I have met different people in the Cybersecurity field. From the resigned ones to the more enthusiastic quest seekers who fought against the low budgets and lack of awareness for all Security matters, I have seen it all. I also met some people from the other side, the dark side of the force if you may, and I found some interesting capabilities of theirs that can be of great help for the good side of the force. The guys from the dark side of the force moved throughout the cyber world in wolf packs. They shared important information among each other and attacked their victims in teams and that brings a question in my mind, why can´t we, from the good side of the force, do the same?
This leads me to one of the biggest challenges we face currently in Cybersecurity, being able to obtain valid, coherent, and contextualized information that will place us in a less reactive position compared to where we are at now when it comes to cyber-attacks. The same way the dark side of the force guys furnish contextualized and coherent information about potential victims with each other so must we also do the same. No man is an island, and this also applies to Cybersecurity, relying only on yourself and to a specific set of technologies is leading towards disaster. Technology will bring you very high-level information that might not be fully contextualized to your own reality if furnished in bulk. The information from CTI enabled technology need to be contextualized to each single reality but that´s a hard endeavor to accomplish, specially alone. Here is where we should act as a wolf pack with several types of different people with different skills sharing in real-time contextualized information about recent and ongoing attacks and do´s and don´t in these situations. The benefit of this is, like in nature, the survival of the herd even if a few members might be lost in the way. Giving a clear message that in a specific Industry or region companies are responding together and being able to receive more contextualized information because they share information with each other will increase their overall resilience to cyber-attacks. This way the first Wolf packs can emerge and divert the Dark side wolves towards more easy targets to attack.
I have seen throughout these years the technology centric approach dwelling with cybersecurity issues that, cyclically, are completely trashed by the newest exploit available and these show up faster than you can imagine and even more dangerous than before. Have you ever wondered why? Why do exploits hit so many infrastructures at once successfully? Behind the clever idea of producing the exploit there is team effort of sharing and learning within the dark side community ways to exploit that helps them to understand where and how to hit. They form wolf packs exploring the weak spots of their prey and where who might be the most vulnerable, and they pass it on this information to others from the pack. They form in true sense wolf packs well organized and feeding each other with information vital to their success, it is clever I must admit.
The technology centric approach of the good side of the force opened gaps to be explored by the Dark side common to each other and that explains, in part, their success. I´m not advocating that technology is not good or that it shouldn´t use but it is clearly not enough, nor the effort should rely only on it. Using the trendy technology because everybody is commenting that might be good it is not guarantee for a sure miracle. In fact, the same way you might adopt a certain technology so will the guys from the Dark side explore it´s gaps and build the next exploit that will hit the largest number possible of Infrastructures throughout the World. Somebody once said to me that the CISs role is the one of the loneliest ever, and it is true, but should it be so, or can we change that? Easier said than done right?! Well, it is true in part, but it is also true that we need to change the mindset of other people not related to Cybersecurity. My first notion being in contact with Cybersecurity professionals is that they lack on few important things that bad guys excel and I´m not referring to technical skills.
Keep in mind that the better you plan and evolve all stakeholders the better:
By: