It has been almost three months since I joined IBM with the mission of leading the X-Force Red team in Latin America and heading up some of our special initiatives.

For the past few years, I have worked closely with security professionals in Latin America to fight against targeted attacks in which cybercriminals do whatever it takes to gain and maintain access to a victim’s environment. This definitely gave me a different perspective about how to help organizations use proactive, advanced security services to boost their security programs.

The truth is that most of the challenges the Latin American market faces are no different from those of other regions. There is no single reason why a given organization might fall victim to a cyberattack. Obviously, certain verticals are targeted more frequently than others. Payment card information, for example, is among the most valuable data for cybercriminals to steal. Yet this problem is not exclusive to the financial, retail or hospitality verticals.

Believe in the Boogeyman

Security awareness in general has improved, although maybe not in the way security practitioners dream. Executives see news of high-profile data breaches and watch mainstream TV shows that demonstrate how easily attacks can be executed and, even worse, how fragile organizations can be.

At first, this might not seem like a big deal, but it has actually sustained the work and efforts that security departments in organizations all over the globe have been fighting for. Most importantly, executives are beginning to understand the need to invest in cybersecurity for reasons beyond regulatory compliance. Suddenly, staying out of the evening news is a very good return on investment (ROI).

No news is good news, then? Unfortunately, not necessarily. To protect against targeted attacks, security professionals must constantly ask themselves key questions: How long do attackers stay inside a given environment? To what extent should an organization negotiate with attackers to recover critical data? How effective can such a negotiation be?

Executives should trust the information security department when it comes to investing in technologies focused on defending against cyberthreats at the perimeter. Organizations are also starting to improve in other areas, such as visibility, data protection, security policy and user education and training.

But more work still has to be done. Business leaders must realize that a security incident will eventually occur. Someone inside the organization must believe in the boogeyman, understand the organization’s deficiencies and be ready to respond when attackers strike.

X-Force Red Delivers Unmatched Offensive Security

Two complementary facets of information security services can help organizations achieve the next level: offensive security testing and incident response. From a distance, these efforts might look similar, but the truth is that they are substantially different in how they are delivered and how they help organizations prepare for attacks.

X-Force Red helps organizations find and understand the security issues in their systems by providing offensive security tools that enable IT teams to hack nontechnical users, applications, networks, simple Internet of Things (IoT) devices, and complex hardware and systems integrations. Cybercriminals test your organization every day. The difference is you do not receive a report at the end of the test.

It is not uncommon to hear that penetration testing and ethical hacking are commodities, but it doesn’t take long to learn who the serious players in this market are. IBM has a reputation for innovation, thousands of patents and cutting-edge cognitive computing offerings. Furthermore, X-Force Red’s offensive team is unmatched in terms of talent, quality, ethics and global reach of offensive security services.

Learn more about IBM X-Force Red Services and Register for a Demo

More from X-Force

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - Summary As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today