Why businesses can no longer fight cybercrime alone

Imagine a typical office filled with dedicated workers tapping away at their computers – a ubiquitous set-up that, on the face of it, seems innocent enough. However, instead of traditional employees, these people are criminal operatives, hacking, phishing and defrauding thousands of innocent victims as part of highly sophisticated teams organised just like legitimate businesses. The huge concern this scenario raises is that it’s a model increasingly favoured by organised cybercrime gangs, with the potential to increase already sky-high risk levels even further.

According to research from IBM and Google, for example, cybercriminal groups are starting to operate similarly to large enterprises, even adopting leadership teams and management hierarchies. These ‘companies’ also work together, selling their products and services and even hiring out specialists and subcontractors for individual jobs. While products such as Ransomware-as-a-Service are nothing new, it is increasingly apparent that criminal organisations are now also posting job ads and actively hiring for roles such as pen-testers to improve their capabilities.

This level of commitment and organisation demonstrates just how advanced cybercriminal operations have become. It’s deeply ironic, therefore, that many legitimate businesses still tackle cybersecurity in isolation without the resources or focused investment applied by their adversaries. Put simply, it’s an approach that’s no longer sustainable because defending against today’s threats requires more than just individual resilience; it calls for a collective effort that strengthens the entire security ecosystem.

So, what’s the answer? Fortunately, well-established cybersecurity communities exist to promote best practices and intelligence sharing, with organisations such as the Open Source Security Foundation (OpenSSF) bringing together industry leaders to address a very wide range of security challenges. Similarly, the Open Cybersecurity Alliance (OCA) fosters collaboration by reducing the technical barriers that prevent cybersecurity tools from integrating.

While these initiatives are crucial, they are just part of the answer for organisations focused on collective defence. The wider concept, akin to NATO’s principles of mutual protection, is a system where businesses and public sector entities share intelligence, pool resources and treat an attack on one as an attack on all. It’s an approach that brings many benefits, not least for smaller organisations that may otherwise remain vulnerable due to a lack of resources or expertise.

There are already examples of this in action. Microsoft’s Digital Crimes Unit (DCU), alongside cybersecurity firm Fortra and the Health Information Sharing and Analysis Center (Health-ISAC), recently launched legal action against the malicious use of Cobalt Strike. This effort disrupted infrastructure used by cybercriminals to distribute malware – an important step towards making cybercrime less successful.

To deliver long-term success, this kind of collective action requires structured collaboration, well-defined roles and a strong commitment to intelligence sharing. In the ideal scenario, organisations would exchange indicators of compromise (IoCs), tactics, techniques and procedures (TTPs) alongside joint threat-hunting and incident response strategies.

Many of these requirements are already in place, with organisations increasingly using sophisticated internal threat intelligence tools to monitor risks and automate responses. Extending these capabilities to external partners is the logical next step. In addition, those struggling with fragmented security alerts and siloed IT teams can turn to modern threat intelligence platforms (TIPs), which consolidate data from multiple sources, transforming it into actionable insights. These systems enable faster, more effective communication, improving situational awareness and resilience.

By streamlining communication and fostering collaboration, TIPs provide IT and security teams with a clearer, more comprehensive view of the evolving threat landscape. This rapid data aggregation strengthens situational awareness, enhances resilience and, crucially, enables analysts to cut through the noise so they can identify the most relevant threats and remediation strategies before risks escalate.

From the collaboration perspective, the next major step forward is the emergence of hyper orchestration platforms. These advanced systems build on TIP functionality by also facilitating real-time, secure intelligence sharing across entire networks, including internal business units, supply chain partners and industry peers. In essence, by automating the distribution of security advisories, crisis alerts and insights from deployed security tools, each stakeholder group is much better positioned to stay ahead of emerging threats.

Indeed, some of the most advanced solutions even allow organisations to form working groups, where internal and external teams can jointly analyse threats and fine-tune incident response strategies. In this context, the impact of collective defence is significantly enhanced with security teams embedded within highly effective collaborative networks where an attack on one is treated as an attack on all. For many across the industry, this now represents a foundational requirement in an environment where threat actors are increasingly driven by the profit motive.