It'll Take a Village to Fight APTs

Sue Marquette Poremba
Slide Show

Emerging Cyber Threats for 2012

I'm sure you are familiar with the saying "it takes a village to raise a child." As I've gotten older, I've begun to realize that it takes a village to do a lot of things - or at least, you can accomplish much more when you have the village working together rather than doing things as an individual.

 

So why should cybersecurity be any different? After all, the bad guys aren't working alone, so why should organizations try to solve their security issues in isolation?

 

At the end of last year, there was some buzz in Congress about creating a National Information Sharing Organization that would serve as a clearinghouse for cyber threat information and would be shared among government agencies and private industry.

 

There was some dissension about this idea - it was coming from Congress, so how could there not be - but it obviously has some merit. The parent company of RSA, EMC, is supporting the idea of sharing information on advance persistent threats (APT). In fact, a panel of industry executives known as the Security for Business Innovation Council (SBIC) would like to see an intelligence-driven model of cybersecurity based on improved information gathering, sharing and analysis, according to Government Computer News. The article stated:

The main challenges to more effective cooperation, according to members of the Security for Business Innovation Council, are two-fold: A lack of ability to integrate and evaluate data within organizations, and a reluctance to share information between organizations, especially with government.


Sharing information on APTs might not come easily. Organizations of all types need to come on board with the idea, and government agencies have to be concerned about the information they reveal in order to avoid compromising security (ironic, isn't it?). They also need to understand that no one is immune to a cyber attack these days. As Art Coviello, RSA's executive chairman, pointed out, protection and risk intelligence is required competency for corporate survival today. And an Information Week cybersecurity prediction mentioned the inevitability of a breach as its number one security issue for 2012.

 

The SBIC is counting on the number of high-profile breaches in 2011 as leverage to get people to work together to thwart new threats. The Government Computer News article mentioned that the best way to work together is in smaller groups and personal contacts. I would agree. After all, the saying is that it takes a village, which is small and communal, as opposed to it taking a major city. If we can bring smaller, like-minded groups together to share the risks in their industry, improved cybersecurity will surely span out from there.



Add Comment      Leave a comment on this blog post
Jan 24, 2012 6:10 AM dante dante  says:

More effective results sometimes are achieved by small, informal collaborations in which information is shared through personal contacts and back channels. They do not provide the kind of global situational awareness needed for more complete security.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.