IT decision-makers must develop a strong cybersecurity strategy that uses analytics and innovation to create an integrated approach to data protection.

That was the key message from a keynote speech by Marc Van Zadelhoff, general manager at IBM Security, who spoke at the recent Privacy & Security 2017 event organized by Forrester Research in Washington, D.C. Van Zadelhoff said that too many firms still fail to get the basics right when it comes to data protection.

Security leaders must move beyond the traditional perimeter-based approach to cybersecurity. As a first stage, they should place analytics at the heart of their cybersecurity strategy. As a further stage of evolution, IT managers should use cloud, collaboration and cognitive capabilities to boost data protection.

Why Is It Still Hard for Companies to Get the Basics Right?

Van Zadelhoff, who runs IBM’s 8,000-strong security business, suggested three key reasons why firms struggle with information security. He pointed, first, to data overload in the security community, stating that it still takes 201 days on average to find and isolate a security breach.

Second, Van Zadelhoff referred to the skills gap, referencing an (ISC)2 study that suggested there will be 1.5 million IT security vacancies globally by 2020. Finally, he mentioned the complexity of tooling — while the industry tends to focus on advanced technology, basic security elements are still ignored. He said the average customer uses 85 security tools from 45 vendors.

Van Zadelhoff added that, as a security specialist with 20 years of experience, he still sees common mistakes across patch management and application security. He pointed to regular news stories about vulnerabilities in applications. “Finding key data, and protecting that data, should be basic stuff,” he said.

Taking an Informed Approach to Data Protection

Van Zadelhoff proposed an alternative security model based around an immune system of capabilities. Rather than attempting to create a defendable perimeter, IT decision-makers should place analytics at the core of an integrated approach to data protection.

This analytical insight can then be used to inform key areas of data protection, such as mobile devices, applications and identifiers. “When this immune system is done well, it can provide a boost in terms of both security and privacy,” said Van Zadelhoff.

Deep analytics can also help identify user concerns, both in terms of the behavior of internal employees and external customers. “When you know how your users are behaving, you can start to act and put data access privileges in place,” he said.

Evolve Security Programs for the Future

According to Van Zadelhoff, the good news is that increasing numbers of businesses are moving to an immune-system approach to security. He hoped that more firms will begin to advance security to a third strategic stage, where security leaders use a combination of cloud, collaboration and cognitive capabilities to create even higher levels of data protection.

Van Zadelhoff said that companies can use cloud to deploy new security elements quickly as-a-service, potentially creating 30 percent cost savings when compared to traditional on-premises approaches. Stronger collaboration, meanwhile, can allow organizations and vendors to share best practice knowledge on incident management.

When it comes to cognitive capabilities, Van Zadelhoff referred to the artificial intelligence-based system known as Watson for Cyber Security, which draws on the detailed analysis of 2 million security documents. Clients can use this system to find potential explanations for incidents 60 times faster than through complex manual analysis.

Some organizations have already benefited from Watson for Cyber Security. IBM analysts working on-site at Wimbledon used the technology to analyze potential threats quickly, and security firm Sogeti has used the system to boost a security operations center at an insurance company.

More from

Did Brazil DSL Modem Attacks Change Device Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims' computers.According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil's Computer Emergency Response Team, the attack ultimately infected…

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

Securing Your SAP Environments: Going Beyond Access Control

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating privileges for remote code execution all highlight the new and varied entry points threat actors have taken advantage of. Attackers with the appropriate skills could be able to exploit…