Light Dark
July 16, 2018 By Caleb Barlow 4 min read
Artificial Intelligence
CISO
Fraud Protection

In recent years, we’ve seen ample evidence of our collective cybersecurity failures. But we still haven’t learned the most important lessons.

To start, there is no silver bullet — no single technological fix. What’s more, while cybercriminals have been coordinating in organized groups, we have been trying to fight cybercrime in silos. If we are going to beat back the advances of cybercrime, we need better collaboration within the cybersecurity industry, with shared intelligence across public and private sectors.

We must focus more on responding to the inevitable “boom moments” after a breach occurs, not just what comes “left of the boom,” the prevention and detection of threats. Furthermore, we need a drastic elevation of cybersecurity skills and awareness.

On that last point, we need to raise the level of cybersecurity awareness — not just to protect our businesses, but among the general population. Our families and friends must understand what we’re up against and become knowledgeable of security hygiene to deny cybercrime organizations the victims they need to finance their operations.

That’s why I’m so proud that IBM Security teamed up with Atomic Entertainment and Science Channel to create a documentary special that explains, in provocative detail, what we’re up against.

Go Behind the Scenes of the Fight Against Cybercrime

Dark Web: Fighting Cybercrime” — airing on Science Channel at 5 p.m. EDT on Thursday, July 19 and available afterward on-demand — brings to a mass audience a close encounter with the dark corners of the internet and offers insights into the history of cybercrime and where it’s headed. Better yet, the film goes behind the scenes of the fight against cybercrime, bringing you right inside a security operations center (SOC) to witness a simulation of a cyberattack and the challenges of responding in the moment to stop the “bleeding” and mitigate further damage.

Take a peek inside the dark world of cybercrime

I’ve been a part of hundreds of these simulations in our IBM Security X-Force Command Centers, and I have seen many accomplished and smart executives grappling with a kind of pressure few have experienced before.

When you watch the Science Channel special, you’ll see why practice runs are essential for security teams and business leaders to understand how to respond to an attack. While first responders and military service members train rigorously to deal with threats, the same can’t be said about organizations under threat of cyberattacks.

Just think about the training and preparation a military pilot goes through — hundreds of hours in simulators and in classroom training. But business leaders today are taught to be deliberate in their decisions, to pause and collect all the data before acting. That’s about the worst thing you can do when there’s a breach. After the boom, you need to act right away to prevent a bad situation from becoming worse.

Learn How to Keep Calm in the Face of a Cyberattack

Many of the people who go through the simulations in our command centers can become flustered and discouraged, despite being highly capable leaders. When the CEO who normally acts with confidence when making business decisions is suddenly thrust into the unknown of a cyberattack, the fight-or-flight adrenaline makes decision-making extremely difficult, and he or she starts to make mistakes.

It’s like trying to learn a new sport: You are bound to fail at first, but it’s by failing that you learn. And it’s far better to strike out or miss a tackle in practice than in a real game.

For many of our clients, it’s very apparent that rehearsing these situations is essential to honing their crisis leadership. By experiencing a simulated cyberattack, teams build muscle memory of what to do and with whom to communicate. By incorporating what they’ve learned, leaders can go back to their organizations and script their responses to automate as much of the decision-making process as possible. You can act faster and more effectively when the rules are written down, processes are established and everyone understands their job.

As the Science Channel special demonstrates, there’s a common thread among successful teams in our cyber ranges, and that’s the calm and collected leadership of people with backgrounds in the military or first responder jobs.

We need more of these disciplined and quick-acting men and women in cybersecurity. But the traditional way of recruiting cybersecurity staff — finding experienced professionals with a background in cybersecurity, college degrees and information security certifications — can overlook nontraditional candidates who can nonetheless do the job. At IBM Security, we’ve advocated and put into practice a “new collar” approach to recruiting professionals. It means looking beyond credentials to find individuals with the skills, aptitude and attributes to adapt to new cybersecurity roles.

Why I’m Optimistic About the Future of Cybersecurity

Unfortunately, there’s a lot of pessimism right now about the acceleration of threats, mounting breaches and exploding costs of incorporating a wide array of disparate and disconnected security technologies into IT environments. Yet, I am optimistic, because we do not have to fight alone.

By collaborating across organizations and within the security industry, we can limit the spread of threats through shared insights and intelligence. Together, the cybersecurity industry and our partners can simplify security by integrating our solutions, because complexity is the enemy of security.

We also have a new partner that can help turn the tide in the fight against cybercrime: artificial intelligence (AI). By advancing the security applications of AI, we create a force multiplier, because automating tasks and limiting false positives frees up human analysts to make critical decisions faster.

Finally, it bears repeating that we must create more allies in this fight by educating our employees and the general public about threats to their online privacy and security. I think “Dark Web: Fighting Cybercrime” does a standout job of doing just that.

Whether you’re a security professional, business executive or concerned citizen of our digital world, you’ll gain valuable perspective from this fascinating documentary. Check out the trailer below to get a taste of the action, and watch “Dark Web: Fighting Cybercrime” on Science Channel at 5 p.m. EDT on Thursday, July 19, and later on-demand. Get your friends and family members to watch too — after all, we’re all in this fight together.

https://www.youtube.com/watch?v=NJRYJ2MfxWw

Take a peek inside the dark world of cybercrime

 |  |  |  |  |  |  |  |  |  |  |  |  |  | 
Caleb Barlow

More from Artificial Intelligence
December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 12, 2024

Security roundup: Top AI stories in 2024

3 min read - 2024 has been a banner year for artificial intelligence (AI). As enterprises ramp up adoption, however, malicious actors have been exploring new ways to compromise systems with intelligent attacks.With the AI landscape rapidly evolving, it's worth looking back before moving forward. Here are our top five AI security stories for 2024.Can you hear me now? Hackers hijack audio with AIAttackers can fake entire conversations using large language models (LLMs), voice cloning and speech-to-text software. This method is relatively easy to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature