As cyberattacks grow sophisticated beyond the point where cyberdefense companies working independently will be less and less able to defend against them, the need for collaboration within the field is more important than ever.
“Security companies might be competitors in the same industry, but for security to advance overall worldwide, they need to pool their resources and work together toward achieving a common goal,” Microsoft senior security researcher Kim Hye-seon said during an interview with The Readable. The interview took place on January 26 during the researcher’s brief visit to Hanyang University in South Korea to participate in an educational program.
Kim, a senior researcher, who works with the Endpoint Research team examining data for Microsoft Security’s security platform, Microsoft Defender, is an expert in malware analysis and antivirus protection. Being on the cutting edge and constantly vying against malicious actors, Kim well understands the critical need for security companies to collaborate to effectively engage with the ever-evolving cybersecurity landscape, an arena rife with increasingly duplicitous and potent threats.
“AI can aid computer security specialists by reducing false positive alerts, yet evolving hacking technologies and security systems will persist in challenging each other, irrespective of AI’s role,” Kim stated. She further emphasized, “To achieve dominance in defense, it’s crucial not just to compete, but to unite globally in pursuit of a common goal.”
The contest between hackers and defenders is frequently compared to an arms race, with both sides continually enhancing their capabilities in order to outdo the other. Kim emphasized that if defenders were to collaborate more, their progress could be significantly more efficient. She noted that such cooperation among security companies would not only provide a broader and more diverse dataset, but it would also bring varied perspectives to the analysis of security threats, thereby improving defense strategies overall and to a degree able to keep pace with the changing landscape.
Cybersecurity education programs play a crucial role in enhancing international security, and Kim is actively contributing to this effort. During her lecture at Hanyang University, she delved into the workings of memory injection techniques, which are now commonly incorporated in contemporary malware. She pointed out that while injection was a rare form of attack a decade ago, it is now rare to encounter malware that doesn’t utilize it. Injection involves an attacker inserting code into the memory space of another running process, altering the program’s outcomes. Her point in citing this example was clear—that the increasing sophistication of cyberattacks make them harder and harder to respond to, and that today’s innovation will be tomorrow’s commonplace.
Kim further noted that, while instances of cybersecurity collaboration among independent companies have been infrequent, examples of initiatives aimed at global cooperation do exist. One such example is the Overseas Security Advisory Council (OSAC), which was established in 1985 to gather information on global cybersecurity issues. Its scope, however, was limited, as it primarily served to safeguard the resources and intellectual property of a limited number of American companies.
The Center for Cybersecurity Policy and Law (CCPL), a nonprofit organization dedicated to enhancing cybersecurity, represents a step more in line with the type of solution Kim envisions. She commented that, “although it may seem far-fetched, creating a ‘United Nations for cybersecurity’ could prove an effective way to actualize global cooperation.” In furtherance of this idea, the CCPL established the Network Resilience Coalition (NRC), which is dedicated to collaboration and the sharing of ideas and information, in July of last year.
