Though Metcalfe’s law hinted that the value of a network increases exponentially as the number of systems connected to it increases, we can also assume that information has exponentially greater value when the network that can tap into it grows. That is the very principle upon which Social Networks are eclipsing traditional media for the latest news and gossip, Google has replaced the white pages and yellow pages and Wikipedia has become the “go to” place for information, rendering that collection of Encylopedia Britannica volumes a dust gathering, shelf filler. Society has created and shared so much information in recent times that we are literally drowning in it, yet, despite being a commodity that is seemingly anywhere and everywhere, information is one of our most valuable assets.
Naturally, some information should not be shared, but for information which could benefit numerous others, sharing helps to increase its value. Collaboration is starting to replace competition. Not everyone is of that same opinion, however. Some organizations are still stuck in a 20th century mindset of keeping information close to their chests. These Neanderthal organizations that fail to embrace the 21st century will find that the information they guard so fervently in their self-made silos will decrease in value unless they learn to share.
Here are three great examples of how information sharing in the field of information security can provide enormous upside:
When speaking to security professionals in one of the top global banks they told me that their team had purchased a SIEM and it would be used for analysing firewall and intrusion prevention log data. That’s a good place to start. When I suggested that they also open it up to the server team they told me that the server team would have to fund their own SIEM. I shook my head in disbelief, but still decided to proceed and suggested that they also allow HR data to be added so that they can determine whether user accounts associated with former employees, that should have been deactivated, were being used. They looked at me as if I were a raving lunatic. I know that SIEM can get costly as more data is added to it, however, the key is to explore combining data from lots of different sources until you find the combinations which produce the most valuable insights, and to then filter out any data that fails to produce value. Sharing your data with other departments may just be all it takes to solve a difficult challenge, which when analysed in isolation by a single departmental silo was deemed unsolvable.
Security professionals in every organization I have dealt with seem to be burnt out from the workload and angered by the lack of respect that less tech savvy users in their organizations have for what they do. “They keep clicking on links in obvious phishing emails”, “They keep going to web sites with malware”, “They create lots of work for us”. Wrapped up in their own silos and own frustrations, security teams often fail to realize that they are in fact harboring lots of information that, if shared with users, could make life easier. Many security professionals fear that giving away information can make them redundant. Holding information close to your chest does not guarantee you a job; in fact it does the opposite. Some users are willing to learn, if only they were given a chance and given information they can consume. Others, less willing right now, will eventually follow. Developing a security culture involves sharing the right information and will allow the user community to help protect the organization. Now doesn’t that make a lot more sense: turning the mistaken enemy of internal users into allies to fight the real enemy – cyber criminals?
So far we have looked at sharing information internally, but is it possible to share information externally and reap benefits in cyber security? Absolutely. Every organization is part of an ecosystem of customers and suppliers. All it takes is one weakness in either of those entities and an organization’s security is at risk. Sharing security information with these entities helps strengthen the defences in the ecosystem. Banks do a good job of this. As a customer of several banks, I often receive email tips explaining how to protect my credit card details or my online bank account details. In addition, as we create more data we are, in essence, developing our own intelligence every time we store, manipulate and analyse data. Now it makes sense to share that data internally, but some of it could be sanitized and made available to other entities. Let’s turn the tables. If a similar sized organization to yours just fought off a malware attack, wouldn’t some information about how they triumphed be valuable to you? If an organization in the same vertical as yours experienced an attack on their production systems, which are similar to yours, wouldn’t it be valuable to know how the attack penetrated that organization? So why not be brave, step outside of the silo, and see what information you can share.
Back in the agricultural revolution silos had a use. Now, in the information revolution, information is the real currency and silos are detrimental to an organization’s ability to maintain value. It’s time to break down those silos and discover the increased value from sharing information within other departments in the organization and beyond those walls to a wider external audience. Remember, silos are for grain; not humans.
About the author
Andrew Bycroft, Director of The Security Artist, is a cyber security visionary with 20 years of experience using forward thinking risk based strategies to help organizations in the Asia Pacific region solve those “unsolvable” cyber security challenges. Learn more at www.thesecurityartist.com
