Defeating hackers: Collaboration as the best defense
2011 was a banner year for security breaches, including the highly publicized Lockheed Martin, FBI, Sony Play Station Network and Citigroup breaches. Lesser-known, but collectively damaging, attacks against government agencies were also on the rise, as 2011 ushered in a measurable increase in breaches targeting all organizations.
Today’s cyber criminals are banding together -- learning from each other, devising new ways to attack our security defenses and wreaking havoc on their targets, as well as entire industries. In the last six years, we have witnessed year-over-year growth in the scope and impact of breaches. As a result, many are left wondering if the good guys stand any chance against these cyber criminals.
As the Founder and CEO of Wisegate, a private online community for senior-level IT executives, I have the privilege of working with some of IT’s best-and-brightest security professionals, with a ringside seat to the private discussions that unfold in the aftermath of these attacks.
Our members, CISOs and senior security practitioners from brand-name companies and government agencies, come together to debate these issues. One solution to this growing problem stands clear -- collaboration. If the bad guys are getting better at collaboration, so must the good guys.
In a recent Wisegate poll, 81 percent of senior info security respondents agreed that “Infosec professionals collaborating more to outsmart hackers” was the preemptive measure that would have the greatest potential to reduce the frequency and scope of hacker attacks.
I like the idea of fighting crime through collaboration, which is not a new idea. It reminds me of stories told about the Wild Wild West. After all, what’s going on with hackers today is a lot like what the ranchers of the 19th and 20th centuries faced with cattle rustlers.
As the West was settled and cattle ranching flourished, rustlers showed up, banded together and stole cattle. It was a serious problem. In order for any of the ranchers to survive, they had to join together -- even though some of them were competitors. They realized that no one rancher had enough manpower to deal with roving bands of rustlers; they needed to create a force that was greater than that of their enemy. They couldn’t go it alone.
The ranchers fought the rustlers through collaboration and it worked. The ranchers put a serious dent in the rustling. They even retrieved a lot of stolen cattle. And when the rustlers saw that stealing cattle was no longer easy, they started looking elsewhere to cause trouble.
Fast forward to today.
Cyber criminals are using significant intelligence-gathering techniques and coordinating their efforts to get information about the consumers and sensitive data the good guys are trying to secure. Jeff Bardin, who has held top secret clearances while breaking codes and ciphers, and performed Arabic language translations while serving in the U.S. Air Force and at the National Security Agency, tells us that “Cybercriminals will examine Facebook, LinkedIn, YouTube sites, anything they can think of to gather info that they can use to find ways into corporate environments to get at valuable data.” And, today data is equal to what cattle represented in the Old West -- money.
Phil Agcaoili, chief information security officer at Cox Communications, a founding member of the Cloud Security Alliance and co-chair of the FCC CSRIC Cyber Security Working Group, believes there is a strong correlation between the increase in -- and sophistication of -- security breaches and the coordination of today’s hackers. He says, “They’ve really gotten together, shared what they know, and have done a good job of joining forces to attack the defenses that our security experts are building in cyberspace.”
Agcaoili believes that senior security professionals can counter these attacks by better coordinating their own understanding of best practices for cyber security and sharing real-time intelligence on current issues and defenses.
Collaboration isn’t easy -- it takes time and motivation. I am proud to witness the sharing of information among dedicated security professionals (the cowboys of today) who are banding together, not out of mandatory obligation, but rather in solidarity to right what is wrong.
Randall Gamby, an information security officer at the Medicaid Information Service Center of New York, explains, “When top security pros are able to share experiences and join forces to outsmart cybercriminals, entire industries like government stand to benefit.”
I think Gamby is right and senior IT executives agree -- It’s time for the ranchers and cowboys of information security to band together, armed with their collective brainpower, to outsmart the bad guys.
Just like in the old days, there’s power in numbers.
Sara Gates is founder and CEO of Wisegate. She can be reached at: