sb-eu logo
Story image

IBM outlines why the 'boom' moment is key to better security

01 Oct 2019

No matter which aspect of security you look at, in the end it all boils down to risk and what could happen when things go wrong.

“Often I’m talking with people on the worst day of their business’ life.”

Those were the opening words from IBM I-Force Incident Response & Intelligence Services (IRIS) Asia Pacific lead Stephen Burmester, who hosted an intelligence briefing at Accelerate DX recently.

IBM sees approximately 90 billion security events per day around the world, so intelligence makes up a critical part of understanding the threat landscape and, in turn, risk.

“Everything we do in X-Force IRIS we try to base around risk. There are all sorts of things we can, could, and should be doing from an ICT and security perspective. We want to boil it down to focus on the risks I have to deal with, and what happens when something goes wrong.”

Risk, Burmester says, concerns three main areas: Confidentiality of information, availability of information, and integrity.  If an organisation wants to know the likelihood of getting hacked, they need to consider what they’re most concerned about based on those three areas.

“The focal point for risk is what we call ‘the boom moment. The boom when something goes wrong. It’s when you realise you’ve lost data. Your systems shut down, or you’re unable to access your information and your systems as you were expecting it to do.”

When external sources alert businesses to that boom moment, that business is already on the back foot. It means an entire series of events has happened within the environment to lead to the boom.

Businesses can tune into those events and prepare for them, Burmester says. Practicing a plan is even more important than merely just having a plan. Burmester likens it to running a marathon. Most people get the best results when they’re prepared, compared to just starting on the day and hoping for the best chances of success.

After businesses have discovered the issue, what are they going to do about it, how do they contain it, and how do they recover from it? With bigger data breaches and more expensive costs per record, customers are leaving organisations.

Burmester notes that one of the most common issues is what he calls misconfigured assets. This happens when organisations move information to the cloud without properly securing that information. It’s happening without proper governance controls as things such as devops and devsec ops propel information to the cloud faster.

The cost of a ‘boom’ is also far bigger than some businesses imagine, Burmester says.

“It isn’t a one-off cost. About 67% of the cost will happen in the first year; about 22% in the year after, and 11% the year after. You have a three-year debt you need to plan for.”

He notes that humans aren’t getting better at detecting security threats such as phishing attacks, and education and awareness aren’t doing the job. Detection and protection controls are essential, but people should really be able to take the right actions themselves.

Burmester also adds that fileless attacks are becoming more rampant through malware attacks on system memory. This means organisations need to change the way they scan for threats because antivirus systems will not pick those types of threats up.

Security incident response goes beyond IT and security teams – it’s the entire company’s responsibility. Every team needs to follow the three Ps: Plan, prepare, and practice.

“Without those, your organisation will experience more loss.”

Burmester concludes with three key actionable tips: Think carefully about security partners; implement security automation; and to be ready for the boom.

Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More