Abstract

The latency reduction between the discovery of vulnerabilities, the build-up, and the dissemination of cyberattacks has put significant pressure on cybersecurity professionals. For that, security researchers have increasingly resorted to collective action in order to reduce the time needed to characterize and tame outstanding threats. Here, we investigate how joining and contribution dynamics on Malware Information Sharing Platform (MISP), an open-source threat intelligence sharing platform, influence the time needed to collectively complete threat descriptions. We find that performance, defined as the capacity to characterize quickly a threat event, is influenced by (i) its own complexity (negatively), by (ii) collective action (positively), and by (iii) learning, information integration, and modularity (positively). Our results inform on how collective action can be organized at scale and in a modular way to overcome a large number of time-critical tasks, such as cybersecurity threats.

Research Paper

article

Source: Journal of Cybersecurity


BibTex

@article{10.1093/cybsec/tyad021,
    author = {Gillard, Sébastien and Percia David, Dimitri and Mermoud, Alain and Maillart, Thomas},
    title = "{Efficient collective action for tackling time-critical cybersecurity threats}",
    journal = {Journal of Cybersecurity},
    volume = {9},
    number = {1},
    pages = {tyad021},
    year = {2023},
    month = {11},
    abstract = "{The latency reduction between the discovery of vulnerabilities, the build-up, and the dissemination of cyberattacks has put significant pressure on cybersecurity professionals. For that, security researchers have increasingly resorted to collective action in order to reduce the time needed to characterize and tame outstanding threats. Here, we investigate how joining and contribution dynamics on Malware Information Sharing Platform (MISP), an open-source threat intelligence sharing platform, influence the time needed to collectively complete threat descriptions. We find that performance, defined as the capacity to characterize quickly a threat event, is influenced by (i) its own complexity (negatively), by (ii) collective action (positively), and by (iii) learning, information integration, and modularity (positively). Our results inform on how collective action can be organized at scale and in a modular way to overcome a large number of time-critical tasks, such as cybersecurity threats.}",
    issn = {2057-2085},
    doi = {10.1093/cybsec/tyad021},
    url = {https://doi.org/10.1093/cybsec/tyad021},
    eprint = {https://academic.oup.com/cybersecurity/article-pdf/9/1/tyad021/52980726/tyad021.pdf},
}