It’s no secret that the pandemic has increased the frequency and sophistication of cyber-attacks. And according to a recent government survey, they’re showing no signs of slowing down. Increased cross-sector collaboration has been suggested as a method of combatting the increased threat. The UK’s new self-regulatory body, the UK Cyber Security Council, and Microsoft’s new initiative, The Asia Pacific Public Sector Cyber Security Executive Council, are welcome steps in this direction. Why are these private-public partnerships so important, and can they help create more cyber-resilient organisations?
Why does collaboration matter?
Cyber-attacks do not distinguish between sectors. One of the highest profile attacks of 2020, the SolarWinds breach, exploited a flaw in the Orion security tool to target industry and government agencies alike. BitSight has estimated the financial impact of the SolarWinds attack to be approximately $90,000,000 in insured losses. Not to mention the unquantifiable effect on national security.
Sometimes, lack of collaboration can result in the need for court-ordered cybersecurity intervention, as was the case with Microsoft — legal approval was required for the government to remove compromised web shells in Microsoft Exchange servers. These kinds of actions can cause unnecessary delays and substantial losses. In some time sensitive cyber-attacks, such as medical ransomware, the consequences could be devastating.
The benefits of collaboration
Given the significant consequences of a cybersecurity breach, many organisations are calling for greater collaboration — the benefits of which include greater intelligence sharing, a cohesive response to threats and robust international infrastructure.
According to a study by the Ponemon Institute, organisations with high cyber-resilience were more likely to participate in some form of threat-sharing program (e.g., open source, commercial sources, threat intelligence platforms). Sharing intelligence allows organisations to identify likely threats in their industry and develop appropriate responses based on what similar organisations have tried. Intelligence sharing between public and private sectors is vital because of the distinct perspectives each sector has. For example, government agencies can conduct cyber espionage operations and, therefore, have insight into adversary networks. In contrast, business providers often have greater understanding of cyber-attack victims.
Increased cross-sector talk could vastly improve cybersecurity responses, and even prevent attacks before they occur. Microsoft’s new initiative, The Asia Pacific Public Sector Cyber Security Executive Council, aims to facilitate private-public partnerships, to share information and strengthen government cyber defences. The council plans to meet quarterly going forward.
Consistent threat response
Having a clear response to cybersecurity incidents helps to protect organisations against cyber threats — particularly for smaller organisations that may lack expertise and/or resources. IBM have often emphasised the importance of having an incident response process that is consistent, repeatable and measurable, and has worked with organisations across sectors to help develop resilient solutions.
However, there is still remarkable variation in the cybersecurity industry because of the lack of professional regulation. The UK Cyber Security Council plans to correct this issue, bringing private and public sectors together to create regulatory standards in cybersecurity, similar to what already exists in industries such as accounting and finance. This hope is that this will create a set of standards that improves the quality of cyber defence strategies and the efficiency of incident responses.
Many organisations operate internationally and therefore, so are the attacks. For example, while the impact of the SolarWinds attack was the most severe in the US, at least seven additional countries were impacted (including the UK, Belgium, Spain, Canada, Mexico, Israel and the UAE). However, the response from US allies was far from cohesive, and none matched the impact of the sanctions the US imposed on Russia for their suspected role in the attack.
It’s crucial that private-public partnerships are not only encouraged on a national scale, but globally. Participating in global forums, sharing intelligence and developed global frameworks will inevitably improve cyber-resilience. Finally, co-ordinated global responses may deter nation state attacks, and increase trust between co-operating countries.
Clearly, many are working hard to facilitate cross-sector collaboration. However, there is much further to go. Cybersecurity is no longer optional — protected digital environments are crucial for organisations of all kinds, so they must work together to secure a cyber-resilient future.