The implications of effective cybersecurity collaboration

By David Higgins, EMEA Technical Director, CyberArk
The disruption caused by COVID-19 has made organisations turn to technology, enhancing cyber security systems and work effectively as a team

The disruption caused by COVID-19 has made organisations turn to technology, enhancing cyber security systems and work effectively as a team

For years, cybersecurity was seemingly shrouded in mystery. Organisations were reluctant to show weakness, breaches weren’t revealed to avoid reducing end-user trust in services, and collaboration between those fighting against threat actors was almost non-existent. It resulted in a counter-intuitive form of status quo that made efforts to improve security more difficult, even though all these vendors were fighting the same fight.

That all changed following the disruption caused by COVID-19, which spawned the kind of cooperation we’ve never seen before. As everyone was shaken out of their comfort zone, it became clear the only viable path forward was to promote and prioritise consistent, transparent communication and teamwork across the cybersecurity community.

This teamwork was long overdue; effective collaboration is not only imperative to building resilience and protecting the people and organisations which rely on cybersecurity professionals, but isn’t as difficult as many within the industry originally thought. So as we begin to emerge from the other side of the pandemic, how can the security community ensure this collaboration continues, so they continue sharing best practice and continually improve their solutions and applications?

 

Taking a page from the open source book

The open source community is the pinnacle of collaboration, and has been for years. Software development has advanced rapidly thanks to the coming together of a diverse range of minds, experiences, and approaches. Disruptive and innovative solutions such as Docker and Kubernetes, for example – which were founded in open source – have become widely accessible to all, grounded in the notion that ‘no one can whistle a symphony; it takes a whole orchestra to play it’.

Its value and omnipresence can’t be stressed enough. A 2021 Red Hat report, for instance, discovered that 90% of IT leaders use enterprise open source today. Top use cases cited included IT infrastructure modernisation (64%), application development (54%), and digital transformation (53%), but the most revealing statistic was that 83% indicated they were more likely to select a software vendor that contributed to open source projects. This is clear evidence that a team mentality matters to those in charge.

The speed of attacker innovation is just one of the reasons security developers have become more reliant on sharing information openly. Securing applications is the first line of defence for an organisation, and disruption caused by those with malicious intent has to be cut through collaboratively to ensure this security. Developers and security experts need to discuss ideas and best practices openly, regularly seek advice and float suggestions – as is common in the open source community – if they are to build secure applications more quickly.

 

The community culture post-pandemic

A nimble and expressive community only enhances cybersecurity efforts, and must be paired with a willingness to learn from one another to give security teams the knowledge to fortify defences, especially as the threat landscape continues to shift and accelerate. Reducing our insistence on ‘proprietary’ information and removing gate-keeperism is a key part of this process, and many security teams that had embraced these behaviours prior to the COVID-19 pandemic saw their ability to respond to attacks at speed increase significantly as a result. 

That said, the onset of the virus did pose a significant challenge to these new behaviours. Culture is such a huge part of secure software engineering, and thousands of developers and security experts were deprived of the ability to quickly brainstorm and bounce ideas off colleagues when it hit. To counter its impact, many developers, engineers and security professionals moved to online collaboration, and open forums. This community-centric approach has now become the ‘new normal’, challenging and shaping the more traditional development methods the industry had become accustomed to. 

The emergence of a more collaborative environment has come with one caveat, however. The rapid and open sharing of information has led to many in the community posting their source code up for everyone to share and use. While this sharing is vital to securing applications, it’s important that no hard-coded security secrets are inadvertently uploaded or leaked in this process.

 

Final thoughts 

Serious security breaches are commonplace in the current climate, and as attackers move ever quicker, the security community needs to ensure it moves at the same speed. Cybersecurity in itself is a constant exercise in navigating the disruption caused by threat actors, and security practices therefore need to be constantly reviewed, challenged and ‘disrupted’ (this time by the good guys) to ensure they are fit for purpose. Collaboration is key to this process: the more security teams can work together and rely on each other, the more the general security posture of UK businesses will improve.

 

Share

Featured Articles

Why the UK is Listing Data Centres as Critical Cyber Assets

Being Western Europe's leader in number of Data Centres, the UK has decided to take steps to ensure they receive adequate protection from cyber threats

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

TCS partners with Google Cloud to launch a range of AI-powered cybersecurity solutions to help businesses secure their clouds against advanced threats

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cyber Security

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Hacking & Malware