Fragile Cyber-World: Will Fragmentation Kill Cybersecurity?

Cybersecurity has reached a junction and needs to decide where it goes next. The choice we make will shape the future of our industry and the security of cyberspace for years to come, so we need to make the right one. The outcome will touch each of us - will we pay more and yet be less safe? Face higher insurance premiums and bank charges to cover the rising number of cyber-incidents?

Today we stand in the middle of a storm. Not just a geopolitical one, but a cyberpolitical one. It feels like no-one trusts anyone anymore, and suspicion and confusion reign across our fragile cyber-world. Which way do we turn?

Two roads

As in the best traditional stories, there are two roads ahead.

1. In one direction lies ‘Balkanization’: the fragmentation and isolation of an industry. Balkanization is a natural response to fear and mistrust; when we are scared we go home and lock the doors. Bur for cybersecurity, Balkanization means growing political intervention and a breakdown of international projects and cooperation. This could leave every country effectively facing global cyber-threats on their own. For consumers it could mean higher costs as businesses seek to recoup money lost to cybercrime, as well as reduced protection because competition - the engine of innovation - and choice are restricted.
2. In the other direction lies collaboration and shared intelligence. Cooperation between national police forces and cybersecurity companies and joint investigations. A united community against cyber-threats that know no borders. This open landscape fosters a vibrant, competitive cybersecurity industry that leads to better technologies and stronger protection for all.

We are not alone in calling for a return to collaboration. At the RSA conference, IBM said “Tackling the challenges of cybersecurity requires bold action that can’t be done by one company alone“, while RSA affirmed, “We need collaboration—between internal teams, but also with people outside [our own organizations]“, and the mission statement for the new Cybersecurity Tech Accord says: “We will work with each other and will establish formal and informal partnerships....to improve technical collaboration, coordinated vulnerability disclosure, and threat sharing.“

We stand with you. We believe that the evolving landscape makes isolation and fragmentation of cybersecurity not just a bad idea, but possibly a fatal one.

The evolving cyber-threat landscape

Online threats are increasing in sophistication and severity. We currently track more than 100 major threat actors, most of which are spy groups with vast arsenals of tools and techniques designed to gather intelligence. Our colleagues in other security companies do the same. We research and fight dozens of targeted attacks speaking many different languages, English, Russian, Korean, Chinese, Spanish, Italian, Arabic, and more.

These threats don’t just target government organisations and infrastructure, but their supply chains, other organizations and even individuals. Some victims are targeted directly, others are collateral damage.

Nations naturally want to protect their citizens, businesses and increasingly connected infrastructure and industries from these threats. And the easiest way to do that is by shutting the door. The easiest, the simplest and the least effective.

The impact of a shut down

The trend of ‘closing doors’ is very real: our industry faces being broken up into units separated by geopolitical and regulatory barriers. State regulation is on the rise, creating additional barriers for companies like ours, making it harder, or even impossible to protect citizens and business, no matter how much we want to.

In the last few years, stringent new requirements have been introduced in the European Union, the UK, the U.S., Russia, Germany, Singapore and China, among others. Strict regulation can lead to protectionism, making it more difficult for companies to operate in other countries.

It also leads to...

The arming of cyberspace

Over 30 countries have announced that they have military cyber-divisions, and the actual figure is probably higher. Cyberspace is being militarized at a terrifying speed. What does that mean for us?

Apart from the usual disadvantages of militarization, such as higher taxes and greater uncertainty there is one more: sooner or later, cyber-weapons end up in the hands of the bad guys. It’s hard to steal and launch a missile, but the opposite applies with cyber-weapons. Look no further than the malicious tool, EternalBlue.  Allegedly created by a nation-state to take advantage of an unpublished software vulnerability, EternalBlue was revealed online in April 2017. The tool was almost immediately seized upon by other attackers. It was integrated into the notorious WannaCry ransomware one month later and went on to become the most used ‘exploit’ of 2017. There are other similar examples.

What now?

Cybersecurity companies need and want to collaborate. To state the obvious: there are no borders online, so it’s hardly surprising that cyber-threats are borderless too. Fragmentation disrupts our combined ability to fight back against this.

We can’t turn the clock back, but I am fairly optimistic. Yes, the online world has grown dark in places, but we and others like us have the power to turn the lights on: to become more transparent and give people proof that they can trust our industry.

Choosing ‘the road less travelled’

This is a journey we believe every cybersecurity company will need to make. We’ve started already: through our Global Transparency Initiative we are making our code available for independent review, adapting how we create products, software updates and threat detection rules, and amending how and where we process data from our many users around the world. Along with other cybersecurity colleagues, we will continue to push for open collaboration and open doors. Saving the cyber-world one change at a time.