The first rule of Security Club is don’t talk about security — or, more accurately, don’t get so overzealous about security that you stop delivering value to the business. We need to talk about business value, not security.
Many security professionals have fallen into this hole, and it’s easy to see how. Any security briefing will tell you that the capability, sophistication and volume of cyberattacks hitting the U.K. on a daily basis is growing, seemingly exponentially. You can see how people connect the dots and start thinking about super secure, dedicated data centers and 10-digit passwords that change every day.
But that is the wrong answer. Even if you follow all those best practices, you wouldn’t increase your security posture that much. It would be a total waste of time if the economy goes into free fall because no one can do any work.
Introducing the UK’s National Cyber Security Centre
That is why I am so pleased by the launch of the U.K. government’s National Cyber Security Centre (NCSC). This team really knows about IT security and has seen the ugly truth about how good the bad can be, yet it does not advocate impossible-to-implement standards. Here is an organization that uses the cloud extensively and promotes simpler password rules.
In short, the NCSC is rethinking the old tried-and-true security techniques that have been developed over the years and instead asking, “Why?” This is just the kind of fresh approach we need to make the U.K. one of the safest places to do business online in an affordable and realistic way.
The Potential of Cognitive Security
A security regime breaks down into three parts: prevent, detect and respond. Up until now, security teams have always focused on the prevention component — getting the basics right — and a certain amount of detection — knowing when the basics were not enough. But just knowing you have a problem is not enough. As an old friend of mine in the Royal Navy once said, “Knowing you have a missile coming in is a good start, but little comfort if you can’t do anything about it.”
Once we know we have a potentially successful cyberattack, we have to turn our attention to identifying what is happening to which parts of our system. Then we must move quickly and precisely to coordinate our response in a consistent and audited manner. This is where IBM sees the great power of cognitive computing, in which we leverage machine learning and reasoning engines to help human security teams quickly identify the attack, which elements of the systems are affected and what would be the best way to respond.
We can use automation and integration to enrich the information at every step of the process to support decision-makers and help them become informed and coordinated across the entire organization, not just IT. In this way, we can reduce weeks of intense work to hours or minutes.
Talk About Security at CYBERUK 2017
IBM Security is proud to sponsor CYBERUK 2017, the U.K. government’s biggest and most influential information assurance and cybersecurity event to date, to show support for this major initiative.
Visit our stand (H1) in the exhibition area to talk about security with IBM Security experts and try our virtual reality security operations center (SOC) experience. Through a VR headset, visitors will experience the process of detecting a threat using the latest technologies, including QRadar, Watson for Cyber Security and Resilient, our security orchestration, automation, and response (SOAR) platform, to locate and mitigate a threat at speed and scale.
For those wishing to gain a deeper understanding of these technologies in action, we will be running a Cognitive Security Operations Center Workshop on Tuesday, March 14, to show how machine learning and cognition, when integrated with an incident response platform, can help the U.K. government and critical national infrastructure industries.
Learn more and register to attend CyberUK 2017