Main menu


Why this cybersecurity expert wants you to rethink what you keep

Why this cybersecurity expert wants you to rethink what you keep

Why this cybersecurity expert wants you to rethink what you keep

Want to protect what you build? Then, according to Melanie riebback, you need to work differently.

The CEO of Radical Open Security, one of the world's first cybersecurity consultancies, said that while hacking is inevitable, it's up to companies to address the risk, not try to eliminate it.

In a presentation at Oslo Innovation Week, she shared three principles that can help companies find solutions that work for them and their industries. These ideas will shape the mindset anyone needs to better handle modern cybersecurity, she said.

1.Cybersecurity: Work with your opponent.

The Dark Web Works Together - Why Doesn't Anyone Else? As Riebeck points out, the dark web is a breeding ground for collaboration—even a support desk for people who buy malware kits. To survive, companies also need to collaborate in unprecedented ways. "You don't have competitors, you just have organizations facing similar threats," Ribek said. "By helping each other, you have more to gain."
She noted that banks have recognised the need to have an open dialogue with competitors, sharing things like firewall rules - and other industries have to think in the same way. The way we approached our competitors in the past has become less important, she said.

2.Cybersecurity: Rethink your secrets.

Once you rethink how you work with your competitors, you can rethink what is and isn't a trade secret, helping you gain more control over what you protect. A lot of people think you have to be completely secretive to be safe, but it's actually quite the opposite, Riebeck said.
"The more open you are, the more you show the world, the more intellectual property you keep, the less you give up, the less you fear, the smaller your attack surface," she said.

3.Cybersecurity: Don't try to "buy" peace of mind.

To bolster their security efforts, most companies will do what they are most comfortable with: hire a supplier or buy some product. However, as Riebeck points out, these moves don't stop the attack because the quality of vendors and products like firewalls and intrusion detection boxes is as good as the manufacturer and the information the manufacturer provides.
"Ultimately, every proprietary solution makes you rely on certain vendors to customize [the solution] for you and all of its improvements," she said.

Instead, Riebeck emphasized the importance of open source solutions and industry initiatives, including some that already exist, that share "indicators of compromise," such as subject lines or fingerprints of potentially malicious files.

"If you can take threat intelligence and share it with each other, everyone can detect it and monitor it. Or block it," Ribek said. "Everyone gets better by working together."