November 18, 2019 By Stephen Dominguez 3 min read

One of the greatest challenges in the IT industry is staying ahead of the cybercriminal. This is no easy task. The 2019 Cost of a Data Breach Report, conducted by the Ponemon Institute and sponsored by IBM Security, indicates that the chances of experiencing a data breach have increased from 22.6 percent in 2014 to 29.6 percent in 2019. In other words, organizations are now one-third more likely to experience a breach in the next two years. The increased success that cybercriminals are achieving underscores the importance for IT organizations of ensuring they’re providing the proper measures for reducing cybersecurity risk.

The following are my recommendations for organizations seeking to significantly reduce cybersecurity risk in their business:

1. Use a “defense in depth” approach

Many organizations deploy only a portion of the cybersecurity countermeasures that should be utilized. This can result in weak links in the chain of cybersecurity defenses. Even if most of an organization’s cybersecurity chain is strong, a cybercriminal can exploit the weak links, potentially causing a data breach that wouldn’t have been possible if a defense in depth approach was used.

A defense in depth approach consists of having many different layers of cybersecurity defense. If a layer is defeated by a hacker, there are still other security layers in place to thwart the attacker. An excellent example of such an approach to cybersecurity is found in the Center for Internet Security (CIS) Controls version 7.1.

2. If you’re going to deploy security defenses, do it right

Some cybersecurity defenses aren’t easy to implement, and some can be implemented in numerous different ways. The quality of your implementation could be the difference in whether or not you prevent a data breach. Some of the biggest data breaches in the last decade were due not to organizations failing to deploy the appropriate defenses but failing to deploy defenses properly.

Take as an example the reduction of unnecessary access. Reducing unnecessary access first requires understanding the subset of full access that’s needed for users to perform their jobs. Access is something that can vary from organization to organization depending on user requirements. Thus, you need to do your research in order to properly manage access. Depending upon the complexity of an organization, this could be something that could take weeks, if not months, to implement right.

3. Get your security and system administration teams working together

An organization can be exposed to greater security risk if its security plan was created with a lack of synergy between security and systems administration teams. Achieving robust system security requires both teams to share knowledge and work together to define security policies specific to their IT environment.

The system administration team can offer substantial help to the security team since it has a thorough understanding of the operating systems and application groups in the organization. Once the security team has done its research, it should define a security plan that details the organization’s security policy requirements, and the system administration team’s job is to abide by it.

4. Take advantage of firmware and hypervisor security features

Since a security system is only as strong as its weakest link, make sure your defense in depth strategy includes security defenses for the firmware and the hypervisor.

Here I’ll get more brand-specific since IBM Power Systems is the server group I know best. IBM POWER9 servers come with firmware and hypervisor security features designed to bolster an organization’s security efforts. We’ll talk about specific operating system security features in upcoming blog posts, but there are important developments that fall under firmware and hypervisor security that I suggest you consider.

For example, IBM PowerVM Secure Boot, which I consider an important security defense feature, allows only appropriately signed firmware components to run on the system processors. Using digital signatures generated by IBM, Secure Boot verifies the authenticity of the following components of your firmware stack:

  • Hostboot
  • Power Hypervisor (PHYP)
  • Partition firmware (PFW)

An included framework provides remote firmware attestation using a hardware Trusted Platform Module (TPM). The attestation supports Trusted Computing Group (TCG) 2.0 compliant trusted boot.

Find more information on PowerVM Secure Boot in the IBM Knowledge Center.

Need support with security on Power Systems?

IBM Systems Lab Services has a team of experienced technical consultants to help you as you assess security and compliance practices in your organization, identifying potential exposures, recommending the adoption of best practices and, if necessary, helping you remediate any issues. Contact us today.

Was this article helpful?

More from Cybersecurity

IBM Tech Now: March 25, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 95 On this episode, we're covering the following topics: IBM X-Force Cyber Range Combating deepfakes Stay plugged in You can check out the IBM Blog Announcements for a full rundown of all news, announcements,…

IBM’s immersive incident response training expands with new DC Cyber Range

3 min read - It’s been said before: cyberattacks are not a matter of if but when. While it’s difficult for organizations to predict exactly when an attack might hit, they can prepare for one to help strengthen their cyber readiness and mitigate devastating impacts. The global average cost of a data breach reached USD 4.45 million, with the U.S. facing the highest breach costs across all regions. For public organizations, the cost of a cyber crisis transcends monetary costs. Threat actors can disrupt…

Enterprise security is facing an identity crisis: Findings from the latest X-Force Threat Intelligence Index

2 min read - In this year’s IBM X-Force Threat Intelligence Index, our annual report of cybersecurity trends, we observed a pronounced surge in cyber threats targeting identities. Cyber criminals leveraged stolen credentials in 30% of the investigations X-Force responded to in 2023, which tracks a 71% increase compared to the previous year. Let’s take a look at some of the key findings from this year’s report. There are several ways that cybercriminals obtain valid credentials to use in breaches. In 2023, one of…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters