March 27, 2018 By Marc van Zadelhoff 4 min read

This article was published on LinkedIn on March 27, 2018. You can read the original post here.

In my first LinkedIn article, I’d like to welcome you to the future. Not too far in to the future. But, it’s January 2019 and unfortunately cyber criminals are stealing your data. You’re scrambling to respond, hustling to contain, scurrying to an emergency board meeting. It’s a bad day.

You may be thinking that this isn’t going to happen to you, but many recent headlines say otherwise. So this is my humble letter that I wish I had gotten to you 10 months ago. Today.

From my chair, running IBM’s cybersecurity unit, I get to see things that don’t even make it to the news. Yesterday, we actually helped check references on a hacker for a customer wondering if they should pay bitcoin to get their servers back. This morning, my research team in Israel uncovered a new organized criminal circuit developing a new method to steal money from banks in Brazil. And just in the last 24 hours, my threat intelligence team received indicators of 30 new domains registered by hackers as command and control servers for their malware.

But here’s the thing… even though cybercrime is becoming significantly more sophisticated, there are things we can do that can make a difference. Here are my current top three:

1. Prepare Your Response

My first advice is that “response” isn’t something that should be considered after a breach is detected, but rather something that needs to be planned and rehearsed way ahead of time.

An effective response to a cyber incident requires preparation and planning — a playbook — as well as training and rehearsing, in the same way hospitals prepare for emergencies. As we’ve seen with recent cyberattacks, often a company’s response can do more damage than the breach.

Last year IBM opened the world’s first “cyber range” for the private sector — a place where clients come for rigorous training to prepare for a potential cyberattack. It’s been an eye opener for us and the 1,400-plus people who have trained there.

Our big take away is that this isn’t just a technical team problem — the response needs to span every function in your organization. An effective response plan includes not just the security team’s role in detecting and remediating a breach, but how your organization reacts to regulators, your Board of Directors, law enforcement, clients, employees, the media and other constituents.

Such training and rehearsing helps organizations develop and regularly update a highly detailed and coordinated response plan, and build “muscle memory” that can be thrown into action when a breach occurs.

Most organizations don’t have this. A study we released this week shows nearly 80 percent of organizations surveyed said they cannot remain resilient after a cyberattack due to a lack of planning. And the longer it takes to respond, the higher the costs. For example, a breach contained in less than 30 days saves an organization, on average, nearly $1 million.

2. Change the Game With AI

AI has the capability to ingest, comprehend and analyze the enormous amount of security data, in whatever forms, that are out there today, and can be deployed quickly. It will help you detect and respond to cyberattacks at speed and scale. More than that, cognitive systems make correlations that provide insight to detect potential breaches much faster than humans alone.

AI will give your security analysts much needed help in finding the needle in the haystack so they can concentrate on stopping the attack.

AI in the form of machine learning enables you to do things like determine if an employee’s identity has been compromised by deeply understanding user behavior and detecting anomalies that could indicate an insider threat. Machine learning can automatically scan new applications for vulnerabilities so developers can continue to move quickly, confident that their app is secure. And when it comes to mobile, AI can see what’s going on at the endpoint and dynamically make recommendations on policies, patches and relevant best practices to keep devices secure.

3. Master the Basics

Good security hygiene — from keeping software patches updated to scanning applications for vulnerabilities — still count, maybe more than ever. And from where I sit, not enough companies are focusing on the mundane, hard work of getting the basics right — 100 percent of the time. Any less than that will leave you open to an attack.

Think about cyber security the same way that an engineering or manufacturing company thinks about safety and quality. An auto manufacturer would never accept just a few defective parts leaving the plant. An oil company would not be satisfied losing five percent of its drilling rigs. You should not be satisfied with anything less than perfect either. Drive that into your culture.

I’m not saying these so-called basics are easy to get right. I know your teams are challenged with an enormous — and growing — amount of security data. Whether it’s the potentially 200,000 security events you see every day, or the 60,000 alert blogs your security analysts need to read each month — all of which needs to be analyzed quickly to find anomalies that may indicate a pending cyberattack. And the significant skills shortage we’re facing in cybersecurity, with an estimated 1.5 to 2 million unfilled security jobs by the end of this decade, is making it even more difficult.

But at the end of the day, this quality control is worth the effort. Mastering these basics from the outset will allow you to react more quickly in the wake of an attack — potentially saving millions of dollars, and significant losses to your reputation. Not only that, it will also help close the gaps so that you’re dealing with less of these incidents in the first place.

To wrap up, cybercrime is one of our generation’s most significant issues, equally impacting the public and private sector, as well as consumers and citizens. The basics matter, how you handle an attack makes all the difference in the world, and with AI we have a fighting chance to get ahead of the criminals.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today