In 1972, United California Bank was robbed of $30 million, considered the largest bank heist in history. Just this month, a series of cyberthefts at more than 100 banks in 30 countries resulted in the loss of $1 billion. The nature of crime has fundamentally changed, and the stakes are higher than ever with organizations, governments and individuals across the globe as targets.
Cybercrime itself has become sophisticated and organized, with cybercriminals turning profits of almost $450 billion annually, much of it from the comfort of their desks. This paradigm shift requires us to change the way we think about and fight cybercrime. Perimeter protection is simply not enough. Today’s threats demand technology steeped in intelligence, leadership and policy.
Last week, I had the opportunity to talk to almost 200 C-level executives at our first IBM Security Summit in New York City, focused on these three areas. I was joined by IBM’s CEO Ginni Rometty and several panelists to lay out a new way to tackle this enormous problem. The bad guys have become better and better at cybercrime for three main reasons: they collaborate, sharing technology and practices; they automate, making attack platforms quick and easy to use; and they organize, working together to inflict maximum damage.
Our defenses need to be updated to fight back. As Ginni Rometty, IBM CEO, outlined in her presentation, we need to think about security like a human immune system. Without a healthy one, you are susceptible to all kinds of disease. Without integrated security solutions that use analytics to find threats before they attack, your organization is compromised. Enterprises need to think about cybersecurity as an integral part of their infrastructure, rather than deploy new point product solutions to combat specific problems.
But an individual immune system is not enough. Cybercrime has become a pandemic, and no one company can battle it alone. The good guys need to collaborate and share data in order to make a dent in the scale and scope of cyberthreats. Organizations have been reluctant to share their data and expose their own vulnerabilities. Governments have been struggling with policy for data sharing that does not infringe on privacy.
IBM is taking the first steps to mobilize the private sector behind this cause, and we have opened up our extensive threat database to the public to spark global collaboration. Through IBM X-Force Exchange, we are giving organizations a safe, anonymous way to share intelligence and provide a unified view of emerging attacks and malicious activity. In just a month, more than 1,000 organizations in 16 industries have joined X-Force Exchange, showing an eagerness for this type of approach.
Our efforts will be further supported by public policy that is beginning to surface. The U.S. House of Representatives recently passed the Cyber Intelligence Sharing and Protection Act (CISPA), allowing cyberthreat information to be shared between federal cyber operations centers in real time. The U.S. Senate is expected to vote on the Act within the next few weeks. Andrew Tannenbaum, IBM’s Senior Counsel, Cybersecurity, testified about the value of this bill, articulating why it will protect the privacy of individuals rather than comprise it.
Cybercrime is a big problem that requires a big response from corporations, governments and even individuals. IBM is in a position to lead the way not only with technology and expertise, but with our differentiated approach to the problem and our focus on clients’ most important needs: optimizing their security program, stopping advanced threats, protecting their most critical assets and safeguarding cloud and mobile.
We all need to be a part of the solution. I encourage you to explore IBM X-Force Exchange, share your data and insights and advocate for a collective response.