Threat intelligence

Why cybersecurity is the new team sport

When IT security is like a futuristic wild west, lone gunslinging heroes have little to offer cybersecurity’s bigger picture. But history has a solution.

Share article

cybersecurity new team sport

The pace of technological change is accelerating, and we readily adopt its many advantages. But despite this massive technological change, approaches to the threats it brings have changed little.

The result is, we’re losing the battle against constant attacks and breaches. For CEOs and Chief Information Security Officers (CISOs,) history may supply an answer – not in the form of technological genius, but in the form of humanity. Our recent history and deepest past show why cybersecurity must become the new team sport.

The futuristic wild west of IT

When I started working with computers in the early 1980s, they were controlled by men with beards in woolen tank tops. They ruled from a refrigerated IT throne – refrigerated because the IT team would often share the room with servers that need to be kept cool – knowing everything that went on in their realm. If something happened that was not allowed, it was fixed and hidden from the outside world with a combination of embarrassment and corporate secrecy.

Today, we’re in more of a futuristic wild west. The business perimeter contains many more applications, devices and entry points. Specialist ‘gun slingers’ – in the form of CISOs – have the IT administrator’s security responsibilities. Each tries their best to cope with the onslaught of potential threats – anything from a nation-state attack to an employee accidentally sending data somewhere they shouldn’t.

Start-up mentality not all it’s cracked up to be

Fail fast” and “move fast and break things” are often hailed as mantras of tech start-up success. But history also shows bad people have these same mentalities. They don’t worry about due diligence or putting new ideas and technologies through rigorous testing. They try anything they think will work without considering if it will breach compliance.

Meanwhile, budget, resources and red tape often tie CISO hands. They can feel held hostage by a board that doesn’t understand the need for rapid reaction to combat the latest advance in ‘dark tech.’

We’ve seen this challenge before

Up to now, I’ve described a futile, dystopian, ‘Mad Max‘ world. But I think the battles CISOs fight today are our history, not of our future.

Companies, and those in cybersecurity, often call their critical data and intellectual property the ‘crown jewels,’ referencing the ceremonial treasures acquired by English kings and queens. Those crown jewels are protected by thick walls, with guards and few entry points – like how IT administrators guarded our data back in the 80s.

Today’s cyber ‘crown jewels’ are distributed across systems and even continents. A lone hero can no longer protect these assets. We need a team of heroes.

CISOs are inevitably ‘outgunned,’ under-resourced and underfunded in a battle against an agile and risk-indifferent enemy. So how do we ‘fight the good fight’ and win?

Again, history has answers. Early 1900s business theorist Harrington Emerson is sometimes paraphrased, “Methods are many, principles are few. Methods may change, but principles never do.” So let’s go back to first principles.

We’re stronger together

Humans first formed settlements as they started farming some 14,000 years ago. Having individuals in these settlements with different skillsets and abilities facilitated their growth.

Some of us have an aptitude for the cerebral, like designing and inventing. Others are more physical, excelling in building and protecting. Settlements developed when we used complementary skills to advance a common goal, like making a safer, more prosperous place to live.

Settlements collaborated – sometimes merging, sometimes building coalitions. And in times of crisis, while a few favored ‘everyone for themselves,’ most joined together for the greater good.

Charles Darwin said, “It is the long history of humankind (and animal kind, too) that those who learned to collaborate and improvise most effectively prevailed.” History has countless examples of international teamwork, from expeditions into unchartered territory to the allied nations of World War II, and more recent history.

COVID-19: Each taking on a little

During the recent COVID-19 pandemic, as individuals, we took precautions to keep ourselves and our families safe. But our actions of self-isolation, social distancing and complying with lockdowns knowingly served to protect society.

Some countries legally enforced these measures. In others, it was a request. Regardless, most adhered, each playing their part by taking on a little of the responsibility to keep everyone safe. Eventually, the infection rate dropped and with much help from modern medical science, the world could open up.

During the pandemic, countries teamed up, sharing information about infections – different strains, different consequences and symptoms. The data grew as individuals and teams combined findings, leading to the creation of vaccines to reduce the impact of the virus. It didn’t stop there – sharing goes on, so vaccines can be tweaked to ensure continued efficacy.

Extrapolating from this, the roadmap for cybersecurity should see the CISO as part of a team – not just within one organization, but within a global network, openly sharing intelligence and insight.

Imagine a world where, when a CISO identifies an incident, they send an update to a system that tells CISOs on every continent what to look for.

On the other side of the planet, a CISO who has seen similar adds more context. As the chain passes from CISO to CISO, value increases. Quantity and depth of data grow, like crowdsourced security.

This level of open collaboration may sound far-fetched, but intelligence agencies worldwide have shared information on threats similarly since September 11, 2001.

This operating model may be closer than we think. CISOs already attend lunches or drinks where they swap ‘war stories’ under the Chatham House rule: You may use the information, but you may not disclose its source. Cybersecurity researchers in different companies and institutions worldwide combine their findings, writing shared reports.

We already collaborate this way, instinctively reaching out for help, as we did in the days of early human settlements, but mostly we do it individually. Corporate legalities and organizational culture tend to restrict rather than encourage inter-company information exchange – it doesn’t have to be that way.

History shows collaboration naturally happens between groups with a common cause, and today is no different. By encouraging CISOs, staff and researchers to exchange knowledge and skills through a system for sharing threat information, we can nurture the communication of cooperation. We are better together, and together we can play the new team sport of cybersecurity.

Kaspersky Secure List

Free, up-to-date threat intelligence from Kaspersky researchers around the globe.

About authors

Matt White is an Author, Cybersecurity Strategist, CEO of XaaS Ltd. and a Paraclimber.