Things keep getting worse on the cyber front.
From the US government to Ashley Madison, no company, organisation, or person is safe from cyber attacks.
“We have a pandemic on our hands. This is in the news every single day,” Caleb Barlow, vice president of IBM Security told Tech Insider. “And what we have to realise is this is just the tip of the iceberg.”
Despite major attacks and millions of personal records leaked, hackers still continue to stay one step ahead of the their targets because they are doing the one thing that many major companies and other institutions will not: Sharing data about attacks to help prevent them.
“Eighty per cent of what’s going on isn’t the nation state attacks, it’s organised crime,” Barlow said. “Highly organised criminal gangs that are working on a cube farm, coming into work 9 to 5 and going home on the weekends. And they are collaborating amongst each other to help each other out. It’s just like you would collaborate with other people in the industry to learn from each other and help each other out.”
And if companies have any shot against hackers, they would be wise to do the same, he added.
Companies need to begin treating cyber attacks the same way the medical industry treats global epidemics.
“If this was like the Ebola crisis, doctors and physicians collaborate very actively where they see infections determining what tools and treatments work,” Barlow said. “In order to combat the problem, the base data on things like infections rates and where things are occurring, has to be democratized. But when we get to the cure, when we get to the pharmaceutical side of the wall, we will actively compete. But that’s not how the cyber security space works at all.”
Critical cyber data about attacks and threats is held mostly by private institutions, primarily cyber security firms or commercial entities. It’s generally not shared at all and when it is shared, it’s usually outdated data making it pretty useless, he said.
To really combat cyber threats like the those against big banks and other major companies, real-time data is needed so businesses can fight those threats in real-time.
IBM, though, is trying to change this trend. Earlier this year, the company launched a platform called the X-Force Exchange, which is basically a database that shares raw cyber threat data and intelligence to anyone who wants it for free.
The database is made up of past data and real-time data. Users can actually view attacks and new strains of malware in real-time. Security firm Kaspersky has a similar tool, but charges for it.
“We are going to step forward and democratize the data,” Barlow said. “So all of our private data that was held, all 700 terabytes worth, all of these centres that we have spread out all over the Internet, all of the human intelligence that we gather at the time, we now put that out on the Internet open for free and we are challenging the rest of the security community to do the same.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.