Cybersecurity

Why This Cybersecurity Expert Wants You to Rethink What You Keep Secret

The fewer secrets you have, the fewer you'll need to protect.
Why This Cybersecurity Expert Wants You to Rethink What You Keep Secret
Image credit: Oslo Innovation Week
Entrepreneur Staff
3 min read

Want to protect what you’ve built? Then you’ll need to work differently, according to Melanie Rieback.

This CEO of Radically Open Security, one of the world’s first cybersecurity consultancy nonprofits, says that while hacks are inevitable, it’s up to companies to navigate that risk -- not try to eliminate it.

In a talk at Oslo Innovation Week, she shared three principles that can help companies find the solutions that work for them and their industries. These ideas, she says, will shape the mindset anyone will need to better approach modern cybersecurity.

Related: There’s a Scary Reason You’ll Start Taking Digital Privacy Seriously

1.  Work with your rivals.

The dark web works together -- so why doesn’t everybody else? As Riebeck points out, the dark web is a hotbed of collaboration -- even offering support desks for those who’ve purchased malware kits. To survive, companies, too, will need to collaborate in a way they’ve never done before.

“You have no competitors, only organizations that face similar threats,” says Riebeck. “You have far more to gain by helping each other.”

She points out that banks have recognized the need to create an open dialogue with their rivals, sharing things like firewall rules – and other industries must think the same way. The way we have approached competitors in the past has become less relevant, she says.

2. Rethink your secrets.

Once you rethink how you work with your rivals, you can rethink what is and isn’t a trade secret, helping you better control what you protect. A lot of people think you have to be completely secretive to be secure, says Riebeck, but it's actually completely the opposite.

“The more you are open, the more you present to the world, the more intellectual property you keep and the less you give away, the less you have to fear and the smaller your attack surface becomes,” she says.

Related: The Worst Reported Hacks of 2017 -- So Far

3. Stop trying to 'buy' peace of mind.

To beef up their security efforts, most companies will do what they’re most comfortable with: hiring a vendor or purchasing some product. However, as Riebeck points out, those moves won’t prevent an attack since vendors and products like firewalls and intrusion detection boxes are only as good as their maker -- and the information those makers have available.  

“Ultimately, every proprietary solution makes you dependent on some vendor to essentially customize [a solution] for you and all its improvements,” she says.

Instead, Riebeck stresses the importance of open-source solutions and industry initiatives -- including some that already exist -- which share “indicators of compromise” like subject lines or fingerprints of files that might be malicious.

“If you can then take that threat intelligence, and share it with one another, then everyone can detect it and monitor for it. Or block it.” Says Riebeck. ”Everyone becomes better by working together.”

 

More from Entrepreneur

Are paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.
Get Your Quote Now

One-on-one online sessions with our experts can help you start a business, grow your business, build your brand, fundraise and more.
Book Your Session

Whether you are launching or growing a business, we have all the business tools you need to take your business to the next level, in one place.
Enroll Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.

Your Cyber-Enemy May Not Be the Person You Suspect