In the natural world, new viral threats arise and existing viruses evolve to defeat our defenses. Just look at the flu — during the 2015 to 2016 flu season, people around the globe were fighting strains out of Switzerland and Phuket. This year, everyone’s worried about new flu varieties from California, Hong Kong and Brisbane. That’s why we get annual flu shots, to get immunity from the season’s new viruses.

It’s equally important to inoculate your organization against cybercrime. As my former Burton Group colleague Fred Cohen demonstrated back when he was in graduate school, computer viruses have a lot in common with viruses in the natural world. Both human and cyber viruses hide and evolve to get past perimeter defenses and attack from within.

Inoculate Your Organization and Strengthen Your Immune System

As humans, we are pretty well-equipped to fight off viruses. We have an immune system that is adept at coordinating a network of powerful resources to fight viral invasions. We help our immune system by supporting it in different ways. For example, I find that if I get at least eight hours of sleep a night, work out regularly, eat lots of green vegetables and consume plenty of vitamin C, I’m much less likely to get sick. We also have annual flu shots to protect against new virus strains, but what about protecting against new or evolved computer malware?

Unfortunately, the security programs in many organizations are nowhere near as coordinated as our human immune system. Although companies invest in support for their security programs, a lack of resources and the cybersecurity skills gap can make it very hard to ensure that the corporate security system is getting a full eight hours of sleep and extra vitamins.

Download the security immune system brochure

Instead, the reality in many organizations is a set of disconnected security point solutions and perimeter products, typically provided by a host of vendors. Individual components don’t communicate with each other to fight cybercrime. The piecemeal nature of these systems makes them hard to monitor, and the expertise needed to manage them isn’t always available in-house. Faced with increasingly persistent and sophisticated cybercrime, organizations need security programs that act more like the human immune system.

Evolving Security Threats

Applying the idea of an immune system to cybersecurity can help organizations more effectively combat increasingly complex cyberthreats. Malware evolves as criminals create new viruses and as technologies such as cloud, mobile devices, social media and the Internet of Things (IoT) provide new attack vectors.

Ransomware is one example. CryptoLocker, which emerged in 2013, was quickly joined by CryptoWall, then ZeroLocker, CryptoWall 3.0, CTB-Locker and Locky, all pieces of malware that encrypt data, but with different signatures and profiles.

Similarly, the Shifu Trojan, which attacked Japanese banks in 2015, demonstrated this evolution through its “masterful” reconfiguration of leaked source codes. Just as some viruses mutate, Shifu was an amalgamation and mutation of previous malware including Shiz, Gozi, Zeus and Dridex. Much like a human virus, the Shifu malware used the parts of previous malcode that helped to successfully infect systems while shedding the features and functions that resulted in detection. After infecting Japanese banks, Shifu switched targets and focused on banks in the U.K.

The Role of Security Intelligence and Analytics

To inoculate your organization from cybercrime, your security systems must work more like the human immune system. That means devices, sensors and systems communicate, interact and work together to monitor activity and detect invaders, prevent infection and respond with appropriate measures. Of course, this integrated system needs a “brain” to help manage and coordinate it.

Security intelligence analytics sit at the core of a security immune system. These analytics work with network monitoring capabilities, network protection capabilities and identity controls to parse through massive amounts of data and provide alerts when suspicious, potentially criminal activity is detected. The earlier IT professionals discover anomalous behavior, the better the chances they will be able to prevent data loss and fraud.

Give Your Security System a Flu Shot

Security analytics are only as good as the intelligence that feeds them. While critical data companies can learn a lot from their own net flow and log file data, that isn’t enough to prevent infection in the cloud- and mobile-dependent world. That’s why, just like the human body needs a flu shot to introduce new “intelligence” about evolving virus strains, a security system needs new intelligence to defend itself from the latest threats.

The IT security community needs to find ways to work together and share information that will help all organizations become more immune to cybercrime. For example, the IBM X-Force Exchange has 14,000 members that contribute to an open, 700-TB database of threat intelligence. Members can use this information to help inoculate their own systems against evolving viruses and other malware.

Coupling external threat intelligence with a system of connected security tools and services, companies can move toward the model of a cybersecurity immune system and inoculate themselves against new attacks by ingesting and using the latest threat intelligence.

Download the security immune system brochure

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…