No matter where you look, the news is always full of cyber-attacks, ransom demands, data leaks and so on. The threat landscape continues to develop as malicious hackers look to exploit any vulnerabilities they can get their hands on.  

For businesses, this means cyber vigilance must be at an all-time high. From the minute a company is formed, rest assured it is under threat.

Take the AI company DeepSeek, for example – when news of their success hit the market, they quickly succumbed to a severe large-scale attack. Similarly, even the most established names are under threat. Last year, tech giants Google, Firefox and Safari fell victim to the ‘0.0.0.0-Day’ attack, a situation that further highlights the importance of a well-rounded cybersecurity strategy – no matter how well known the company.  

As a result, organisations must focus on implementing cybersecurity processes from the foundational stages of development and continually monitor and update them to ensure the best security is always present. 

Dangerous isolation

Part of the challenge many businesses face is addressing the various risks they face in relative or complete isolation. This can manifest itself in several ways, starting with those organisations that don’t fully orchestrate key internal security functions across the various threat intelligence, security automation, threat response and incident response disciplines.

Elsewhere, security strategies are often implemented without effectively referencing the huge body of collective defence experience and expertise available across the security community. 

The net result is that individual businesses are pitted against highly organised and integrated criminal teams that are highly effective exponents of shared intel and new tactics. 

So, how can security teams bridge this gap and build a hyper-orchestration strategy that can defend networks and data against the huge variety of risks they face? On an organisational level, implementing advanced security orchestration and automation (SOAR) capabilities is key for security teams looking to improve threat response workflows across cloud and on-premises environments. 

This includes the ability to automatically gather malware intelligence from internal and external sources – information which is then subjected to automated real-time analysis. This allows threat data and alerts to be shared among security stakeholders extremely quickly and in a way they can act upon.

Responses can then be geared towards which systems are most at risk, with defensive and remediation resources allocated to minimise mean time to detect (MTTD) and mean time to respond (MTTR) performance. 

Collaboration and collective defence

Deeply embedded in the DNA of the hyper-orchestration approach is collaboration and collective defence. These proven concepts are familiar across everything from military and law enforcement to healthcare, environmental protection and disaster response, and they succeed because organisations can go above and beyond when they commit to working together. 

In cybersecurity terms, collective defence coordinates threat intelligence and response activities to tackle specific security threats. Today, it is formalised in various ways, perhaps most notably in the work of Information Sharing and Analysis Centres (ISACs), which collect, analyse and disseminate actionable threat information to their members.

Their role is also to provide tools to mitigate risks and enable members to boost their resilience. It’s a comprehensive and growing set of highly professional groups, with the National Council of ISACs currently comprising almost 30 sector-specific organisations, for example. 

This message resonates across the cybersecurity industry, with recent research revealing that over 90 percent of respondents believe collaboration and information sharing are very important or crucial for cybersecurity.

Part of the challenge, however, is that nearly three-quarters (70 percent) also believe their organisation could improve threat intelligence sharing, with 19 percent saying they could share significantly more.

Indeed, the same study revealed that over half (53 percent) of organisations do not currently utilise the services of an Information Sharing and Analysis Centre (ISAC). Even more revealing was the finding that over a quarter (28 percent) were unaware of the existence and role of ISACs altogether.

This situation needs to change: there can be no doubt that any gaps between siloed security teams and the wider community pose a serious threat to the delivery of threat intelligence and the ability of organisations to protect their systems. 

Important progress is being made, with the role of information sharing now recognised at the highest levels of government and regulation. The EU Network and Information Systems Directive 2 (NIS2), which came into force last October, is a case in point, focusing on the resilience of sectors that are under particular risk.

In this context, hyper orchestration and collective defence will be crucial in protecting organisations and their supply chains by putting security teams in a much stronger position to keep systems secure throughout the threat intelligence lifecycle.

Dan Bridges Technical Director – International Cyware