It has been almost three months since I joined IBM with the mission of leading the X-Force Red team in Latin America and heading up some of our special initiatives.
For the past few years, I have worked closely with security professionals in Latin America to fight against targeted attacks in which cybercriminals do whatever it takes to gain and maintain access to a victim’s environment. This definitely gave me a different perspective about how to help organizations use proactive, advanced security services to boost their security programs.
The truth is that most of the challenges the Latin American market faces are no different from those of other regions. There is no single reason why a given organization might fall victim to a cyberattack. Obviously, certain verticals are targeted more frequently than others. Payment card information, for example, is among the most valuable data for cybercriminals to steal. Yet this problem is not exclusive to the financial, retail or hospitality verticals.
Believe in the Boogeyman
Security awareness in general has improved, although maybe not in the way security practitioners dream. Executives see news of high-profile data breaches and watch mainstream TV shows that demonstrate how easily attacks can be executed and, even worse, how fragile organizations can be.
At first, this might not seem like a big deal, but it has actually sustained the work and efforts that security departments in organizations all over the globe have been fighting for. Most importantly, executives are beginning to understand the need to invest in cybersecurity for reasons beyond regulatory compliance. Suddenly, staying out of the evening news is a very good return on investment (ROI).
No news is good news, then? Unfortunately, not necessarily. To protect against targeted attacks, security professionals must constantly ask themselves key questions: How long do attackers stay inside a given environment? To what extent should an organization negotiate with attackers to recover critical data? How effective can such a negotiation be?
Executives should trust the information security department when it comes to investing in technologies focused on defending against cyberthreats at the perimeter. Organizations are also starting to improve in other areas, such as visibility, data protection, security policy and user education and training.
But more work still has to be done. Business leaders must realize that a security incident will eventually occur. Someone inside the organization must believe in the boogeyman, understand the organization’s deficiencies and be ready to respond when attackers strike.
X-Force Red Delivers Unmatched Offensive Security
Two complementary facets of information security services can help organizations achieve the next level: offensive security testing and incident response. From a distance, these efforts might look similar, but the truth is that they are substantially different in how they are delivered and how they help organizations prepare for attacks.
X-Force Red helps organizations find and understand the security issues in their systems by providing offensive security tools that enable IT teams to hack nontechnical users, applications, networks, simple Internet of Things (IoT) devices, and complex hardware and systems integrations. Cybercriminals test your organization every day. The difference is you do not receive a report at the end of the test.
It is not uncommon to hear that penetration testing and ethical hacking are commodities, but it doesn’t take long to learn who the serious players in this market are. IBM has a reputation for innovation, thousands of patents and cutting-edge cognitive computing offerings. Furthermore, X-Force Red’s offensive team is unmatched in terms of talent, quality, ethics and global reach of offensive security services.