When I became vice president and general manager for IBM Security North America, the staff gave me an eye-opening look at the malicious hackers who are infiltrating everything from enterprises to government agencies to political parties. The number of new cybersecurity threats is distressing, doubling from four to eight new malware samples per second between the third and fourth quarters of 2017, according to McAfee Labs.

Yet that inside view only increased my desire to help security professionals fulfill their mission of securing organizations against cyberattacks through client and industry partnerships, advanced technologies such as artificial intelligence (AI), and incident response (IR) training on the cyber range.

Cybersecurity Is Shifting From Prevention to Remediation

Today, the volume of threats is so overwhelming that getting ahead is often unrealistic. It’s not a matter of if you’ll have a breach, it’s a matter of when — and how quickly you can detect and resolve it to minimize damage. With chief information security officers (CISOs) facing a shortage of individuals with the necessary skills to design environments and fend off threats, the focus has shifted from prevention to remediation.

To identify the areas of highest risk, just follow the money to financial institutions, retailers and government entities. Developed countries also face greater risks. The U.S. may have advanced cybersecurity technology, for example, but we also have assets that translate into greater payoffs for attackers.

Remediation comes down to visibility into your environment that allows you to notice not only external threats, but internal ones as well. In fact, internal threats create arguably the greatest vulnerabilities. Users on the inside know where the networks, databases and critical information are, and often have access to areas that are seldom monitored.

Bring the Power of Partnerships to Bear

Once you identify a breach, you’ll typically have minutes or even seconds to quarantine it and remediate the damage. You need to be able to leverage the data available and make immediate decisions. Yet frequently, the tools that security professionals use aren’t appropriately implemented, managed, monitored or tuned. In fact, 44 percent of organizations lack an overall information security strategy, according to PwC’s “The Global State of Information Security Survey 2018.”

Organizations are beginning to recognize that they cannot manage cybersecurity threats alone. You need a partner that can aggregate data from multiple clients and make that information accessible to everyone, from customers to competitors, to help prevent breaches. It’s like the railroad industry: Union Pacific, BNSF and CSX may battle for business, but they all have a vested interest in keeping the tracks safe, no matter who is using them.

Harden the Expanding Attack Surface

Along with trying to counteract increasingly sophisticated threats, enterprises must also learn how to manage the data coming from a burgeoning number of Internet of Things (IoT) devices. This data improves our lives, but the devices give attackers even more access points into the corporate environment. That’s where technology that manages a full spectrum of challenges comes into play. IBM provides an immune system for security from threat intelligence to endpoint management, with a host of solutions that harden your organization.

Even with advanced tools, analysts don’t always have enough hours in the day to keep the enterprise secure. One solution is incorporating automation and AI into the security operations center (SOC). We layer IBM Watson on top of our cybersecurity solutions to analyze data and make recommendations. And as beneficial as AI might be on day one, it delivers even more value as it learns from your data. With increasing threats and fewer resources, any automation you can implement in your cybersecurity environment helps get the work done faster and smarter.

Make Incident Response Like Muscle Memory

I mentioned malicious insider threats, but users who don’t know their behavior creates vulnerabilities are equally dangerous — even if they have no ill intent. At IBM, for example, we no longer allow the use of thumb drives since they’re an easy way to compromise an organization. We also train users from myriad organizations on how to react to threats, such as phishing scams or bogus links, so that their automatic reaction is the right reaction.

This is even more critical for incident response. We practice with clients just like you’d practice a golf swing. By developing that muscle memory, it becomes second nature to respond in the appropriate way. If you’ve had a breach in which the personally identifiable information (PII) of 100,000 customers is at risk — and the attackers are demanding payment — what do you say? What do you do? Just like fire drills, you must practice your IR plan.

Additionally, security teams need training to build discipline and processes, react appropriately and avoid making mistakes that could cost the organization millions of dollars. Response is not just a cybersecurity task, but a companywide communications effort. Everyone needs to train regularly to know how to respond.

Check out the IBM X-Force Command Cyber Tactical Operations Center (C-TOC)

Fighting Cybersecurity Threats Alongside You

IBM considers cybersecurity a strategic imperative and, as such, has invested extensive money and time in developing a best-of-breed security portfolio. I’m grateful for the opportunity to put it to work to make the cyber world a safer place. As the leader of the North American security unit, I’m committed to helping you secure your environments and achieve better business outcomes.

More from Incident Response

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

PR vs cybersecurity teams: Handling disagreements in a crisis

4 min read - Check out our first two articles in this series, Cybersecurity crisis communication: What to do and Crisis communication: What NOT to do. When a cyber incident happens inside an organization, everyone in the company has a stake in how to approach remediation. The problem is that not everyone agrees on how to handle the public response to cyber crisis communication. Typically, in any organization, the public relations team handles the relationship between the company and the media, who then decide…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today