Sophisticated threat actors require industry collaboration

Learning from Aviation: How Collaboration Can Enhance Cybersecurity

What if we could prevent cyberattacks the same way the aviation industry prevents crashes? It's not as far-fetched as you might think.

A note of respect: Recent events in aviation have been heartbreaking, and I want to acknowledge the impact on those directly and indirectly affected. I have been writing and reviewing this article for a few weeks and the timing coincided with a series of flight incidents. This article is not intended to capitalise on these tragedies but rather to explore the industry's response and what we can learn from it, unfortunately with a real incident this time.

When Planes Go Down, the Industry Learns Together

Before we get to our Cyber Security bits it's important to remember that commercial aviation is still incredibly safe. Less than 400 people, on average, die from flight incidents each year, compared to the nearly 9 billion people transported. That's not to downplay the seriousness of these incidents, but it's a reminder to keep things in perspective as some people could react by fearing flying.

What's truly remarkable is how the aviation industry responds to these incidents. When something goes wrong, multiple airlines and their regulators don't compete to be the first to solve it. They come together to figure out what happened. If it's a technical issue, they fix it and share that fix with everyone in the industry. The fix is then incorporated into everyone's maintenance manuals. This raises the bar for safety across the board and helps prevent similar incidents from happening again.

Why Cybersecurity Needs to Break Down the Silos

Unlike the aviation industry's collaborative model (mostly enforced by regulators), the cybersecurity world often operates in silos. We tend to work in silos, hoarding information and guarding our secrets. But this mindset ultimately hurts us all. Cybercriminals don't respect organisational boundaries, so why should we?

By sharing information and collaborating, we can:

• Improve threat detection and response: We can identify and respond to threats more quickly and effectively.
• Enhance security awareness: We can educate and empower individuals and organisations to better protect themselves.
• Develop stronger defences: We can pool resources and expertise to create more robust security solutions.
• Level the playing field: We can make it much harder for cybercriminals to succeed.

The Crowdstrike Outage: A Glimpse of Collaborative Power

We saw the power of collaboration in action during the recent Crowdstrike incident. When a faulty update caused widespread outages, IT professionals from all over the world, regardless of where they worked, came together to find solutions and help each other out. Open source projects popped up, information-sharing groups were formed, and people volunteered their time to help restart systems. It was a true testament to the collaborative spirit of the cybersecurity community.

Join the Movement: Cybersecurity Organisations Leading the Way

The good news is that there are already many organisations and communities working to promote collaboration and information sharing in cybersecurity. Here are a few of my go-to resources:

• CIS: Centre for Internet Security - Develops security best practices and resources, including the CIS Controls and CIS Benchmarks.
• NIST: National Institute of Standards and Technology - A US government agency that develops cybersecurity standards, guidelines, and best practices.
• SANS Institute: A leading provider of cybersecurity training and certifications.
• OWASP: Open Web Application Security Project - A non-profit foundation that focuses on improving the security of web applications.
• (ISC)²: International Information System Security Certification Consortium - A non-profit organisation that offers cybersecurity certifications, including the CISSP.

Be the Change: How You Can Contribute

If you have cybersecurity knowledge and want to contribute, there are many ways to get involved. Join an organisation, participate in a forum, or volunteer your time to mentor someone less experienced. Every contribution counts. The more people actively participate in strengthening our collective defences, the better we can protect ourselves and others from cyber threats.

I'll never forget the impact a mentor had on my career early on. They took the time to guide me, answer my questions, and encourage me to pursue my passion for cybersecurity. That experience showed me the power of mentorship, and now I try to pay it forward by mentoring others whenever I can. It's incredibly rewarding to see someone grow and develop their skills, and it reminds me that we can all make a difference by supporting each other.

Let's take inspiration from the aviation industry and build a more collaborative and secure digital world for everyone. 🌐