Cybercrime is now one of the largest illegal economies in the world, turning profits of $445 billion annually and brokering over a billion pieces of personally identifiable information (PII) each year.
While private industry has worked hard to bolster its defenses against cyber attacks, it has simultaneously been plagued by an uncoordinated and proprietary approach to threat data.
Hackers have revolutionised the way they operate, forming vast networks on the dark web to organise and share expertise. In the UK, the average cost of a data breach has risen by some 7% over the last two years to a staggering £2.37 million, and the average cost per lost or stolen record is now £104.
Cybercriminals work with a level of efficiency and productivity that rival many businesses. Research shows hackers rarely work as “lone wolves”, but have banded together in organised crime rings.
They have excelled at customer service and marketing for the malware they sell on the black market, offering things such as money-back guarantees and providing superior customer support to ensure the purchased malware is deployed properly. As a result, hacks have become incredibly sophisticated, resulting in larger payouts for the triggermen.
So what is the key to turning this tide and giving the “good guys” a chance to fight back?
The answer is in democratising the threat data that enterprises keep to themselves, opening it up, and collaborating with others across geographies and industries.
Although security professionals are continuously collecting data on cyber threats and uncovering ways to defend their territory, the private sector as a whole has been operating independently, with little to no peripheral view about what’s happening outside of their companies. The majority of organisations have been reluctant to share the information they collect, due to proprietary and sensitivity concerns.
To truly fight back, we must change this attitude, break down the barriers, and bring a behavioral shift to our notions of how data is accessed and shared.
Security vendors should be competing on their ability to deliver actionable intelligence to clients using threat data – not just on providing the data itself. The good guys are forced to rely on multiple sources of untrusted, loosely-coupled data to gain information and pinpoint a problem.
This leaves organisations to fight cybercrime individually. While this approach is ineffective, only 36% of security and IT professionals share information with industry groups, and a little more than half do not share any information at all.
However, we are starting to see a change. The private and public sectors are showing their thirst for a unified view of what’s happening around the globe in terms of emerging attacks, malicious activity and the dark web.
We’re seeing a push beyond hand-written, disorganised documents of security teams past, as they now use cloud-based tools to collaboratively collect, aggregate and share data with their peers.
To jump start this effort, IBM recently opened up its vast library of security intelligence data from more than 20 years of threat research on a new, free community called IBM X-Force Exchange. It believes that the democratisation of threat data will be central to fighting cybercrime and the industry agrees.
In just a month since launching X-Force Exchange, more than 1,000 organisations have signed up to participate. IBM hopes creating a team of experts and empowering organisations with the necessary knowledge to defend against attacks will root out hackers.
Sourced from Martin Borrett, distinguished engineer and CTO, IBM Security Europe