Story image

IBM outlines why the 'boom' moment is key to better security

01 Oct 2019

No matter which aspect of security you look at, in the end it all boils down to risk and what could happen when things go wrong.

“Often I’m talking with people on the worst day of their business’ life.”

Those were the opening words from IBM I-Force Incident Response & Intelligence Services (IRIS) Asia Pacific lead Stephen Burmester, who hosted an intelligence briefing at Accelerate DX recently.

IBM sees approximately 90 billion security events per day around the world, so intelligence makes up a critical part of understanding the threat landscape and, in turn, risk.

“Everything we do in X-Force IRIS we try to base around risk. There are all sorts of things we can, could, and should be doing from an ICT and security perspective. We want to boil it down to focus on the risks I have to deal with, and what happens when something goes wrong.”

Risk, Burmester says, concerns three main areas: Confidentiality of information, availability of information, and integrity.  If an organisation wants to know the likelihood of getting hacked, they need to consider what they’re most concerned about based on those three areas.

“The focal point for risk is what we call ‘the boom moment. The boom when something goes wrong. It’s when you realise you’ve lost data. Your systems shut down, or you’re unable to access your information and your systems as you were expecting it to do.”

When external sources alert businesses to that boom moment, that business is already on the back foot. It means an entire series of events has happened within the environment to lead to the boom.

Businesses can tune into those events and prepare for them, Burmester says. Practicing a plan is even more important than merely just having a plan. Burmester likens it to running a marathon. Most people get the best results when they’re prepared, compared to just starting on the day and hoping for the best chances of success.

After businesses have discovered the issue, what are they going to do about it, how do they contain it, and how do they recover from it? With bigger data breaches and more expensive costs per record, customers are leaving organisations.

Burmester notes that one of the most common issues is what he calls misconfigured assets. This happens when organisations move information to the cloud without properly securing that information. It’s happening without proper governance controls as things such as devops and devsec ops propel information to the cloud faster.

The cost of a ‘boom’ is also far bigger than some businesses imagine, Burmester says.

“It isn’t a one-off cost. About 67% of the cost will happen in the first year; about 22% in the year after, and 11% the year after. You have a three-year debt you need to plan for.”

He notes that humans aren’t getting better at detecting security threats such as phishing attacks, and education and awareness aren’t doing the job. Detection and protection controls are essential, but people should really be able to take the right actions themselves.

Burmester also adds that fileless attacks are becoming more rampant through malware attacks on system memory. This means organisations need to change the way they scan for threats because antivirus systems will not pick those types of threats up.

Security incident response goes beyond IT and security teams – it’s the entire company’s responsibility. Every team needs to follow the three Ps: Plan, prepare, and practice.

“Without those, your organisation will experience more loss.”

Burmester concludes with three key actionable tips: Think carefully about security partners; implement security automation; and to be ready for the boom.

Story image
14 Nov
Lack of PCI DSS compliance putting payment security at risk
Organisations across Asia Pacific are demonstrating stronger payments security compliance compared to other parts of the world, however global trends indicate that payments security compliance has dropped for the second year in a row.More
Story image
13 Nov
Big Tech firms dominating internet choices
"While people benefit from big tech's products and services, they are clearly concerned about associated security and privacy threats, and they also want more choice."More
Story image
27 Nov
Interview: Microsoft's Diana Kelley talks talent gaps and D&I
Kelley recently spoke at Microsoft Asia’s new Experience Center, where she talked through her experience as a security CTO, as well as IoT security, what’s ahead in 2020, and diversity and inclusion both in the cybersecurity sector, and in technology.More
Story image
26 Nov
Study: Business has never been better for cybercriminals
“Cyber security is only as strong as the weakest link, but with the majority of organisations not understanding current password best practice, we’re not off to a great start."More
Download image
Why businesses must build their cloud expertise
Nearly three-quarters of IT decision-makers (71%) believe their organisations have lost revenue due to a lack of cloud expertise.More
Story image
26 Nov
ExtraHop integrates with Google Cloud's new packet mirroring feature
 Google Cloud has announced a new packet mirroring feature that integrates with ExtraHop’s ExtraHopReveal(x) to enable stronger threat detection, investigation, and response.More