In a previous post, we shared some results from a new IronNet survey of more than 200 US security IT decision makers from industries including technology, telecoms, retail, financial services, government, media, utilities and many other sectors (download the white paper and the complete survey here).
As we argued in that post, cybersecurity executives are struggling against a growing threat of collective offense — criminals sharing expertise, tools and troves from previous breaches. That makes the mandate for better collective defense among the key priorities to win at cybersecurity. Let’s take a closer at that and a few other priorities our survey uncovered:
A Learning Curve on Collective Defense
Our survey found that, despite most IT decision makers’ reported confidence that their cybersecurity capabilities are advanced and in better shape than others in their industry (55%), they nonetheless experienced an average of 4 attacks on their organization over a 12 month period, with 20% of respondents being hit 6 or more times. Part of the problem is that many of the “collective defense” measures organizations deploy are inadequate.
The notion of collective defense is certainly nothing new. Indeed, the vast majority (94%) of respondents’ organizations currently subscribe to or invest in some form of collective defense — including threat sharing of IPs, file hashes, domains and other signature-based indicators. However, the continued high incidence of successful attacks lays bare the fact that most collective defense strategies in use today simply aren’t achieving the cybersecurity objectives they were designed for.
Traditional collective defense measures typically focus on the sharing of indicators for extant threats and cannot detect variations of similar attacks or unknown attacks where no indicators exist. This means insights from after-the-fact forensics or patches are of limited use. They’re essentially snapshots and Band Aids covering yesterday’s attacks, and which don’t fully protect you from tomorrow’s threats.
Thankfully, organizations are increasingly grasping the need for better threat information sharing. Half of decision makers surveyed noted that their threat sharing tool could be improved upon, and 46% identified a need for enhanced sharing of cyber attacker tools, tactics and procedures (TTPs) and faster sharing of raw intelligence at network speed.
Tips for Stronger Collective Defense, and a More Proactive Approach Overall
More generally, our survey clarified some actionable insights or takeaways that cybersecurity practitioners can use to be more proactive and effective overall in their approach to cybersecurity:
As we mentioned, there’s a trove of other insights and context from the IronNet survey. But even this cursory look at some of the findings shows that organizations need to get more strategic and collaborative to create better collective defense — proactively and in real time — against an adversary community that, itself, is collaborating more fully and dangerously around a collective offense.