Across the globe, advanced cyberattacks affect millions of people, schools, hospitals, and businesses each day. In fact, most organizations don’t worry about if they’ll be attacked but about when and how much damage they’ll incur. While researchers and experts continue to improve security to protect the enterprise, there’s much to learn from each new attack. Similar to how the National Transportation Safety Board scrutinizes every aircraft collision, no matter how small or large, cyberattack transparency can provide the global community with a wealth of information, leading to better cybersecurity.
Despite the prevalence of cyberattacks, organizations are still sensitive to being open on security matters. There are, however, positive models to follow. Following the discovery of a breach in December 2020, SolarWinds, for example, created a resource center as a home base to post findings and other important lessons learned. This level of openness and candidness can add accountability and ensure a heightened security posture. For SolarWinds, this model led to many security enhancements, including development of the SolarWinds Next-Generation Build System—a system which institutes three build environments to validate products and help ensure no long-lived environments are available for attackers to compromise. Other organizations have changed their current security models in response to the information shared, as well.
Matching disclosure in importance is the decision by many organizations to turn to open source for collaborating with trusted partners on security measures. Information gained from cyberattacks can be shared with others with varying levels of experience by organizations impacted by cyberattacks. At the same time, those who have yet to experience a cyberattack benefit from the perspective and experience of those who have knowledge and insight. Understanding a bad actor’s methods and staying vigilant against new threats are necessary to defend against attacks as successfully as possible. Arthur Bradway, solutions architect for SolarWinds, noted the importance of collaboration involving the public and private sectors for the good of all.
As a result of cyberattack transparency, silos are broken down, and improvements in security posture are possible. The lessons from recent attacks have led to many organizations taking to hybrid cloud observability solutions. This enhances security by giving organizations the tools to help monitor applications and data across the entire network with one platform. This holistic concept can be scaled to fit individual needs, allowing organizations to gain visibility across the entire network in an intuitive, single-pane-of-glass manner. By discussing cyberattacks honestly, organizations can continue to develop more effective security measures.
Technology presents incalculable mission-critical benefits. But, for all its benefits, it’s not without some downsides. With so many bad actors willing to exploit technology for financial or personal gain, the threat of a cyberattack is never-ending. The most efficient way to prepare for such attacks is by studying past exploits and staying on top of current activity and attack signatures. While being transparent about not only being the target of an attack but also about lessons learned seems counterintuitive, it’s a strong move promoting stronger security for all against future attacks.