In the natural world, new viral threats arise and existing viruses evolve to defeat our defenses. Just look at the flu — during the 2015 to 2016 flu season, people around the globe were fighting strains out of Switzerland and Phuket. This year, everyone’s worried about new flu varieties from California, Hong Kong and Brisbane. That’s why we get annual flu shots, to get immunity from the season’s new viruses.

It’s equally important to inoculate your organization against cybercrime. As my former Burton Group colleague Fred Cohen demonstrated back when he was in graduate school, computer viruses have a lot in common with viruses in the natural world. Both human and cyber viruses hide and evolve to get past perimeter defenses and attack from within.

Inoculate Your Organization and Strengthen Your Immune System

As humans, we are pretty well-equipped to fight off viruses. We have an immune system that is adept at coordinating a network of powerful resources to fight viral invasions. We help our immune system by supporting it in different ways. For example, I find that if I get at least eight hours of sleep a night, work out regularly, eat lots of green vegetables and consume plenty of vitamin C, I’m much less likely to get sick. We also have annual flu shots to protect against new virus strains, but what about protecting against new or evolved computer malware?

Unfortunately, the security programs in many organizations are nowhere near as coordinated as our human immune system. Although companies invest in support for their security programs, a lack of resources and the cybersecurity skills gap can make it very hard to ensure that the corporate security system is getting a full eight hours of sleep and extra vitamins.

Download the security immune system brochure

Instead, the reality in many organizations is a set of disconnected security point solutions and perimeter products, typically provided by a host of vendors. Individual components don’t communicate with each other to fight cybercrime. The piecemeal nature of these systems makes them hard to monitor, and the expertise needed to manage them isn’t always available in-house. Faced with increasingly persistent and sophisticated cybercrime, organizations need security programs that act more like the human immune system.

Evolving Security Threats

Applying the idea of an immune system to cybersecurity can help organizations more effectively combat increasingly complex cyberthreats. Malware evolves as criminals create new viruses and as technologies such as cloud, mobile devices, social media and the Internet of Things (IoT) provide new attack vectors.

Ransomware is one example. CryptoLocker, which emerged in 2013, was quickly joined by CryptoWall, then ZeroLocker, CryptoWall 3.0, CTB-Locker and Locky, all pieces of malware that encrypt data, but with different signatures and profiles.

Similarly, the Shifu Trojan, which attacked Japanese banks in 2015, demonstrated this evolution through its “masterful” reconfiguration of leaked source codes. Just as some viruses mutate, Shifu was an amalgamation and mutation of previous malware including Shiz, Gozi, Zeus and Dridex. Much like a human virus, the Shifu malware used the parts of previous malcode that helped to successfully infect systems while shedding the features and functions that resulted in detection. After infecting Japanese banks, Shifu switched targets and focused on banks in the U.K.

The Role of Security Intelligence and Analytics

To inoculate your organization from cybercrime, your security systems must work more like the human immune system. That means devices, sensors and systems communicate, interact and work together to monitor activity and detect invaders, prevent infection and respond with appropriate measures. Of course, this integrated system needs a “brain” to help manage and coordinate it.

Security intelligence analytics sit at the core of a security immune system. These analytics work with network monitoring capabilities, network protection capabilities and identity controls to parse through massive amounts of data and provide alerts when suspicious, potentially criminal activity is detected. The earlier IT professionals discover anomalous behavior, the better the chances they will be able to prevent data loss and fraud.

Give Your Security System a Flu Shot

Security analytics are only as good as the intelligence that feeds them. While critical data companies can learn a lot from their own net flow and log file data, that isn’t enough to prevent infection in the cloud- and mobile-dependent world. That’s why, just like the human body needs a flu shot to introduce new “intelligence” about evolving virus strains, a security system needs new intelligence to defend itself from the latest threats.

The IT security community needs to find ways to work together and share information that will help all organizations become more immune to cybercrime. For example, the IBM X-Force Exchange has 14,000 members that contribute to an open, 700-TB database of threat intelligence. Members can use this information to help inoculate their own systems against evolving viruses and other malware.

Coupling external threat intelligence with a system of connected security tools and services, companies can move toward the model of a cybersecurity immune system and inoculate themselves against new attacks by ingesting and using the latest threat intelligence.

Download the security immune system brochure

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today