Why Interoperability and Openness Are the Keys to an Effective Cyber Response
More effective cyber response with interoperability and openness.
For many cybersecurity teams, preparation is easy to recommend but poses considerable challenges. Building a cyber response program with openness and interoperability at its core will ensure companies have the time and resources to prepare adequately.
Imagine a coastal city that has strengthened its building codes and reinforced the seawalls along its shoreline. While this city may not be able to avoid a natural disaster, it is better positioned to mitigate further impacts as it has prepared ahead of time to help minimize the damage. Likewise, if an enterprise fails to prepare for the latest cyber threats fully, the level of destruction could be potentially brand-damaging or, worse, business-ending.
The risk presented by cyberattacks should be an area of concern for enterprises of any size. For the first half of 2021, the FBI’s Internet Crime Complaint Center (IC3) received 2,084 ransomware complaints with over $16.8M in losses, a 62 percent increase in reporting and a 20 percent increase in reported losses compared to the same time frame in 2020.
In September 2022, the Department of Justice released a memo on a trio of foreign hackers who managed to use ransomware to compromise, encrypt, or extort hundreds of victims, ranging from an accounting firm based in Illinois, a regional electric utility company based in Mississippi; a public housing corporation in the State of Washington; a domestic violence shelter in Pennsylvania; a County government in Wyoming; and a construction company located in the State of Washington, amongst others.
This is just a small window into the active threat landscape that today’s enterprises must navigate.
The Roadblocks that Make Preparation Challenging
Alarming as some of these trends may be, they are not cause for panic – but they are cause for preparation. For many enterprise cybersecurity teams, preparation is easy to recommend, but in reality, poses considerable challenges.
These challenges come in many forms. For instance, at any point in time, a cybersecurity expert is expected to work with a huge array of different pieces of software just to carry out their daily work.
(How many applications exactly? A recent Gartner survey found that 78% of CISOs have 16 or more security products in their environment. 12% of survey respondents said they have a jaw-dropping 46 or more tools in their cybersecurity vendor portfolio.)
On top of this, security professionals must manage the massive explosion of human and machine identities across the enterprise that require validation since they are foundational to establishing digital trust.
To make things all the jollier, on any given day, a security professional might be consumed with putting out the daily “fires” that pop up in IT environments while simultaneously ensuring all employees fully understand and are in compliance with the security practices of the business. With so much already a “priority,” these hard-working, time-poor experts could be forgiven for not fully preparing.
However, a step-change occurs in the cybersecurity industry that recognizes these practices are not sustainable. Building a cyber response program with openness and interoperability at its core will ensure companies have the time and resources to prepare for eventual cyberattacks adequately – but what does this look like in practice?
See More: The State of Cybersecurity: Trends and Actions To Take
Prioritizing Interoperability and Openness
The qualities of interoperability and openness are unsung heroes of the digital era, which is to say: while people may not give these qualities a second thought, they’re extremely important. What does interoperability look like, and what benefits does it deliver? The Bluetooth standard, for example, is interoperable with an incredibly wide range of devices so that end users don’t have to download dozens of different proprietary short-range wireless technologies to send files and content to and from their phones, their cars, their smart TVs, their speakers, and myriad other devices.
Today’s enterprises should aspire to a similar level of interoperability and openness in their security stack if they hope to adequately strengthen their security posture and gain the necessary resilience to defend against ongoing and increasingly sophisticated cyberattacks.
Gone are the days of rolling out swathes of proprietary software – this approach just isn’t going to work in complex IT environments that may be a hybrid of on-premises and cloud technology, to say nothing of the multiple different security applications and systems that are in use.
The number of security products in the stack is not fixed in stone, of course. An enterprise may have an ongoing security audit conducted every six months that identifies new threats or reveals some new weaknesses that need to be addressed – and voilà, a couple new security products get added to the stack to enable a timely audit.
If some of those security products have proprietary agents that don’t interoperate with other security products and wind up creating walled gardens, security analysts suddenly find themselves spending their time installing and uninstalling different pieces and trying to get everything to “play nicely” together rather than focusing on and preparing for cyber threats.
Needless to say, that is not an effective security posture for any organization that bad actors are actively targeting via ransomware, spear phishing, and other types of cyberattacks.
The bottom line? SIEM (security information and event management) should be open and interoperable. The CLM (Certificate Lifecycle Management) platform that manages digital certificates should be open and interoperable. Antivirus, threat detection, firewall, and data backup products should all be open and interoperable.
In other words, an entire security stack should be based on openness and interoperability as much as possible. This means having RESTful APIs that developers can easily hook into and develop custom functionality around; it means providing support for emerging industry standards, and it means that competing solutions should be able to work with each other rather than throwing up roadblocks easily.
The more these different pieces work together – the more a collaborative ecosystem exists – the easier it is for organizations not just to maintain a strong security posture but quickly respond to any incidents.
No Need to Panic
Preparation – not panic – should be the name of the game for companies as they navigate the threats posed by cyberattacks. As part of that preparation, enterprises should make sure they’re using technology that leverages open standards and is interoperable with other technologies in their cybersecurity stack. Without that openness, organizations are simply adding to their overall security burden – and lessening the chances they’ll be genuinely ready when disaster strikes.
How are you boosting the interoperability of your cybersecurity stack? Share with us on Facebook, Twitter, and LinkedIn.
MORE ON CYBERSECURITY:
- Behind the “Spooky” Scenes of Cyber Teams
- Creating a Human-Centered Cyber Strategy
- A Big Threat for SMBs: Why Cybersecurity is Everyone’s Responsibility
Image Source: Shutterstock
