Why the cybersec lone wolf myth needs changing

For generations, computing experts have had a reputation as being somewhat socially awkward, which tends to result in them preferring the company of their computer to other human beings (in the flesh at least).  

While such caricatures are pervasive, what is the reality of cybersecurity in our organizations?  Is there a best approach to ensure cybersecurity is deployed successfully? As the remainder of this article will show, there are times when solitary work is ideal, and times when a more cooperative approach is crucial. The evidence for a solitary approach comes via a study undertaken by the U.S. Army Research Laboratory, which explored how often the best performing cybersecurity teams actually interacted with one another.

The focus of the research was the Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC), which is an annual competition, now in its 14th year, which aims to test the cybersecurity skills of college and university students in a lifelike war game style competition.  Each of the teams in the competition was scored across four key performance measures as they attempted to defend their networks from an array of attacks that were designed to replicate those experienced in the real world on critical infrastructure.

Not only were teams required to maintain networked services, but they were also graded on their ability to respond to events as they unfolded during the competition, as well as to particular tasks that were assigned to them from a ‘CEO’ figure.  Last, but not least, they were tasked with filing incident reports on the various attacks to the relevant authorities.

As well as rating teams across these four metrics, each participant was also required to wear Sociometric Badges, with each lanyard tracking the interactions had between team members.  The researchers also assessed various leadership-related areas, such as the distribution of tasks and communication style via a questionnaire that was distributed to each individual at the end of the competition.

Clearly defined roles

So what features characterized the best teams?  Across the competition, it seemed that the best teams succeeded despite (or because of) having relatively few interactions between team members.  The most successful teams also had extremely effective leadership, with each individual in the team fulfilling a clear functional role.  Far from bolstering performance, however, face-to-face interactions appeared to have an adverse effect.

The researchers believe this lack of communication was effective because they were able to function in a clear manner, with individuals all easily identifiable for both their position and the roles they had in the team.  This enabled them to work well despite doing so largely independently of each other, as their collective goals and their contributions towards them were well established.

The authors believe their findings are important because they believe most cybersecurity training today focuses largely on technical skills rather than the way people will work effectively together as a team.  The results from the MACCDC clearly show that management style and structure is vital if our cybersecurity teams are to work well together, but that extensive cooperation is not required.

The case for collaboration

A second study, this time by IT security company LogRhythm, highlights the ways in which collaboration can actually be effective.  They quizzed around 1,500 security professionals to explore their confidence in the ability of their organization to withstand cyber attacks.  The results were not particularly positive, with just 15% reporting high levels of confidence, with the researchers complaining that the numerous high profile hacks in recent years appear to have done little to encourage firms to get their act together.

It’s here that a collaborative approach could be vital, as the ongoing arms race between increasingly sophisticated hackers can render organizations vulnerable if they don’t work together.  This desire for cooperation on cybersecurity was one of the main factors behind the creation of the Charter of Trust by industrial giant Siemens.

The Charter has secured support from industry leaders ranging from Cisco and IBM to Airbus and Daimler, and the group have joined together along three core objectives:

1. Protect the data of individuals and companies
2. Prevent damage to people, companies and infrastructure
3. Create a reliable foundation on which confidence in a networked, digital world can take root and grow

One of the first areas the consortium is looking to address is the security of supply chains.  It’s an area where they believe around 60% of cyberattacks currently take place, and undermines the effectiveness and confidence in supply chains.  They’ve established shared and common standards that can be rolled out across the digital supply chain.

The consortium believes that such is the growing complexity of the digital supply chain that it's in the mutual interests of all stakeholders to work collectively on ensuring that networks remain as robust, secure and reliable as possible.

These two examples highlight perhaps the ideal combination of cooperation and solitary activity in delivering the highest quality cybersecurity.  With networked systems, it’s vital that industry works together to ensure common standards and approaches, but once that purpose is determined, a more isolated approach is often the best way of delivering at a local level.

With cybercrime estimated to cost around €500 billion per year, it’s clear that a fresh approach is needed if the figures identified by LogRhythm are to be improved upon.  Hopefully, this article will go some way towards providing the direction required to do so. It will be followed by more leadership-related pieces to help cybersecurity leaders overcome the various pitfalls lying in wait for them in the coming weeks.