October 11, 2017 By Kelly Kane 3 min read

Speaking at the Cambridge Cyber Summit hosted by CNBC and the Aspen Institute in Cambridge, Massachusetts, last week, Marc van Zadelhoff, IBM Security’s general manager, provided the audience with the three pieces of advice he’d like to share with a company’s business leaders six months before it suffers a data breach.

“The truth is, while we love to talk about the advanced nature of the attacks, the actual defense side is still lacking in basic hygiene,” said van Zadelhoff.

In this letter, van Zadelhoff said he would tell the CEO to focus on security basics, leverage artificial intelligence (AI) for the basics and beyond, and prepare for the response as much as you would to prevent it.

Watch Marc van Zadelhoff’s speech at the Cambridge Cyber Security Summit

Never Give 95 Percent When You Can Give 100 Percent

Van Zadelhoff described how organizations and the security industry love to talk about the advanced nature of cyberattacks. However, he’s seen many examples where organizations could have helped prevent a major cyberattack by following the basics 100 percent. For example, one company had 95 percent of software vulnerabilities patched, but the unpatched 5 percent led to a breach and significant system outages.

“Security hygiene needs to go in the direction of other programs that we have in the private sector. Think, for example, safety. If you’re running an oil rig, you don’t say we were 95 percent safe this month,” said van Zadelhoff.

Leverage Artificial Intelligence for the Basics and Beyond

He also noted that security basics are becoming much more difficult to manage because organizations are faced with an overwhelming amount of security data coupled with a significant skills shortage. With 60,000 cybersecurity blogs published every month, no security analyst can physically read and ingest all of that information, which is where machine learning and AI can help.

Van Zadelhoff shared the example of his team responding to a breach and applying user behavior analytics (UBA) to an organization’s basic logs, along with three different types of machine learning, bringing in active directory and HR information. After doing this, van Zadelhoff said his team was able to determine which identities had been taken over by the attackers, quarantine the endpoints and deprovision the identities to make sure the fraudsters were removed from the system quickly.

“This is a huge opportunity where AI does something that wasn’t possible a year or two ago,” said van Zadelhoff.

Prepare Your Response to a Data Breach

The final thing van Zadelhoff shared was the importance of understanding what it’s like to experience a cyberattack and how to deal with it before it happens.

This includes the entire timeline of a cyberattack, both before and after what IBM calls the “boom” event, or when the attack is made public. Many companies want to focus on what happened before the boom event, or left of boom, which is all about detecting a breach. But companies don’t often think about right of boom and what will happen after the attack. To get a handle on this area, security professionals should ask the following questions:

  • What is going to happen next?
  • Who do you call, and how can you get in touch with them when systems are down?
  • What would you say to the media to explain what happened?

“A lot of times the response to the breach can be more damaging than the breach itself,” van Zadelhoff said in his closing statement. “A focus on practicing response can help organizations get through a breach and make a game-changing difference.”

Click here to watch the video of Marc van Zadelhoff’s complete talk at the Cambridge Cyber Summit.

More from

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today