with varying levels of success. Instead of continuing this model, we should unite against the common enemy.
For example, security leaders at financial institutions can learn a lot from each other because they are likely fighting the exact same types of campaigns from the same set of threat actors. The same can be said about the security leaders at retail organizations, healthcare groups, and critical infrastructure. This approach also applies to vendors. As an example, Fortra competes with Microsoft’s security portfolio, but our threat intelligence teams work together to take down infrastructure used for ransomware attacks.
Another example of a united front is a combined effort to stop paying ransoms. Whenever a ransom gets paid, it helps fund the continued operations of the ransomware groups. Unfortunately, many will make the decision to pay anyway because the amount may be less than the cost of recovery. This just signals a willing customer and increases attacks.
Collaborating with people from your vertical helps tremendously because it’s a community that understands your business model and challenges, so sharing best practices and threat intelligence about your common threat actors and attack campaigns ultimately benefits everyone.
Benefits of Collaboration
There are a few reasons collaboration works well for the security community:
Sharing best practices and threat intelligence helps everyone be better prepared to protect their organizations and recover quickly in the event of an incident.
Working with industry peers who know your industry and business model gives you access to a source of valuable information that can be applied to your organization.
Working with your vendors allows them to continue to deliver innovation that helps protect your organization.
Collaboration also presents a united front to attackers, so they are less able to hit adjacent companies with the same tactics, no matter how cleverly produced.
Recommendations for Security Leaders
Forming immediate security alliances may not be an easy task, but it may be easier and more beneficial than you think.
Look at some of your competitors and be open to working with them. A popular way to find these people is through industry associations. Instead of seeing them as your competition, see security personnel in your same industry, sector, and market as invaluable allies in keeping your organization safe and able to survive to stay in the game another day.
Work with vendors that have experience in protecting organizations in your industry. Chances are, they’ve worked with organizations just like yours and can bring invaluable expertise to the table.
When possible, work with law enforcement. This collaboration can be one of the best as they have access to protected government resources that can help in times of investigation and even attack.
Look for opportunities to automate operations and be open to working with third parties. This type of collaboration is some of the best as you now have access to experts beyond the scope of your company who work with other organizations like yours daily and can bring a wealth of knowledge and perspective.
Engage with your supply chain. They can tell you the attacks they are facing and the ones that may be coming for you next. You can also pool your resources to stop exploits downstream and prevent those future attacks from ever happening.
Develop these relationships now and they will pay off even more as time goes on. When the cybersecurity community is not limited by company or competitor boundaries, we can make a safer environment for everyone to thrive.
