Light Dark
July 31, 2018 By Christopher Hockings 3 min read
Artificial Intelligence
CISO
Incident Response

What’s it like to spend time with two renowned leaders in the cybersecurity field? Enlightening, to say the very least.

I recently sat down to speak with Sridhar Muppidi, chief technology officer (CTO) of cloud security and identity and access management (IAM) at IBM Security, and Shamla Naidoo, global chief information security officer (CISO) at IBM. During our conversation, Muppidi and Naidoo covered topics ranging from the research and development behind Watson and the roles of artificial intelligence (AI) and blockchain in cybersecurity to advice for responding to emerging threats.

IBM Security CTO Talks AI, Orchestration and More

In addition to his role at IBM Security, Muppidi is one of 101 active IBM Fellows. He’s an executive sponsor of the IBM Australia Development Lab on the Gold Coast and encourages an open client engagement approach. As I observed him hosting a number of clients, we discussed a wide variety of cybersecurity innovations.

IBM is currently focused on bringing AI into the world in a safe manner. AI can help security teams boost their threat detection and response capabilities, minimize identity fraud, thwart insider threats and reduce false positives in application testing — to name just a few examples.

However, since adversaries have access to the same AI tools as defenders, IBM Research developed an Adversarial Robustness Toolbox to help secure AI systems from threat actors.

IBM is also developing several orchestration playbooks to ensure that the right analysts are using the right tools to perform the right tasks in the event of any security incident. Clients can experience a simulated cyberattack and practice their incident response playbooks at the IBM X-Force Command Center. These simulations help organizations understand the importance of a strong security culture, a robust response playbook and competent leadership in the face of a crisis.

Muppidi stressed that security is a team sport. For this reason, IBM created an ecosystem of vendors who work together through open interfaces and share intelligence and analytics to foster collaboration and defend against increasingly sophisticated threats.

Finally, Muppidi talked about the emergence of decentralized identity, which gives control of identity information back to users while mitigating the burden of data ownership for organizations. This is based on blockchain’s distributed ledger technology and cryptography. IBM is focused on developing open standards and enabling clients to create or participate in identity networks to solve business problems.

IBM CISO Says Size Doesn’t Matter When It Comes to Security

Naidoo is responsible for securing the entire corporation from emerging threats as the global CISO at IBM. She has the power of IBM Security technologies at her fingertips and uses them extensively in her role. I joined her for two board round tables and several client meetings in Melbourne and Sydney, Australia.

These peer-level conversations exposed the following:

  • The importance of scale: Cybersecurity challenges, approaches, investments and execution are the same for all companies — both large and small. The only difference is scale. As scale increases, it’s essential to invest in the right security technologies to account for the expanded threat surface that comes with this growth.
  • Consider organizational structure: It’s also important to consider your organizational structure. While security leaders should supply all executives and line-of-business leaders with best-in-breed technologies to protect data, they should also empower them to manage their own security and compliance whenever possible through training and awareness initiatives.

These insights reflect the diversity of thinking the cybersecurity community needs to combat the rising volume of threats and protect clients from increasingly sophisticated attackers.

A Critical Advantage in the Fight for Security

Organizations that aim to deliver cybersecurity services to their own customers should be prepared to be “customer zero” with these services. This helps to ensure that the quality of offerings stands up to market scrutiny and that clients experience the best possible outcome.

By delivering the same quality of products they use to protect their own networks, industry leaders like Muppidi and Naidoo can give their clients a critical advantage in the endless battle to protect corporate and customer information from data thieves.

Read the stories in the ‘Secure Start’ blog series — and learn from others’ mistakes

 |  |  |  |  |  |  |  |  |  | 
Christopher Hockings
IBM Master Inventor

More from Artificial Intelligence
December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 12, 2024

Security roundup: Top AI stories in 2024

3 min read - 2024 has been a banner year for artificial intelligence (AI). As enterprises ramp up adoption, however, malicious actors have been exploring new ways to compromise systems with intelligent attacks.With the AI landscape rapidly evolving, it's worth looking back before moving forward. Here are our top five AI security stories for 2024.Can you hear me now? Hackers hijack audio with AIAttackers can fake entire conversations using large language models (LLMs), voice cloning and speech-to-text software. This method is relatively easy to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature