What the cybersecurity community could do better in 2018

2018 is here, and it’s time to take stock and look for areas of self-improvement. That goes not just for companies looking at their own security, but also for vendors tackling the cybersecurity market in 2018. SecTor asked its team of experts what single thing they thought the cybersecurity industry could be doing better in 2018, and two related ideas came through very clearly: collaboration and holistic thinking.

People have always found strength in numbers. The more that all community members tell each other about what they’re experiencing, the less susceptible individuals are to attack. Yet one of the cybersecurity industry’s biggest challenges in the past has been sharing information between different organizations.

The challenges are legal and political. End-user organizations may be worried about sharing information on vulnerabilities and attacks with the broader community because it might open them up to legal suits from shareholders and customers, or to regulatory action. They might also worry that it gives market competitors an advantage over them by learning from their mistakes and avoiding problems that they have already experienced.

We still need more forums and mechanisms. The US government signed the Cybersecurity Information Sharing Act (CISA) into law in December 2015, but it provides mostly for one-way information sharing from the private to the public sector, and its privacy implications had some advocacy groups hopping mad.

We have some technical forms like Facebook’s ThreatExchange, and industry groups like the Canadian Cyber Threat Exchange. There are also the sector-specific Information Sharing and Analysis Centres (ISACS), which allow companies in specific industries to share cybersecurity information with each other in a safe environment.

Nevertheless, some experts believe that we need cybersecurity information to flow more frequently and freely. Toni Gidwani, director of research operations at ThreatConnect, argues that while attending a cybersecurity conference once a year is a good start, it isn’t enough. Information sharing should be embedded into the fabric of our community, she argues.

Joined-up thinking

Joined up thinking is the other big deliverable that the cybersecurity industry could give us in 2018, according to some experts. SecTor cofounder Bruce Cowper says that rather than relying on point-in-time solutions, we should adopt a more holistic approach to security in which different products operate more smoothly in concert with each other.

This raises an interesting question: should your cybersecurity technology portfolio be based on a single, integrated technology stack with products from as few vendors as possible, or should you instead opt for a ‘Frankenstack’ of best-in-breed products from a constellation of different vendors?

In real-world scenarios, much comes down to cost, and the cheapest approach will often win out. There are other considerations though, including vendor lock-in, security through diversity, and simple availability. In some scenarios, companies simply one find one vendor to do everything they want, while in others, they must shop around for several systems that combine to cover all their needs.

Interoperability is key for those taking a piecemeal approach. Ideally, product vendors will work together to exchange information between their own products using standard information exchange formats. The alternative is for customers to do it themselves, using specialized middleware or aggregating information into an SIEM or other cybersecurity analytics system. Much will depend on the customer’s own budget and expertise.

Either way, security product vendors have their own part to play. They should take a practitioner’s approach to their customers’ cybersecurity issues, says Iain Paterson, managing director of Cycura Inc. This involves looking at their customers’ challenges from end to end, rather than focusing just on the part that their products can help to solve, he warns. He would like to see vendors move away from a purely sales-driven approach. It’s time for them to think like CISOs, rather than salespeople.

Finally, Dave Millier, CEO of Uzado, warns us to focus on training our developers to create software with security in mind. Insecure development is something that keeps coming back to haunt us, and it’s high time that we trained our devs to think not just about code reuse and the user experience, but about keeping software safe from attackers.

As we move into the coming year, product vendors and customers all have a part to play. Adopting a more holistic mindset and taking a collaborative approach to security will help the community go a long way towards helping solve some of our biggest cybersecurity problems. Those have to be some new years’ resolutions worth adopting.

See SecTor’s experts offer their views on what the cybersecurity community could improve on in 2018 below.