Light Dark
July 16, 2018 By Caleb Barlow 4 min read
Artificial Intelligence
CISO
Fraud Protection

In recent years, we’ve seen ample evidence of our collective cybersecurity failures. But we still haven’t learned the most important lessons.

To start, there is no silver bullet — no single technological fix. What’s more, while cybercriminals have been coordinating in organized groups, we have been trying to fight cybercrime in silos. If we are going to beat back the advances of cybercrime, we need better collaboration within the cybersecurity industry, with shared intelligence across public and private sectors.

We must focus more on responding to the inevitable “boom moments” after a breach occurs, not just what comes “left of the boom,” the prevention and detection of threats. Furthermore, we need a drastic elevation of cybersecurity skills and awareness.

On that last point, we need to raise the level of cybersecurity awareness — not just to protect our businesses, but among the general population. Our families and friends must understand what we’re up against and become knowledgeable of security hygiene to deny cybercrime organizations the victims they need to finance their operations.

That’s why I’m so proud that IBM Security teamed up with Atomic Entertainment and Science Channel to create a documentary special that explains, in provocative detail, what we’re up against.

Go Behind the Scenes of the Fight Against Cybercrime

Dark Web: Fighting Cybercrime” — airing on Science Channel at 5 p.m. EDT on Thursday, July 19 and available afterward on-demand — brings to a mass audience a close encounter with the dark corners of the internet and offers insights into the history of cybercrime and where it’s headed. Better yet, the film goes behind the scenes of the fight against cybercrime, bringing you right inside a security operations center (SOC) to witness a simulation of a cyberattack and the challenges of responding in the moment to stop the “bleeding” and mitigate further damage.

Take a peek inside the dark world of cybercrime

I’ve been a part of hundreds of these simulations in our IBM Security X-Force Command Centers, and I have seen many accomplished and smart executives grappling with a kind of pressure few have experienced before.

When you watch the Science Channel special, you’ll see why practice runs are essential for security teams and business leaders to understand how to respond to an attack. While first responders and military service members train rigorously to deal with threats, the same can’t be said about organizations under threat of cyberattacks.

Just think about the training and preparation a military pilot goes through — hundreds of hours in simulators and in classroom training. But business leaders today are taught to be deliberate in their decisions, to pause and collect all the data before acting. That’s about the worst thing you can do when there’s a breach. After the boom, you need to act right away to prevent a bad situation from becoming worse.

Learn How to Keep Calm in the Face of a Cyberattack

Many of the people who go through the simulations in our command centers can become flustered and discouraged, despite being highly capable leaders. When the CEO who normally acts with confidence when making business decisions is suddenly thrust into the unknown of a cyberattack, the fight-or-flight adrenaline makes decision-making extremely difficult, and he or she starts to make mistakes.

It’s like trying to learn a new sport: You are bound to fail at first, but it’s by failing that you learn. And it’s far better to strike out or miss a tackle in practice than in a real game.

For many of our clients, it’s very apparent that rehearsing these situations is essential to honing their crisis leadership. By experiencing a simulated cyberattack, teams build muscle memory of what to do and with whom to communicate. By incorporating what they’ve learned, leaders can go back to their organizations and script their responses to automate as much of the decision-making process as possible. You can act faster and more effectively when the rules are written down, processes are established and everyone understands their job.

As the Science Channel special demonstrates, there’s a common thread among successful teams in our cyber ranges, and that’s the calm and collected leadership of people with backgrounds in the military or first responder jobs.

We need more of these disciplined and quick-acting men and women in cybersecurity. But the traditional way of recruiting cybersecurity staff — finding experienced professionals with a background in cybersecurity, college degrees and information security certifications — can overlook nontraditional candidates who can nonetheless do the job. At IBM Security, we’ve advocated and put into practice a “new collar” approach to recruiting professionals. It means looking beyond credentials to find individuals with the skills, aptitude and attributes to adapt to new cybersecurity roles.

Why I’m Optimistic About the Future of Cybersecurity

Unfortunately, there’s a lot of pessimism right now about the acceleration of threats, mounting breaches and exploding costs of incorporating a wide array of disparate and disconnected security technologies into IT environments. Yet, I am optimistic, because we do not have to fight alone.

By collaborating across organizations and within the security industry, we can limit the spread of threats through shared insights and intelligence. Together, the cybersecurity industry and our partners can simplify security by integrating our solutions, because complexity is the enemy of security.

We also have a new partner that can help turn the tide in the fight against cybercrime: artificial intelligence (AI). By advancing the security applications of AI, we create a force multiplier, because automating tasks and limiting false positives frees up human analysts to make critical decisions faster.

Finally, it bears repeating that we must create more allies in this fight by educating our employees and the general public about threats to their online privacy and security. I think “Dark Web: Fighting Cybercrime” does a standout job of doing just that.

Whether you’re a security professional, business executive or concerned citizen of our digital world, you’ll gain valuable perspective from this fascinating documentary. Check out the trailer below to get a taste of the action, and watch “Dark Web: Fighting Cybercrime” on Science Channel at 5 p.m. EDT on Thursday, July 19, and later on-demand. Get your friends and family members to watch too — after all, we’re all in this fight together.

https://www.youtube.com/watch?v=NJRYJ2MfxWw

Take a peek inside the dark world of cybercrime

 |  |  |  |  |  |  |  |  |  |  |  |  |  | 
Caleb Barlow

More from Artificial Intelligence
April 10, 2024

What should an AI ethics governance framework look like?

4 min read - While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher.As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles.AI is also high on the list of United States government concerns.…

April 3, 2024

GenAI: The next frontier in AI security threats

3 min read - Threat actors aren’t attacking generative AI (GenAI) at scale yet, but these AI security threats are coming. That prediction comes from the 2024 X-Force Threat Intelligence Index. Here’s a review of the threat intelligence types underpinning that report.Cyber criminals are shifting focusIncreased chatter in illicit markets and dark web forums is a sign of interest. X-Force hasn’t seen any AI-engineered campaigns yet. However, cyber criminals are actively exploring the topic. In 2023, X-Force found the terms “AI” and “GPT” mentioned…

March 19, 2024

How AI can be hacked with prompt injection: NIST report

3 min read - The National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, NIST defines various adversarial machine learning (AML) tactics and cyberattacks, like prompt injection, and advises users on how to mitigate and manage them. AML tactics extract information…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature