March 18, 2018 By Eric Cole 3 min read

People often ask me what the most critical item for success is. My answer is “thinking” time.

Everyone is so busy these days that we often take random action without really considering the consequences or the solution. There is probably no better illustration of this than the current state of cybersecurity. Why is it that companies spend millions of dollars on security and have a large team focusing on security, but still suffer a breach? The reason is that people have so much to do and so much to focus on that they do not have time to think.

After a breach, when we hear that a system was visible from the internet, with a known vulnerability, and contained critical information, we often say, “What were they thinking?” The reality is, if we took more time to think about security and question why we are doing what we are doing, our companies and the world would be a safer place.

Or, to put it another way, there’s a reason one of the best-selling business books of all time is titled, “Think and Grow Rich,” not “Do Random Stuff and Be Really Busy and Grow Rich.”

Taking Time to Stop and Think

And guess what? Thanks to IBM, I am incredibly excited to spend the next several days meeting with brilliant minds and “thinking” about the best way to secure an enterprise at Think 2018.

Having worked in cybersecurity for 30 years as a technical director at the CIA, Chief Scientist for Lockheed Martin, CTO of McAfee and Commissioner on Cyber Security for President Obama, I am amazed to see how some things have changed a lot and other things are still the same. For example, there are always new technological developments. But the fundamental problem is the same, which is that cybersecurity comes down to protecting and securing your most critical information. IBM recognizes the importance of data security and has several sessions at Think highlighting ways to protect critical information. Two that caught my attention are:

Another important topic is how to address security with the executives. Cybersecurity is no longer something done by geeks; it is becoming a boardroom discussion. IBM knows this and on Monday has a talk directly addressing this issue:

Closely tied to this is being able to measure and gain visibility into security via security metrics and dashboards. Integrating both metrics and security as a boardroom topic is covered in a Tuesday think tank session:

The security and technology aspects of the Think agenda have me super excited. On a different note, another area that excites me are the Think Wellness sessions. You cannot operate at an optimal state if your body is not in an optimal state.

The final thing I am most looking forward to is the Disruption Dome on the Security and Resiliency Campus. This is the place to experience firsthand those critical turning points for organizations dealing with key issues from the perspective of business leaders like CISOs, CIOs, CEOs, risk and compliance officers, SOC directors and IT directors.

The Disruption Dome is the perfect place to think about your security road map, and to learn how your company can prepare its security and IT operations for “boom moments” from compliance audits to data breaches. Find out what it takes to prepare your security program when you decide it’s time to move to the cloud, or how to build in security from the start of a digital transformation. Learn what it takes to be ready before the boom happens, and how to respond afterward.

I look forward to seeing you this week at IBM Think. Please stop by say hi and let me know if I can help you with any of your questions on security.

If you are not able to attend in person, you can still get in on the action by following the event through your social channels and IBM’s social channels: @IBMSecurity, @IBM, IBM Security Facebook , IBM Security LinkedIn and keep an eye on the conversation with the #Think2018 hashtag.

Watch now! See what’s happening on the Security & Resiliency Campus at IBM Think

More from Intelligence & Analytics

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today