Speaking at the Cambridge Cyber Summit hosted by CNBC and the Aspen Institute in Cambridge, Massachusetts, last week, Marc van Zadelhoff, IBM Security’s general manager, provided the audience with the three pieces of advice he’d like to share with a company’s business leaders six months before it suffers a data breach.
“The truth is, while we love to talk about the advanced nature of the attacks, the actual defense side is still lacking in basic hygiene,” said van Zadelhoff.
In this letter, van Zadelhoff said he would tell the CEO to focus on security basics, leverage artificial intelligence (AI) for the basics and beyond, and prepare for the response as much as you would to prevent it.
Never Give 95 Percent When You Can Give 100 Percent
Van Zadelhoff described how organizations and the security industry love to talk about the advanced nature of cyberattacks. However, he’s seen many examples where organizations could have helped prevent a major cyberattack by following the basics 100 percent. For example, one company had 95 percent of software vulnerabilities patched, but the unpatched 5 percent led to a breach and significant system outages.
“Security hygiene needs to go in the direction of other programs that we have in the private sector. Think, for example, safety. If you’re running an oil rig, you don’t say we were 95 percent safe this month,” said van Zadelhoff.
Leverage Artificial Intelligence for the Basics and Beyond
He also noted that security basics are becoming much more difficult to manage because organizations are faced with an overwhelming amount of security data coupled with a significant skills shortage. With 60,000 cybersecurity blogs published every month, no security analyst can physically read and ingest all of that information, which is where machine learning and AI can help.
Van Zadelhoff shared the example of his team responding to a breach and applying user behavior analytics (UBA) to an organization’s basic logs, along with three different types of machine learning, bringing in active directory and HR information. After doing this, van Zadelhoff said his team was able to determine which identities had been taken over by the attackers, quarantine the endpoints and deprovision the identities to make sure the fraudsters were removed from the system quickly.
“This is a huge opportunity where AI does something that wasn’t possible a year or two ago,” said van Zadelhoff.
Prepare Your Response to a Data Breach
The final thing van Zadelhoff shared was the importance of understanding what it’s like to experience a cyberattack and how to deal with it before it happens.
This includes the entire timeline of a cyberattack, both before and after what IBM calls the “boom” event, or when the attack is made public. Many companies want to focus on what happened before the boom event, or left of boom, which is all about detecting a breach. But companies don’t often think about right of boom and what will happen after the attack. To get a handle on this area, security professionals should ask the following questions:
- What is going to happen next?
- Who do you call, and how can you get in touch with them when systems are down?
- What would you say to the media to explain what happened?
“A lot of times the response to the breach can be more damaging than the breach itself,” van Zadelhoff said in his closing statement. “A focus on practicing response can help organizations get through a breach and make a game-changing difference.”
Click here to watch the video of Marc van Zadelhoff’s complete talk at the Cambridge Cyber Summit.