This article was published on LinkedIn on March 27, 2018. You can read the original post here.

In my first LinkedIn article, I’d like to welcome you to the future. Not too far in to the future. But, it’s January 2019 and unfortunately cyber criminals are stealing your data. You’re scrambling to respond, hustling to contain, scurrying to an emergency board meeting. It’s a bad day.

You may be thinking that this isn’t going to happen to you, but many recent headlines say otherwise. So this is my humble letter that I wish I had gotten to you 10 months ago. Today.

From my chair, running IBM’s cybersecurity unit, I get to see things that don’t even make it to the news. Yesterday, we actually helped check references on a hacker for a customer wondering if they should pay bitcoin to get their servers back. This morning, my research team in Israel uncovered a new organized criminal circuit developing a new method to steal money from banks in Brazil. And just in the last 24 hours, my threat intelligence team received indicators of 30 new domains registered by hackers as command and control servers for their malware.

But here’s the thing… even though cybercrime is becoming significantly more sophisticated, there are things we can do that can make a difference. Here are my current top three:

1. Prepare Your Response

My first advice is that “response” isn’t something that should be considered after a breach is detected, but rather something that needs to be planned and rehearsed way ahead of time.

An effective response to a cyber incident requires preparation and planning — a playbook — as well as training and rehearsing, in the same way hospitals prepare for emergencies. As we’ve seen with recent cyberattacks, often a company’s response can do more damage than the breach.

Last year IBM opened the world’s first “cyber range” for the private sector — a place where clients come for rigorous training to prepare for a potential cyberattack. It’s been an eye opener for us and the 1,400-plus people who have trained there.

Our big take away is that this isn’t just a technical team problem — the response needs to span every function in your organization. An effective response plan includes not just the security team’s role in detecting and remediating a breach, but how your organization reacts to regulators, your Board of Directors, law enforcement, clients, employees, the media and other constituents.

Such training and rehearsing helps organizations develop and regularly update a highly detailed and coordinated response plan, and build “muscle memory” that can be thrown into action when a breach occurs.

Most organizations don’t have this. A study we released this week shows nearly 80 percent of organizations surveyed said they cannot remain resilient after a cyberattack due to a lack of planning. And the longer it takes to respond, the higher the costs. For example, a breach contained in less than 30 days saves an organization, on average, nearly $1 million.

2. Change the Game With AI

AI has the capability to ingest, comprehend and analyze the enormous amount of security data, in whatever forms, that are out there today, and can be deployed quickly. It will help you detect and respond to cyberattacks at speed and scale. More than that, cognitive systems make correlations that provide insight to detect potential breaches much faster than humans alone.

AI will give your security analysts much needed help in finding the needle in the haystack so they can concentrate on stopping the attack.

AI in the form of machine learning enables you to do things like determine if an employee’s identity has been compromised by deeply understanding user behavior and detecting anomalies that could indicate an insider threat. Machine learning can automatically scan new applications for vulnerabilities so developers can continue to move quickly, confident that their app is secure. And when it comes to mobile, AI can see what’s going on at the endpoint and dynamically make recommendations on policies, patches and relevant best practices to keep devices secure.

3. Master the Basics

Good security hygiene — from keeping software patches updated to scanning applications for vulnerabilities — still count, maybe more than ever. And from where I sit, not enough companies are focusing on the mundane, hard work of getting the basics right — 100 percent of the time. Any less than that will leave you open to an attack.

Think about cyber security the same way that an engineering or manufacturing company thinks about safety and quality. An auto manufacturer would never accept just a few defective parts leaving the plant. An oil company would not be satisfied losing five percent of its drilling rigs. You should not be satisfied with anything less than perfect either. Drive that into your culture.

I’m not saying these so-called basics are easy to get right. I know your teams are challenged with an enormous — and growing — amount of security data. Whether it’s the potentially 200,000 security events you see every day, or the 60,000 alert blogs your security analysts need to read each month — all of which needs to be analyzed quickly to find anomalies that may indicate a pending cyberattack. And the significant skills shortage we’re facing in cybersecurity, with an estimated 1.5 to 2 million unfilled security jobs by the end of this decade, is making it even more difficult.

But at the end of the day, this quality control is worth the effort. Mastering these basics from the outset will allow you to react more quickly in the wake of an attack — potentially saving millions of dollars, and significant losses to your reputation. Not only that, it will also help close the gaps so that you’re dealing with less of these incidents in the first place.

To wrap up, cybercrime is one of our generation’s most significant issues, equally impacting the public and private sector, as well as consumers and citizens. The basics matter, how you handle an attack makes all the difference in the world, and with AI we have a fighting chance to get ahead of the criminals.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…