In the natural world, new viral threats arise and existing viruses evolve to defeat our defenses. Just look at the flu — during the 2015 to 2016 flu season, people around the globe were fighting strains out of Switzerland and Phuket. This year, everyone’s worried about new flu varieties from California, Hong Kong and Brisbane. That’s why we get annual flu shots, to get immunity from the season’s new viruses.

It’s equally important to inoculate your organization against cybercrime. As my former Burton Group colleague Fred Cohen demonstrated back when he was in graduate school, computer viruses have a lot in common with viruses in the natural world. Both human and cyber viruses hide and evolve to get past perimeter defenses and attack from within.

Inoculate Your Organization and Strengthen Your Immune System

As humans, we are pretty well-equipped to fight off viruses. We have an immune system that is adept at coordinating a network of powerful resources to fight viral invasions. We help our immune system by supporting it in different ways. For example, I find that if I get at least eight hours of sleep a night, work out regularly, eat lots of green vegetables and consume plenty of vitamin C, I’m much less likely to get sick. We also have annual flu shots to protect against new virus strains, but what about protecting against new or evolved computer malware?

Unfortunately, the security programs in many organizations are nowhere near as coordinated as our human immune system. Although companies invest in support for their security programs, a lack of resources and the cybersecurity skills gap can make it very hard to ensure that the corporate security system is getting a full eight hours of sleep and extra vitamins.

Download the security immune system brochure

Instead, the reality in many organizations is a set of disconnected security point solutions and perimeter products, typically provided by a host of vendors. Individual components don’t communicate with each other to fight cybercrime. The piecemeal nature of these systems makes them hard to monitor, and the expertise needed to manage them isn’t always available in-house. Faced with increasingly persistent and sophisticated cybercrime, organizations need security programs that act more like the human immune system.

Evolving Security Threats

Applying the idea of an immune system to cybersecurity can help organizations more effectively combat increasingly complex cyberthreats. Malware evolves as criminals create new viruses and as technologies such as cloud, mobile devices, social media and the Internet of Things (IoT) provide new attack vectors.

Ransomware is one example. CryptoLocker, which emerged in 2013, was quickly joined by CryptoWall, then ZeroLocker, CryptoWall 3.0, CTB-Locker and Locky, all pieces of malware that encrypt data, but with different signatures and profiles.

Similarly, the Shifu Trojan, which attacked Japanese banks in 2015, demonstrated this evolution through its “masterful” reconfiguration of leaked source codes. Just as some viruses mutate, Shifu was an amalgamation and mutation of previous malware including Shiz, Gozi, Zeus and Dridex. Much like a human virus, the Shifu malware used the parts of previous malcode that helped to successfully infect systems while shedding the features and functions that resulted in detection. After infecting Japanese banks, Shifu switched targets and focused on banks in the U.K.

The Role of Security Intelligence and Analytics

To inoculate your organization from cybercrime, your security systems must work more like the human immune system. That means devices, sensors and systems communicate, interact and work together to monitor activity and detect invaders, prevent infection and respond with appropriate measures. Of course, this integrated system needs a “brain” to help manage and coordinate it.

Security intelligence analytics sit at the core of a security immune system. These analytics work with network monitoring capabilities, network protection capabilities and identity controls to parse through massive amounts of data and provide alerts when suspicious, potentially criminal activity is detected. The earlier IT professionals discover anomalous behavior, the better the chances they will be able to prevent data loss and fraud.

Give Your Security System a Flu Shot

Security analytics are only as good as the intelligence that feeds them. While critical data companies can learn a lot from their own net flow and log file data, that isn’t enough to prevent infection in the cloud- and mobile-dependent world. That’s why, just like the human body needs a flu shot to introduce new “intelligence” about evolving virus strains, a security system needs new intelligence to defend itself from the latest threats.

The IT security community needs to find ways to work together and share information that will help all organizations become more immune to cybercrime. For example, the IBM X-Force Exchange has 14,000 members that contribute to an open, 700-TB database of threat intelligence. Members can use this information to help inoculate their own systems against evolving viruses and other malware.

Coupling external threat intelligence with a system of connected security tools and services, companies can move toward the model of a cybersecurity immune system and inoculate themselves against new attacks by ingesting and using the latest threat intelligence.

Download the security immune system brochure

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today