VIEW 3
Altruism and the unit of selection
Charles Darwin first presented the concept of natural selection in 1858 and it has become the foundational tool of the science of biology ever since. But one area where there is still debate among biologists concerns the unit of selection. If evolution is the “survival of the fittest,” then the question becomes, the fittest what? Is it the fittest group, the fittest individual, or the fittest set of genes?
In the 1970s, Richard Dawkins published The Selfish Gene, definitively fixing the unit of selection at the genetic level. He explained altruistic acts of self-sacrifice in social animals such as ants and termites in a bottom-up, genetic way. The ants in the colony are all related to each other; they share the same genetic material. So, in sacrificing themselves for the sake of the group they are still indirectly propagating their genes.
In 2015, David Sloan Wilson in his book Does Altruism Exist? challenged this view, offering up the following argument that the unit of selection also occurs at the group level. If you form a group of selfish people and altruists, then the selfish people will always win. They act in their own self-interest and exploit the generosity of the altruists. On the other hand, groups that are full of altruists working cooperatively together outcompete groups full of selfish people fighting each other. So, at a group level teams of altruists win but at an individual level selfish people win. Turning this around, wherever altruistic behavior is observed, it is a sign that competition between groups is a stronger force than competition inside groups. Thus, the unit of selection exists at the group level.
The link between altruism and the cyber threat may not seem obvious at first.
But the altruistic sharing of threat intelligence has a significant impact on both the specific and systemic aspects of cyber risk.Communities respond collectively to cyber threats — the larger the scale of the incident, the larger the community response. In natural catastrophe modeling, we expect buildings to be better constructed over time as technology gradually improves, but no one expects a building to develop stronger resilience while the hurricane rages in real time.
However, in the case of a widespread cyber incident, the corporate sector, the tech titans, individuals, industry groups, and governments all join together to face the common foe. The community-driven “No More Ransom”1 project is a good example of this. It is estimated to have saved victims $1.5 billion by providing free decryption tools to those who have suffered ransomware attacks.
The speed of the community response has also improved over recent years. Statistics from Mandiant2 show the dwell time for external notifications shrunk from 320 days in 2015 to 73 days in 2020. Dwell time is the number of days malware is present on a victim’s system before it is detected. So, notifications from altruistic outsiders have reduced this from almost a year to a few months. If that still seems too long, then it is reassuring to know that internal detection dwell times dropped from 56 to only 12 days in the same time period.
