In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens.

Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might get in? What data might they steal? How much will it cost? Are they already in?

Instead of using this month to reinforce fears around cybersecurity threats, let’s use it as an opportunity to reinforce knowledge about a strong cybersecurity strategy. Because knowledge is more powerful than fear.

With that in mind, I’ve collected some of my favorite pieces of content from people who not only know exactly who might try to steal your data, how they’re likely to get in, what they’d target, and how much it will cost, but what you can do to detect and respond to these threats faster.

Subscribe to the Newsletter

How Your Organization Can Stay Secure, Even in an Ever-Evolving Threat Landscape by Chris McCurdy, General Manager and Vice President Worldwide IBM Security Services, IBM 

As cyberattacks grow more disruptive and the volume of breaches increases, businesses are struggling to stay ahead of cybersecurity threats. But as McCurdy explores in this piece, businesses may be looking at their security problem the wrong way.

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments by Chris Caridi, Strategic Threat Analyst, IBM X-Force

New IBM X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Caridi looks at the latest 2022 X-Force Cloud Threat Landscape Report data to examine the “cracked doors” cybercriminals are using to compromise cloud environments.

A United Front Against Cyberattacks: Andritz Case Study

Less than six months to a new, comprehensive security services solution? Andritz and IBM did it together — and virtually. This case study and video delve into the details of how the partners worked together quickly to improve Adritz’s cybersecurity in the face of increasing breaches.

Smart Talks with IBM Podcast where Malcolm Gladwell chats with Stephanie Carruthers, Chief People Hacker for X-Force, IBM

Your “friendly neighborhood hacker,” as Stephanie (Snow) Carruthers refers to herself, talks about helping clients detect and close security gaps by exploiting them before someone else does. The intensity of the work can be hard to turn off, though. She rarely passes a building without imagining how to break in. Learn how she does it.

Security New Creator, Dustin (EvilMog) Heywood

Curious about “ethical hacking,” password cracking, and how creativity and security intersect? IBM’s Chief Architect of X-Force talks about all of this, plus how extreme sports helped him hone his risk management skills.

Just like we are reminded to change our smoke alarm batteries during daylight saving time, I invite you to use October every year to update your bedside stack of cybersecurity reading. Bookmark blogs. Subscribe to newsletters. Tune into podcasts like Into the Breach and Smart Talks. While you’re at it, stop by this microsite to give one of your favorite incident responders a virtual shout-out for helping to keep us secure.

I promise you that all this knowledge will help you feel a lot less afraid and a lot more prepared for whatever might come your way.

More from Defensive Security

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

X-Force certified containment: Responding to AD CS attacks

6 min read - This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker gained access to the client network through a VPN connection using a third-party IT management account. The IT management account had multi-factor authentication (MFA) disabled…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today