Why This Cybersecurity Expert Wants You to Rethink What You Keep Secret
The fewer secrets you have, the fewer you'll need to protect.
Want to protect what you've built? Then you'll need to work differently, according to Melanie Rieback.
This CEO of Radically Open Security, one of the world's first cybersecurity consultancy nonprofits, says that while hacks are inevitable, it's up to companies to navigate that risk -- not try to eliminate it.
In a talk at Oslo Innovation Week, she shared three principles that can help companies find the solutions that work for them and their industries. These ideas, she says, will shape the mindset anyone will need to better approach modern cybersecurity.
1. Work with your rivals.The dark web works together -- so why doesn't everybody else? As Riebeck points out, the dark web is a hotbed of collaboration -- even offering support desks for those who've purchased malware kits. To survive, companies, too, will need to collaborate in a way they've never done before.
"You have no competitors, only organizations that face similar threats," says Riebeck. "You have far more to gain by helping each other."
She points out that banks have recognized the need to create an open dialogue with their rivals, sharing things like firewall rules – and other industries must think the same way. The way we have approached competitors in the past has become less relevant, she says.
2. Rethink your secrets.Once you rethink how you work with your rivals, you can rethink what is and isn't a trade secret, helping you better control what you protect. A lot of people think you have to be completely secretive to be secure, says Riebeck, but it's actually completely the opposite.
"The more you are open, the more you present to the world, the more intellectual property you keep and the less you give away, the less you have to fear and the smaller your attack surface becomes," she says.
3. Stop trying to 'buy' peace of mind.To beef up their security efforts, most companies will do what they're most comfortable with: hiring a vendor or purchasing some product. However, as Riebeck points out, those moves won't prevent an attack since vendors and products like firewalls and intrusion detection boxes are only as good as their maker -- and the information those makers have available.
"Ultimately, every proprietary solution makes you dependent on some vendor to essentially customize [a solution] for you and all its improvements," she says.
Instead, Riebeck stresses the importance of open-source solutions and industry initiatives -- including some that already exist -- which share "indicators of compromise" like subject lines or fingerprints of files that might be malicious.
"If you can then take that threat intelligence, and share it with one another, then everyone can detect it and monitor for it. Or block it." Says Riebeck. "Everyone becomes better by working together."
Entrepreneur Editors' Picks
How an Encounter With the 'Armpit of Destiny' Helped the Founder of Grubhub Take His Business From His Apartment to a $2 Billion IPO
You Can Train Your Brain to React to Stressful Situations Better. Here's the 3-Step Process.
A Disastrous Valentine's Day Inspired This Founder to Launch Her Own Floral Brand. It Became a Celebrity Magnet With Retail Revenue Up 450% Since 2019.
What Is Your Dream Job? Ask Yourself These 4 Questions to Find Out.
This Is the Crazy Process This Juice Franchise Went Through to Get USDA-Certified Organic. But It Sure Has Paid Off.
No One Would Rent Me a Café in Trendy NYC Neighborhoods, So I Tried Something Risky. Now I Have 3 Coffee Shops.