September 25, 2017 By Mark Samuels 3 min read

IT decision-makers must develop a strong cybersecurity strategy that uses analytics and innovation to create an integrated approach to data protection.

That was the key message from a keynote speech by Marc Van Zadelhoff, general manager at IBM Security, who spoke at the recent Privacy & Security 2017 event organized by Forrester Research in Washington, D.C. Van Zadelhoff said that too many firms still fail to get the basics right when it comes to data protection.

Security leaders must move beyond the traditional perimeter-based approach to cybersecurity. As a first stage, they should place analytics at the heart of their cybersecurity strategy. As a further stage of evolution, IT managers should use cloud, collaboration and cognitive capabilities to boost data protection.

https://www.youtube.com/watch?v=NMQpd1nK2nE&feature=youtu.be

Why Is It Still Hard for Companies to Get the Basics Right?

Van Zadelhoff, who runs IBM’s 8,000-strong security business, suggested three key reasons why firms struggle with information security. He pointed, first, to data overload in the security community, stating that it still takes 201 days on average to find and isolate a security breach.

Second, Van Zadelhoff referred to the skills gap, referencing an (ISC)2 study that suggested there will be 1.5 million IT security vacancies globally by 2020. Finally, he mentioned the complexity of tooling — while the industry tends to focus on advanced technology, basic security elements are still ignored. He said the average customer uses 85 security tools from 45 vendors.

Van Zadelhoff added that, as a security specialist with 20 years of experience, he still sees common mistakes across patch management and application security. He pointed to regular news stories about vulnerabilities in applications. “Finding key data, and protecting that data, should be basic stuff,” he said.

Taking an Informed Approach to Data Protection

Van Zadelhoff proposed an alternative security model based around an immune system of capabilities. Rather than attempting to create a defendable perimeter, IT decision-makers should place analytics at the core of an integrated approach to data protection.

This analytical insight can then be used to inform key areas of data protection, such as mobile devices, applications and identifiers. “When this immune system is done well, it can provide a boost in terms of both security and privacy,” said Van Zadelhoff.

Deep analytics can also help identify user concerns, both in terms of the behavior of internal employees and external customers. “When you know how your users are behaving, you can start to act and put data access privileges in place,” he said.

Evolve Security Programs for the Future

According to Van Zadelhoff, the good news is that increasing numbers of businesses are moving to an immune-system approach to security. He hoped that more firms will begin to advance security to a third strategic stage, where security leaders use a combination of cloud, collaboration and cognitive capabilities to create even higher levels of data protection.

Van Zadelhoff said that companies can use cloud to deploy new security elements quickly as-a-service, potentially creating 30 percent cost savings when compared to traditional on-premises approaches. Stronger collaboration, meanwhile, can allow organizations and vendors to share best practice knowledge on incident management.

When it comes to cognitive capabilities, Van Zadelhoff referred to the artificial intelligence-based system known as Watson for Cyber Security, which draws on the detailed analysis of 2 million security documents. Clients can use this system to find potential explanations for incidents 60 times faster than through complex manual analysis.

Some organizations have already benefited from Watson for Cyber Security. IBM analysts working on-site at Wimbledon used the technology to analyze potential threats quickly, and security firm Sogeti has used the system to boost a security operations center at an insurance company.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today