Security strategy is now part of tech strategy and not an after thought
How would you compare the Indian cyber security market with the global one?
IBM recently announced a study conducted in as sociation with Ponemon Institute, which found that the average cost of a data breach in India this year was estimated at $ 119 million, a 7.9% increase from the last year report. The threat scenario shows a significant rise in both number and sophistication of breaches in this year’s report, which is alarming as it continues to rise in India. Further, the average mean time to identify data breach in India increased from 170 days from previous year to 188 days.‘Malicious or criminal attacks’ took 219 days on an average to be identified. The report further highlighted that the average mean to contain data breach in India, increased from 72 from previous year to 78 days. Average time to contain ‘Malicious or criminal attacks’ took 99 days.
Hence, companies in India need to fortify their security strategy to leverage a secure Cloud environment and build a strong AI strategy. They need to identify the many hidden expenses which must be considered, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake next year.
"Adopting “cognitive SOC” is the necessary evolution of the industry to keep pace with increasing volume and sophistication of threats"
Security teams are struggling to keep pace with the fast changing, hard to control environment. What security measures would you suggest to tackle this challenge?
Mobile, cloud, AI and the Internet of Things(IoT) are three of the biggest technology trends in business today, and they’re transforming companies of all sizes in all industries. No matter which new technologies a business implements, though, rising cyber risk continues to be a significant concern for IT leaders and chief information officers (CIOs). As workforce mobility increases, CIOs are declaring with resounding voices the importance of prioritizing mobile security.
The biggest security risks that stem from mobile are not particularly new. The loss or theft of mobile devices and the use of leaky apps that lack enterprise grade security features remain top threats. What is new, however, is the magnitude of these possible threats, due largely to the growth of the mobile workforce. Between the growing number of devices accessing an organizations network and a myriad of unknowns around shadow IT, delivering better BYOD can be a security and IT productivity nightmare. Cognitive computing makes possible an unprecedented new level of intuition and analysis to reinforce CIOs in the endpoint security struggle. A great example is IBM MaaS360 with Watson, which augments the popular MaaS360 offering with cognitive insights, contextual analytics and cloud sourced bench marking.
The new MaaS360 Advisor capability provides CIOs and IT managers with a dashboard showing a customized selection of opportunities, risks and general information to improve their security posture across all connected endpoints. With timely security updates from sources such as the X-Force Exchange, the information displayed by the MaaS360 Advisor can be uniquely tailored to the relevant industry, company size and selection of devices deployed.
How do you see the evolution of Cognitive/AI security tools? Can they be effective in scaling to such environments in the near future?
We believe AI security tools will augment an organization’s security by sifting through volume of unstructured data in the world that is currently dark to a company’s existing algorithms. The AI security technology will help them respond to threats with
greater confidence and speed rather than another automation tool. IBM is leading the journey towards AI and Intelligent Automation in Cybersecurity:
•In 2017, IBM brought the power of Watson to the cybersecurity market to help augment the skills of security analysts in their investigations with Watson for Security/QRadar Advisor with Watson
•In 2016, IBM invested heavily in the incident response space, with the acquisition of Resilient Systems the leading platform for orchestrating and automating the incident response processes.
•The latest step in this journey is the automation of response connecting machine intelligence and human expertise together more seamlessly across the entire threat lifecycle.
•In April 2018, IBM introduced new innovations that move the needle towards a new era where machine intelligence and human expertise are orchestrated seamlessly together across the Security Operation Center.
With changing security landscape, the industry needs to keep re-inventing and adding capabilities to deal with sophisticated threats
Therefore, adopting “cognitive SOC” is the necessary evolution of the industry to keep pace with increasing volume and sophistication of threats. The cognitive SOC is not a specific piece of technology, but rather an integrated architecture by which IBM brings its cognitive solutions to market. The foundation and centrepiece of the cognitive SOC is Watson for Security. Also, the Ponemon report this year for the first time examined the effect of security automation tools which use artificial intelligence, machine learning, analytics and orchestration to augment or replace human intervention in the identification and containment of a breach. The analysis found that organizations that had extensively deployed automated security technologies saved over $1.5 million on the total cost of a breach($2.88 million, compared to $4.43 million for those who had not deployed security automation.)
With so much mission critical data now residing in the cloud, we may see a shocking cloud failure that may not only result in breaches, but also devastating loss of data. How prepared is the industry for such a disaster?
As per IBM X-Force 2017 report, globally, the industry saw a historic 424% increase in records breached through misconfigurations in cloud servers. Further, misconfigured cloud servers and networked backup incidents were responsible for the exposure of more than 2 billion records, or nearly 70 percent of the total number of compromised records. A large contributor is a growing awareness among the cybercriminal community of the existence of misconfigured cloud servers. It’s been known the cybercriminals work in organized crime groups and sophisticated functions, but the attack techniques used in 2017 show that they continue to take advantage of human error and mistakes in frastructure configurations.
You cannot neglect security when moving to cloud assuming that it is the responsibility of the cloud provider. Most cloud providers often provide only base line security which is not enough to deal with issues like insider threats, compliance issues, data breaches and sophisticated attacks. Organizations have to take robust security measures to the cloud too, just as they would to protect their on premise assets. A comprehensive security posture is needed for Cloud especially in 4 key areas 1. managing access to cloud with governed identity, 2. Patch vulnerability on apps running in cloud and have control on your sensitive data residing in cloud, and thereby prevent network attacks 3. Monitoring cloud assets continuously for security breaches and compliance violations and 4. Optimize all security intelligence and operations for cloud too. Moreover, one size doesn’t fit all. And hence, security measures have to be suited to the type of workload being consumed from the cloud eg. it could be IaaS, PaaS or SaaS and they bring in their own unique considerations. IBM does have a very strong Security portfolio specifically for the Cloud and provide guidance and solutions to many customers.
How do you see the changing role of compliance in cyber security?
Organizations today are grappling and preparing for key regulatory changes in the industry like GDPR Compliance and India’s draft data policy. They need to focus on adopting a strategy which covers educating key stakeholders across all the business, people, policy, process, data protection etc. Data Privacy and security have to be inbuilt, by design and by default. With such a comprehensive plan spanning across compliance, data protection, and personal data, organizations are ready to address any compliance change. Further, IBM’s Security Guardium is designed to safeguard critical data, wherever it resides. This comprehensive data protection platform empowers security teams to automatically analyze what is happening across the data environment to help minimize risk, protect sensitive information. Automatically discover and classify sensitive data, uncover usage patterns and assess compliance risks.
How much awareness do you see in the Indian market about cyber security? How important is research and development for this sector?
As discussed earlier, cybersecurity is now the key focus for organizations of every size. Security strategy is now built in as part of organizations tech strategy and is no longer an afterthought. With changing security landscape, the industry needs to keep re-inventing and adding capabilities to deal with sophisticated threats. IBM Security globally now includes more than a dozen security acquisitions and more than $2 billion in dedicated R&D. Additionally, security teams are over whelmed with growing volumes of attack and attack related data and hence another key area to look at will be demand for security talent which is increasing yet the talent pipeline is struggling to keep pace, with projections estimating 1.8 million open and unfilled cybersecurity jobs by 2022 globally.