October 11, 2017 By Kelly Kane 3 min read

Speaking at the Cambridge Cyber Summit hosted by CNBC and the Aspen Institute in Cambridge, Massachusetts, last week, Marc van Zadelhoff, IBM Security’s general manager, provided the audience with the three pieces of advice he’d like to share with a company’s business leaders six months before it suffers a data breach.

“The truth is, while we love to talk about the advanced nature of the attacks, the actual defense side is still lacking in basic hygiene,” said van Zadelhoff.

In this letter, van Zadelhoff said he would tell the CEO to focus on security basics, leverage artificial intelligence (AI) for the basics and beyond, and prepare for the response as much as you would to prevent it.

Watch Marc van Zadelhoff’s speech at the Cambridge Cyber Security Summit

Never Give 95 Percent When You Can Give 100 Percent

Van Zadelhoff described how organizations and the security industry love to talk about the advanced nature of cyberattacks. However, he’s seen many examples where organizations could have helped prevent a major cyberattack by following the basics 100 percent. For example, one company had 95 percent of software vulnerabilities patched, but the unpatched 5 percent led to a breach and significant system outages.

“Security hygiene needs to go in the direction of other programs that we have in the private sector. Think, for example, safety. If you’re running an oil rig, you don’t say we were 95 percent safe this month,” said van Zadelhoff.

Leverage Artificial Intelligence for the Basics and Beyond

He also noted that security basics are becoming much more difficult to manage because organizations are faced with an overwhelming amount of security data coupled with a significant skills shortage. With 60,000 cybersecurity blogs published every month, no security analyst can physically read and ingest all of that information, which is where machine learning and AI can help.

Van Zadelhoff shared the example of his team responding to a breach and applying user behavior analytics (UBA) to an organization’s basic logs, along with three different types of machine learning, bringing in active directory and HR information. After doing this, van Zadelhoff said his team was able to determine which identities had been taken over by the attackers, quarantine the endpoints and deprovision the identities to make sure the fraudsters were removed from the system quickly.

“This is a huge opportunity where AI does something that wasn’t possible a year or two ago,” said van Zadelhoff.

Prepare Your Response to a Data Breach

The final thing van Zadelhoff shared was the importance of understanding what it’s like to experience a cyberattack and how to deal with it before it happens.

This includes the entire timeline of a cyberattack, both before and after what IBM calls the “boom” event, or when the attack is made public. Many companies want to focus on what happened before the boom event, or left of boom, which is all about detecting a breach. But companies don’t often think about right of boom and what will happen after the attack. To get a handle on this area, security professionals should ask the following questions:

  • What is going to happen next?
  • Who do you call, and how can you get in touch with them when systems are down?
  • What would you say to the media to explain what happened?

“A lot of times the response to the breach can be more damaging than the breach itself,” van Zadelhoff said in his closing statement. “A focus on practicing response can help organizations get through a breach and make a game-changing difference.”

Click here to watch the video of Marc van Zadelhoff’s complete talk at the Cambridge Cyber Summit.

More from

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

What is the Open-Source Software Security Initiative (OS3I)?

3 min read - The Open-Source Software Security Initiative (OS3I) recently released Securing the Open-Source Software Ecosystem report, which details the members’ current priorities and recommended cybersecurity solutions. The accompanying fact sheet also provides the highlights of the report. The OS3I includes both federal departments and agencies working together to deliver policy solutions to secure and defend the ecosystem. The new initiative is part of the overall National Cybersecurity Strategy. After the Log4Shell vulnerability in 2021, the Biden-Harris administration committed to improving the security…

Widespread exploitation of recently disclosed Ivanti vulnerabilities

6 min read - IBM X-Force has assisted several organizations in responding to successful compromises involving the Ivanti appliance vulnerabilities disclosed in January 2024. Analysis of these incidents has identified several Ivanti file modifications that align with current public reporting. Additionally, IBM researchers have observed specific attack techniques involving the theft of authentication token data not readily noted in current public sources. The blog details the results of this research to assist organizations in protecting against these threats. Key Findings: IBM research teams have…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today