Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more
This article was contributed by Maximilian Groth, cofounder & CEO of Decentriq.
Despite the new and increasingly sophisticated cyber threats emerging on a daily basis, most organizations still continue to rely on their own security teams to defend their networks and infrastructure in isolation. However, relying on one’s own cybersecurity data is no longer enough for an organization to effectively defend against the latest cyberthreats.
This siloed approach has contributed to the lengthy period an organization needs to identify data breaches, at an average of 191 days, let alone effectively defend against these attacks. As such, despite exploding cybersecurity spending, today’s cyber defenses are failing and no longer effective.
Fortunately, with new and emerging technologies, there are ways to improve organizations’ cybersecurity, such as with collaborative cyber defense. This entails organizations coming together to collaborate on their cybersecurity data, for example, Indicators of Compromise (IoC) data.
With the higher volume of valuable data available to each collaborating organization, all of them would be able to:
1. Better anticipate and identify future cyberattacks
With the collective insights generated, organizations can benchmark themselves against their peers on historical IOC data and cyber defense spending efficiency. Organizations can also train models on a much bigger dataset than what is available in a single organization, which would help them better anticipate future attacks.
2. Improve robustness of incident response plans
With more insights and a deeper understanding of a larger number of cyberattacks, organizations can refine and enhance their incident response plans to better cater to a wider range of threats. Organizations can also collaborate on coordinated responses to similar threats they face.
3. Reduce cybersecurity costs
As organizations work with a larger dataset and potentially coordinate their responses, they can be more efficient with their cybersecurity spending.
Why don’t organizations collaborate on cybersecurity?
While some organizations might want to collaborate on their cyber defense, cybersecurity data, such as incidents, vulnerabilities, and attacks, are usually extremely sensitive, confidential, and thus restricted in how it can be used.
Organizations are very reluctant to share these sensitive and restricted data with their partners or other companies in their industry. Organizations would only be willing to collaborate on cybersecurity data if they knew that their confidential data would not be seen by external parties, especially other organizations in their same industry.
How can organizations securely collaborate on cyber defense today?
Fortunately, there are already several ways to collaborate on cybersecurity data without revealing the data to external parties, to varying degrees.
The first is to use trusted third parties which act as intermediaries that confidentially manage and analyze data from multiple organizations, before sharing individual insights and results with the respective participants. While participating organizations are not able to see each other’s sensitive data, they are still required to share this data with a trusted third party. There still exists the potential for their data to be breached or exposed, which is not ideal for many organizations.
New technologies can solve this issue of the complete privacy of data. Secure enclave-based encryption in-use technology such as confidential computing, as well as software-based encryption techniques like secure multiparty computation (SMPC) and homomorphic encryption, are able to guarantee that the confidentiality of the data is never compromised.
SMPC and homomorphic encryption are based on advanced cryptography that ensures data always remains encrypted and that no third party is able to see the data even while performing computations on them. Confidential computing ensures that data is also encrypted during computation and analysis, while only aggregated results are generated.
Hence, collaborating organizations would not be able to see each other’s cybersecurity data, even as the overall volume of data is expanded and leads to deeper insights.
Confidential computing also guarantees that the infrastructure and cloud provider will not be able to see or access the collaborating organizations’ data. For example, if the organizations were collaborating on their cybersecurity data in a platform based on confidential computing, neither the platform provider nor the cloud provider could see their sensitive data. This would further enhance the privacy and confidentiality of cybersecurity data.
It’s time to collaborate on your cybersecurity data and fortify your cyber defenses
The availability of technologies to guarantee the privacy of sensitive data even during computation means that organizations can more easily and securely collaborate on their cybersecurity data, without fear of exposing their confidential data to external parties. With the evolving and looming threat of cyberattacks, organizations and their most sensitive and valuable data are increasingly vulnerable to data breaches. Now is the time for organizations to come together to meet the ever-evolving and growing threat of cyberattacks.
Maximilian Groth is the cofounder & CEO of Decentriq.