Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

// // //
10:00 AM
Connect Directly
E-Mail vvv

Clear & Present Danger: Data Hoarding Undermines Better Security

Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.

As one of his first actions, President Joe Biden hired a team of cybersecurity experts to help the US defend against cybersecurity threats.

Experts are one approach to defense, but there might be a simpler answer: End-user organizations need to share their data to keep themselves, and their customers, safer.

Data is critical to defending against cybercrime and can be used to identify new forms of malware as they spread across the Internet. Data about people's usual behavior — where they typically log in from, whether they usually sign in on their phone or from a computer — can be used to protect user accounts.

Related Content:

Strengthening Secure Information Sharing Through Technology & Standards

Special Report: How Data Breaches Affect the Enterprise

New From The Edge: What You Need to Know -- or Remember -- About Web Shells

Yet cybercrime data has long been hoarded by security vendors that feel their competitive advantage relies on their ability to protect themselves and their users better than their competitors.

This data hoarding leaves users at risk.

Companies like Facebook, Google, Microsoft, Disney, and Twitter use their data to identify when a login from your account seems suspicious and alert you to protect your account. It is common to receive an email from one of these entities warning, "Someone suspicious is trying to log in to your account. Is this you?"

Yet few of us receive comparable emails from the small business through which we buy children's toys, play games, or handle our personal finances. That's because these smaller companies don't have enough data to know which of their customers' logins are suspicious and which are not.

Large tech companies with billions of users can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an emerging attack.

Companies sharing cybersecurity data — for example, typical user behavior patterns that can be used to identify suspicious logins — is one way to solve this problem.  

Sharing cybersecurity data is one way to solve this problem. This data can be attack reports, for example, what code a company used to defend against an attack, or a dataset of typical user behavior patterns, such as how often they mistype their passwords.

Some initiatives have tried to get companies to share cybersecurity data so that companies of every size can protect themselves and their users.

For instance, Facebook (disclosure, a company I've consulted for) runs the ThreatExchange program, which allows companies to conveniently and easily share threat data about malware and distributed denial-of-service attacks against their corporate infrastructure, among other kinds of information.

Even new cybersecurity laws have focused on data sharing aimed at corporate-wide threats. The Cybersecurity Information Sharing Act (CISA) was signed into law in 2015 to protect private companies from liability when sharing information about cybersecurity threats — and defenses against them — with the government. 

While a step in the right direction, these initiatives tend to focus on large-scale attacks against a company — hacks like SolarWinds — not attacks against individual users, like when someone tries to log in to a personal account by guessing the password.

Even though there is overlap between the users of big companies' services and the customers of small businesses, the big companies aren't sharing their data. As a result, customers who use smaller businesses are left to fend for themselves.

A few companies are trying to change that. Deduce (disclosure, another company I've consulted for) created a data collective through which companies can share information about user's security-related behavior and logins.

In exchange for sharing data with the platform, companies get access to Deduce's repository of identity data from over 150,000 websites. They can use this shared data to better detect suspicious activity and alert their users, just like Microsoft and Google do using their own data.

In a different approach to helping businesses identify suspicious users, LexisNexis created unique identifiers for their clients' customers. Using these identifiers, their clients can share trust scores that indicate if a particular user is suspicious. If a suspicious user attempts to log in to a website, the site can block that user to keep themselves and their legitimate users safer.

This is a good start. The lack of cybersecurity data means that security experts lack confidence in their ability to protect Internet users, and even Caleb Barlow, IBM's former vice president of security, says the industry needs to change. More data is needed, and it needs to be shared.

For cybersecurity data sharing initiatives to succeed, we need to shift our mindset. End-user facing companies, both small and large, already share advertising data with each other, because they realize the value of shared data to generate insight into their customer's preferences is greater than the value of keeping the insights from their customer's data to themselves. We need to view cybersecurity data like advertising data: more valuable shared than hoarded.

Clear empirical evidence on the value of cybersecurity data sharing may be able to convince a majority of companies to share their data. Evidence might include measured increases in the number of threats detected using shared data or increases in brand sentiment from security features built using shared data.

While some of this evidence already exists — for example, my research shows significant increases in brand trust when users receive login notifications — more is needed to inspire a paradigm shift in our collective attitude toward cybersecurity data sharing. Perhaps then 2021 will be year without a repeat of the level of cybercrimes seen in 2020.

Dr. Elissa M. Redmiles is a faculty member and research group leader of the Safety & Society group at the Max Planck Institute for Software Systems. She is also the CEO of Human Computing Associates, a research consulting firm, and has served as a consultant and researcher at ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file