Speaking at the Cambridge Cyber Summit hosted by CNBC and the Aspen Institute in Cambridge, Massachusetts, last week, Marc van Zadelhoff, IBM Security’s general manager, provided the audience with the three pieces of advice he’d like to share with a company’s business leaders six months before it suffers a data breach.

“The truth is, while we love to talk about the advanced nature of the attacks, the actual defense side is still lacking in basic hygiene,” said van Zadelhoff.

In this letter, van Zadelhoff said he would tell the CEO to focus on security basics, leverage artificial intelligence (AI) for the basics and beyond, and prepare for the response as much as you would to prevent it.

Watch Marc van Zadelhoff’s speech at the Cambridge Cyber Security Summit

Never Give 95 Percent When You Can Give 100 Percent

Van Zadelhoff described how organizations and the security industry love to talk about the advanced nature of cyberattacks. However, he’s seen many examples where organizations could have helped prevent a major cyberattack by following the basics 100 percent. For example, one company had 95 percent of software vulnerabilities patched, but the unpatched 5 percent led to a breach and significant system outages.

“Security hygiene needs to go in the direction of other programs that we have in the private sector. Think, for example, safety. If you’re running an oil rig, you don’t say we were 95 percent safe this month,” said van Zadelhoff.

Leverage Artificial Intelligence for the Basics and Beyond

He also noted that security basics are becoming much more difficult to manage because organizations are faced with an overwhelming amount of security data coupled with a significant skills shortage. With 60,000 cybersecurity blogs published every month, no security analyst can physically read and ingest all of that information, which is where machine learning and AI can help.

Van Zadelhoff shared the example of his team responding to a breach and applying user behavior analytics (UBA) to an organization’s basic logs, along with three different types of machine learning, bringing in active directory and HR information. After doing this, van Zadelhoff said his team was able to determine which identities had been taken over by the attackers, quarantine the endpoints and deprovision the identities to make sure the fraudsters were removed from the system quickly.

“This is a huge opportunity where AI does something that wasn’t possible a year or two ago,” said van Zadelhoff.

Prepare Your Response to a Data Breach

The final thing van Zadelhoff shared was the importance of understanding what it’s like to experience a cyberattack and how to deal with it before it happens.

This includes the entire timeline of a cyberattack, both before and after what IBM calls the “boom” event, or when the attack is made public. Many companies want to focus on what happened before the boom event, or left of boom, which is all about detecting a breach. But companies don’t often think about right of boom and what will happen after the attack. To get a handle on this area, security professionals should ask the following questions:

  • What is going to happen next?
  • Who do you call, and how can you get in touch with them when systems are down?
  • What would you say to the media to explain what happened?

“A lot of times the response to the breach can be more damaging than the breach itself,” van Zadelhoff said in his closing statement. “A focus on practicing response can help organizations get through a breach and make a game-changing difference.”

Click here to watch the video of Marc van Zadelhoff’s complete talk at the Cambridge Cyber Summit.

More from

Hackers are Increasingly Targeting Auto Dealers

Auto dealerships are increasingly concerned with cybersecurity in the face of new regulations and an alarming rise in cyberattacks. The Second Annual Global State of Cybersecurity Report by CDK Global found that 85% of dealerships say cybersecurity is very or extremely important relative to other operational areas. Additionally, 89% say cybersecurity is more important than last year, a 12% increase. Not surprisingly, only 37% of auto retailers are confident in the current protection, which is a 21% decrease from 2021.…

Container Drift: Where Age isn’t Just a Number

Container orchestration frameworks like Kubernetes have brought about untold technological advances over the past decade. However, they have also enabled new attack vectors for bad actors to leverage. Before safely deploying an application, you must answer the following questions: How long should a container live? Does the container need to write any files during runtime? Determining the container’s lifetime and the context in which it runs is critical, especially when hosting an internet-facing service. What is Container Drift? When deploying…

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

OneNote, Many Problems? The New Phishing Framework

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing framework has seen success in fooling multiple antivirus (AV) tools by using .one file extensions, and January 2023 saw an attack uptick as compromises continued. While this novel notes approach will eventually be phased out as phishing defenses catch up,…