In many ways, cybersecurity is characterized by very siloed priorities. Organizations, focused on protecting their own network perimeters, systems, and data, develop highly customized and tailored strategies. As a result, companies that at first glance appear very similar and compete in the same industry for the same customers, can have very different approaches to prevention, mitigation, and recovery.
It is true that the entire cybersecurity ecosystem is supported by a huge variety of vibrant communities where cooperation plays a fundamental role, but the idea that organizations can cooperate at a deeper level to provide “collective defense” is less common.
In cybersecurity terms, collective defence involves organisations sharing the most useful resources, information and processes to improve resilience across otherwise unconnected entities. For many people, it will be most familiar as a geopolitical and military concept – for example, NATO’s Article 5 states that an attack on one member state will be treated as an attack on all of them. This sends a clear and unifying message to potential adversaries, while significantly increasing the resources available to each individual country.
Organizations that turn to collective defense to protect their IT assets and data typically focus on sharing threat intelligence and coordinating threat response actions to counter malicious actors. Success depends on defining and implementing a collaborative cybersecurity strategy where organizations, both internally and externally, work together across sectors to defend against targeted cyber threats. If done well, it can be extremely effective.
Vice President of Collective Advocacy at Cyware.
Building momentum
But how is this playing out in the real world? There are a growing number of examples to draw on, including the joint legal action launched last year by Microsoft, Fortra LLC, and Health-ISAC. This alliance targeted actors deploying pirated versions of Cobalt Strike or those flagrantly violating Microsoft’s terms of use, particularly maliciously deploying its copyrighted APIs. As media analysis noted at the time, “This disruption will not stop cybercriminals’ operations, but it will strain their resources.” The point is that collectively, organizations are better positioned to detect, challenge, and dismantle the infrastructures that underpin cybersecurity risks.
In its latest Digital Defense Report, Microsoft also focused on the need for broader efforts to improve collective cyber resilience. For example, in the face of sophisticated cyber threats, the report notes that collaboration and a united front are vital to building a more secure digital landscape. In this context, supply chain and open source security vulnerabilities could be significantly improved through the use of collective action.
Take for example the Open Source Security Foundation (OpenSSF), a cross-industry forum dedicated to addressing new security challenges. Its role includes developing frameworks to address challenges such as improving understanding of supply chain threats and efficient strategies to mitigate them.
Other organizations are also collaborating to support collective defense, such as the Open Cybersecurity Alliance (OCA), a nonprofit coalition under the umbrella of OASIS Open. The OCA supports an open ecosystem where cybersecurity tools interoperate without the need for custom integrations, helping cyber defenders work together more effectively by reducing technical barriers to sharing.
At the government level, regulatory guidelines such as the SEC’s regulations on cyber incident reporting, the Critical Infrastructure Cyber Incident Reporting Act (CIRCIA), and the EU Cybersecurity Act are another important part of the collective defense landscape. What these various initiatives have in common is their emphasis on promoting a collaborative, community-centric approach to strengthening the digital ecosystem against ever-changing cyber risks.
From theory to implementation
To put this into practice, organizations must commit to coordinating their cybersecurity strategies to identify, mitigate, and recover from threats and security breaches. This should begin with a process that defines the stakeholders who will participate in the collective defense effort. These can include everything from private companies and government agencies to nonprofit organizations and information sharing and analysis centers (ISACs), among others.
This approach will only work if it is based on mutual trust, so it is important to use mechanisms such as confidentiality agreements, clearly defined roles and responsibilities, and a commitment to operational transparency. Operationally, secure, real-time communication channels are critical to ensure that threat and defense intelligence can be shared. Similarly, the community should establish processes to disseminate indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs), supported by best practice information and incident reports.
Collective defense communities can also turn to the Cyber Fusion Center model to bring together relevant security functions—such as threat intelligence, security automation, threat response, security orchestration, and incident response—into a cohesive approach. A practical example of how this can work is when vulnerability management and incident response teams work together to address a bug exploitation incident more effectively than would be possible if they worked in isolation.
Given the complex array of cybersecurity risks we face today, collective defense not only represents a common-sense approach to improving protection, but can also transform the security posture of organizations currently trying to act alone. As such, it is a model that fits perfectly with the notion that “the whole is greater than the sum of its parts.”
We list the best cloud antivirus.
This article was produced as part of TechRadarPro's Expert Insights channel, where we showcase the brightest and brightest minds in the tech industry today. The views expressed here are those of the author, and not necessarily those of TechRadarPro or Future plc. If you're interested in contributing, find out more here:
