How joining forces with sensitive data can fortify your cyber defence

The cybersecurity landscape is evolving, with new and advanced threats emerging on a daily basis.

Data breaches are a particularly costly type of cyber attack, with each data breach costing companies worldwide an average of $3.86 million.

The financial services sector is a lucrative target for cyber attackers, given the high value and growing sensitivity around financial data. Banks have been the target of 47% of financial data breaches, with the banking industry experiencing a 1,318% year-on-year increase in ransomware attacks in the first half of this year. It comes as no surprise that cyber attacks pose the biggest threat to banks in Switzerland, with annual costs exceeding $18 million in 2018.

Aside from the financial services sector, other industries that maintain sensitive and restricted data are also vulnerable to cyber threats, such as healthcare. Notable cyber-attacks in 2021 alone include the SolarWinds data breach, DDoS attack on New Zealand's financial institutions and its national postal service, ransomware cyberattack on Ireland's Health Services (HSE).

Why has existing cyber defence been so ineffective?

Most organizations continue to rely on their own security teams to defend their networks and infrastructure in isolation. However, with the growing and evolving threat of cyber-attacks, relying on one’s own cybersecurity data is no longer enough for an organization to effectively defend against the latest cyber threats.

While some organizations might want to collaborate on their cyber defence, cybersecurity data, such as incidents, vulnerabilities and attacks, are usually extremely sensitive, confidential and thus restricted in how it can be used.

Organizations are very reluctant to share these sensitive and restricted data with their partners or other companies in their industry. But this reluctance results in organizations not knowing if others are or have been affected by the same incidents.

This siloed approach has also contributed to the lengthy period an organization needs to identify data breaches, at an average of 191 days. As such, today’s cyber defence is failing and no longer effective.

How can organizations securely collaborate on cyber defence today?

There are currently different ways that organizations can leverage to enhance their cybersecurity with collaborative cyber defence. We divide them into four broad categories.

1. Trusted third parties

Trusted third parties act as intermediaries that confidentially manage and analyze data from multiple organizations, before sharing individual insights and results with the respective participants.

PROS

✔ No technological investment required

CONS

✗ Need to trust the third party and the security of their infrastructure
✗ Trusted third party has access to raw, granular data
✗ Need to remove or mask the most sensitive and valuable data
✗ Long project timeline and inflexible scope

2. Software-based encryption techniques

Secure Multiparty Computation (SMPC) and Fully Homomorphic Encryption (FHE) are based on advanced cryptography that ensures data always remains encrypted and that no third party is able to see the data even while performing computations on them.

PROS

✔ Guarantees are based on mathematical encryption
✔ No need to trust any single party
✔ No hardware-dependency
✔ No one has access to the data

CONS

✗ High development and deployment costs
✗ Low scalability
✗ Complex implementation
✗ Need very specialized skillset to audit
✗ Orders of magnitude slower than native computation speed

3. Pseudonymization

Pseudonymization ensures that raw data that is identifiable to a person is replaced by pseudonyms or fictional yet realistic data, thus preserving the confidentiality of individuals' data. Pseudonymized data can then be analyzed and insights generated while maintaining data privacy.

PROS

✔ Protects data in-use
✔ Reduce risk of identification due to data breach or loss
✔ Facilitate analysis beyond the initial collection purposes
✔ Data minimization

CONS

✗ Pseudonymized data is not anonymous, meaning that such data can still be re-identified if combined with other data.

4. Confidential Computing

With confidential computing, the secure enclave-based encryption in-use technology, data is encrypted during computation and analysis, while only aggregated results are generated, thus ensuring that the data's confidentiality is never compromised.

PROS

✔ Data encryption in-use
✔ No one can see the data, not even the platform or cloud provider
✔ Data owners retain full control of their data
✔ Fast computation speed
✔ No communication overhead
✔ High scalability
✔ Easy to audit

CONS

✗ Need to trust that Intel/AMD and infrastructure owner won’t collude
✗ Requires specific processor version, which however is deployed on every major cloud provider

Decentriq's data clean rooms

While each of the categories above has their benefits and drawbacks, we at Decentriq opted to go with confidential computing technology to power our data clean rooms. This provides your organization with the following benefits:

✔ On-demand: Decentriq is a SaaS platform that is ready for enterprise use, creating a data clean room takes minutes and requires no set up.

✔ Cost effective: Our data clean rooms are cheaper to set up, maintain and audit compared to complex cryptography.

✔ Proven: Confidential computing technology is already trusted by multiple healthcare institutions, finance organizations, and public entities.

✔ High performance: Our technology is scalable and performs at near native speed for all analytics applications, from SQL to custom Python models.

How can organizations join forces in Decentriq's data clean rooms to fortify their cybersecurity?

Leveraging the benefits of confidential computing, multiple organizations can collaborate on their confidential cybersecurity data, for example by securely connecting similar monitoring data via API in Decentriq's data clean room.

This allows participants to retain full control and privacy of their individual data, while being able to:

1. Better anticipate and identify future cyber attacks

With collective insights, organizations can expand the range of available intelligence, which will provide better threat analyses and predictions. This allows organizations to be better prepared and also implement better preventive measures.

2. Improve robustness of incident response plans

With more insight and deeper understanding of a larger volume of past cyber attacks, organizations refine and enhance their incident response plans to better cater to a wider range of threats. Organizations can also collaborate on coordinated responses to similar threats they face.

3. Reduce cybersecurity costs

As organizations work with a larger dataset - without having to expose their own data or access their fellow participants' data - and potentially coordinate their responses, they can be more efficient with their cybersecurity spending.

Join forces with your cybersecurity data and fortify your cyber defences today

With the evolving and looming threat of cyber attacks, organizations and their most sensitive and valuable data are increasingly vulnerable to data breaches.

Organizations need to come together to strengthen the cyber defences of their industry, and even beyond. A more secure landscape overall can also contribute to the cybersecurity of each individual organization.

We are already working with multiple stakeholders such as the Swiss Army on combining forces to bolster nations’ and companies’ defences.

The startup Decentriq is the finalist in the second «Cyber Startup Challenge» of the DDPS. The company was able to impress the jury at the Cyber Defence Campus Conference with its innovative data sharing and protection platform.

Reach out to us for a quick discussion on how you could collaborate on sensitive cybersecurity data previously not possible.