As the nature of security threats — both physical and cyber — continue to evolve, so have the strategies companies are using to combat the sophisticated nature of these criminal activities.
One of those strategies is the idea of “crowdsourcing” security efforts, which involves security executives sharing the responsibility of protecting the business’ information, physical assets and other property with others within the organization.
For some enterprises, making security a true team effort through threat information sharing and other collaborative efforts has enabled better opportunities to stop attacks while also minimizing damage, CSOonline.com reported.
Over the past four years, payroll services provider Automatic Data Processing (ADP) has continued to use shared intelligence programs as part of its cyber defense efforts.
“We have dedicated full-time staff that manage our technology infrastructure that automates feed-based programs and utilizes context management technologies for automation of data infusion into our security intelligence data warehouse,” ADP’s Chief Security Officer Roland Cloutier told CSO.
“The information we collect is consumed by analysts, engineers, investigators and technologies that infuse the data into automation threat management technologies, monitoring platforms, fraud prevention technology and incident handling workflow.”
Cloutier said the programs include informally sharing information with other organizations as well as formalized commercial and collective data sharing. This shared information spans the areas of cyber defense, fraud defense and public safety.
To adjust to changing threats and various operational needs, ADP ensures its providers and partnerships are constantly updated. Internally, ADP has integrated “security feeds” into its global employee social media platform, allowing employees to contribute from a data push perspective via multiple platforms.
Recently, ADP established reporting capabilities within its business workflow platforms as well, which provides employees with a way to report security issues while already working in the main applications they use day-to-day.
“The results have been tremendous and have enabled us to be more effective and efficient,” Cloutier explained. “For instance, through specific intelligence operations, we can see an on-the-horizon event that is happening in other industries, quickly evaluate our posture, and adjust resources to remediate the environment faster.”
As CSO reported, Johnson & Johnson is another company that stands behind security crowdsourcing.
Part of the consumer health care products provider’s crowdsourcing efforts includes an established relationship with the Healthcare and Public Health Information Sharing and Analysis Center (NH-ISAC), a public and private collaborative effort to improve the country’s critical infrastructure against physical and cyber security threats.
“Our company gathers intelligence feeds from various sources, internal and external,” Mary Chaney, director of worldwide information security at Johnson & Johnson, told CSO.
“Internally, we seek to engage physical, social media relations and other groups that are ‘listening’ for different types of information about the company but could offer insight on things that have a cybersecurity impact,” Chaney explained.
The company’s Intelligence and Trending group, which falls within its Security Operations Center, is solely focused on gathering intelligence sources and figuring out how to utilize data in a way that supports Johnson & Johnson’s security strategies.
“They also maintain the necessary business partner relationships so that we have good points of contact to feed any information we may gather that may have an impact to them,” Chaney said. “By sharing information, it is our intention to become more precise about the threat actors attacking our company, so that we are not always responding to things but able to act proactively and protect ourselves.”
Companies aren’t the only ones putting crowdsourced security to use; municipalities are joining the growing trend as well.
The city of Pittsburgh, Pennsylvania, has made significant strides in the fight against cybercriminals by fostering a unique collaboration between private companies and federal agencies, known as the National Cyber-Forensics & Training Alliance (NCFTA), which has helped to break down barriers and solve some landmark cybercrime cases.
Recently, federal agents operating out of Pittsburgh were responsible for taking down Darkode, which was said to be one of the most sophisticated cybercrime forums online.
By tapping into the information and resources of private companies, the field agents and investigators can work alongside the employees of banks and other businesses to identify cyber threats. The NCFTA collaboration, which was established in the early 2000s, has really become a win-win for both sides, especially for the private sector which has limits law enforcement does not, such as the ability to obtain court orders for prosecuting cybercrime suspects or seizing computer servers.
“We can write detections to block malware, but if we can help law enforcement arrest the people behind it, we don’t have to block it anymore,” Aaron Hackworth, an engineer at information-security firm Dell Secureworks Inc., which partners with law enforcement in Pittsburgh, explained to The Wall Street Journal earlier this month.