Open information is the key to improving cybersecurity

The internet was built around the idea of being connected. Information could be sent from anywhere in the world to anybody, across countries and time zones. Now all organisations rely on this very same concept to keep it a safe space for everybody to use.

That’s because cyberattacks are rarely aimed at any single target. When they occur, early warnings and expert advice – whether from government, suppliers or your peers in similar organisations – can be the difference between a high-profile data breach and dodging the bullet. That’s why greater collaboration is such a powerful defence strategy.

For much of the internet’s history, organisations attempted to isolate themselves in order to protect sensitive data with security tools like firewalls at the edge of the network. In today’s mobile and cloud-based world, it’s no longer feasible to lock the gates and try to keep everybody out. To all intents and purposes, the edge of the network no longer exists.

Among outsiders there’s a perception that government and business don’t share cyber information. That security intelligence is kept as a fiercely guarded secret, giving one organisation the upper hand over others. But security is not a zero-sum game and there’s strength in numbers when it comes to defending against cyberattacks.

Microsoft recently brought CISOs from leading Australia businesses and government departments together for a roundtable discussion of cybersecurity issues. One of the key findings was that collaboration is happening but needs to be stepped up.

While the information security chiefs of Australia’s largest companies and major government departments are in regular contact, business would like better access to threat intelligence. That’s why the security community eagerly anticipates the opening of a new Australian Cyber Security Centre (ACSC) facility in mid-2018.

As Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, says: “The Australian Government recognises that cybersecurity is not a job that government can do alone. Technology connects us all and provides us with unheralded opportunities for innovation and profit, but it also unites us in a shared vulnerability.”

The relocation of the ACSC from the very strictly controlled ASIO building to a new site at Brindabella Business Park in Canberra provides a dedicated space for the private and public sector – including business and government leaders, international industry experts and academia – to close the knowledge gap and develop best practices.

Microsoft is working closely with federal, state and local government to help strengthen defences. We applaud Intermedium’s Government Cyber Security Readiness Indicator for shining a light on a topic of critical importance.

Beyond our borders

This drive for greater collaboration shouldn’t stop at the edge of our national borders. As a global community, there’s far more that can be done to improve shared knowledge around cyber threats.

The Financial Services Information Sharing and Analysis Centre (FS-ISAC), a global collaboration forum focused on critical security threats facing financial services, is widely regarded in security circles as one of the world’s best intelligence sharing bodies. It was created out of a US government mandate for greater cybersecurity collaboration and has the ability to share threat intelligence around the world.

This is significant because cyberattacks are global in nature. They spread quickly across continents, impacting businesses regardless of size or industry and public infrastructure including transport systems and hospitals. The random nature of where impact is felt was very clearly demonstrated by the WannaCry and NotPetya ransomware attacks.

Being able to lean on a global intelligence systems to identify threats, stopping them before they can do damage or understanding how to get systems back online, is incredibly powerful. This FS-ISAC framework could and should be applied to other industries. Imagine a global security forum sharing knowledge across the telecommunications or utilities industries.

While FS-ISAC was spawned from a government directive, its success has been in bridging different companies together. This sets a great example for other private sector companies to build stronger links and better protect sensitive data. Knowledge sharing is our best defence.

This is also true at a government level. New data protection laws – like Europe’s General Data Protection Regulation and Australia’s mandatory breach disclosure legislation – take very different approaches. Large organisations with global operations would welcome some consistency.

The opportunity is here. No single company or government agency has all of the skills and resources needed to navigate the modern cyber threat landscape alone. Our global economy needs a free and secure internet. A community of vested, dedicated individuals, working together to make this a reality, is putting our best foot forward.

Download our industry report now for in-depth analysis of how to navigate the new cybersecurity threat landscape.