Threat actors are getting smarter.
The old Hollywood notion of a hoodie-wearing hacker in a dark basement no longer applies. Today’s cybercriminals are both sophisticated and well-organized. Rather than working alone, they frequently operate collectively, aping many of the business methods and strategies employed by their targets in the process.
Is there still competition amongst threat actors? Most certainly. In any criminal enterprise, rivalry is inevitable. At the same time, commercial actors are increasingly working together, giving themselves yet one more advantage in a game that’s already heavily rigged in their favor.
Think about it. Security teams face an endless tide of attacks and attackers, having to tirelessly fend off each and every one. On the other hand, threat actors can choose victims at their leisure—and they only need a single mistake to gain a foothold.
Sometimes that’s a supply chain partner with a poor security posture. Occasionally it’s a careless employee who’s all too quick to download email attachments. Or maybe, as was the case with Solarwinds, the attacker is simply sophisticated enough to poison a software update for thousands of businesses.
Regardless, in the ongoing war against cybercrime, threat actors have every advantage one can call to mind—and businesses have virtually none.
Granted, many security professionals are entirely aware of this fact. Many security vendors now feature the concept of collaboration prominently in their promotional materials, and incidents like Russia’s invasion of Ukraine have resulted in almost unilateral cooperation between multiple agencies. But it’s not enough.
Where cybersecurity is concerned, businesses need to set aside their pride and put their notions of competition to rest. The competitive advantage one gains from being more secure than one’s competitors pale in comparison to the benefits of openly sharing and collaborating on threat intelligence. Perhaps the best recent example of this can be found in Microsoft’s reaction to being targeted by the Lapsus$ hacking group in March.
Rather than remaining tight-lipped as some of Lapsus$’s other victims chose to do, Microsoft acknowledged the attack immediately after it happened. More importantly, the company proceeded to publish a comprehensive breakdown of the group’s tactics and techniques. In so doing, it showed precisely how we need to start treating data breaches and cyber incidents.
Instead of trying to downplay their severity or keep threat intelligence under wraps, businesses must be willing to openly share that data with one another. They must shift their mindset and accept that in the context of cybersecurity, pre-existing relationships between organizations are irrelevant. When it comes to threat actors, we’re all on the same side.
For your part, there are a few steps you can take to adopt this approach within your own organization:
- Promote the idea that security is no longer the sole domain of your IT department, but instead an organization-wide pursuit in which everyone has a stake. Also, check out our post on best practices that can be learned from the SECs best practices
- Join an industry-specific security group if one exists.
- Participate in open-sources security projects, contributing your knowledge and expertise where possible.
- Be the first one to reach out to your competitors and rivals—you don’t need to share trade secrets or intellectual property to work together.