Story image

IBM outlines why the 'boom' moment is key to better security

01 Oct 2019
LinkedIn
Twitter
Facebook

No matter which aspect of security you look at, in the end it all boils down to risk and what could happen when things go wrong.

“Often I’m talking with people on the worst day of their business’ life.”

Those were the opening words from IBM I-Force Incident Response & Intelligence Services (IRIS) Asia Pacific lead Stephen Burmester, who hosted an intelligence briefing at Accelerate DX recently.

IBM sees approximately 90 billion security events per day around the world, so intelligence makes up a critical part of understanding the threat landscape and, in turn, risk.

“Everything we do in X-Force IRIS we try to base around risk. There are all sorts of things we can, could, and should be doing from an ICT and security perspective. We want to boil it down to focus on the risks I have to deal with, and what happens when something goes wrong.”

Risk, Burmester says, concerns three main areas: Confidentiality of information, availability of information, and integrity.  If an organisation wants to know the likelihood of getting hacked, they need to consider what they’re most concerned about based on those three areas.

“The focal point for risk is what we call ‘the boom moment. The boom when something goes wrong. It’s when you realise you’ve lost data. Your systems shut down, or you’re unable to access your information and your systems as you were expecting it to do.”

When external sources alert businesses to that boom moment, that business is already on the back foot. It means an entire series of events has happened within the environment to lead to the boom.

Businesses can tune into those events and prepare for them, Burmester says. Practicing a plan is even more important than merely just having a plan. Burmester likens it to running a marathon. Most people get the best results when they’re prepared, compared to just starting on the day and hoping for the best chances of success.

After businesses have discovered the issue, what are they going to do about it, how do they contain it, and how do they recover from it? With bigger data breaches and more expensive costs per record, customers are leaving organisations.

Burmester notes that one of the most common issues is what he calls misconfigured assets. This happens when organisations move information to the cloud without properly securing that information. It’s happening without proper governance controls as things such as devops and devsec ops propel information to the cloud faster.

The cost of a ‘boom’ is also far bigger than some businesses imagine, Burmester says.

“It isn’t a one-off cost. About 67% of the cost will happen in the first year; about 22% in the year after, and 11% the year after. You have a three-year debt you need to plan for.”

He notes that humans aren’t getting better at detecting security threats such as phishing attacks, and education and awareness aren’t doing the job. Detection and protection controls are essential, but people should really be able to take the right actions themselves.

Burmester also adds that fileless attacks are becoming more rampant through malware attacks on system memory. This means organisations need to change the way they scan for threats because antivirus systems will not pick those types of threats up.

Security incident response goes beyond IT and security teams – it’s the entire company’s responsibility. Every team needs to follow the three Ps: Plan, prepare, and practice.

“Without those, your organisation will experience more loss.”

Burmester concludes with three key actionable tips: Think carefully about security partners; implement security automation; and to be ready for the boom.

Story image
14 Nov
Lack of PCI DSS compliance putting payment security at risk
Organisations across Asia Pacific are demonstrating stronger payments security compliance compared to other parts of the world, however global trends indicate that payments security compliance has dropped for the second year in a row.More
Story image
21 Nov
Photo gallery: Inside Microsoft's new Experience Center Asia
Microsoft's Asia Experience Center opened just last week, and already it is attracting customers and partners from around the world. More
Story image
28 Nov
IDC names Trend Micro number one vendor for SDC security
The new independent report: Worldwide Software Defined Compute Workload Security Market Shares, 2018 revealed Trend Micro achieved a market share lead of 35.5%, almost triple its nearest competitor in 2018.More
Story image
14 Nov
NordVPN launches encryption tool, password manager to come
A free version of NordLocker is available which gives users 5GB of encrypted data, while premium users can encrypt unlimited amounts of data. More
Story image
13 Nov
Microsoft showcases innovations in new Asia Pacific HQ
Almost 145,000 metres of cabling, 200 display screens, 179 Bluetooth beacons and 900 sensors make up Microsoft’s new Asia Pacific headquarters in Singapore, which is now home to the region’s first Microsoft Experience Centre.More
Story image
18 Nov
Gartner names Zscaler Leader in secure web gateways
The Zscaler platform processes more than 70 billion transactions and detects approximately 100 million threats per day across 185 countries.More