Building a Resilient Organization at IBM Think2018
Last week, IBM clients, Business Partners and executives got together for the inaugural IBM [Think 2018] conference. There were over 30,000 attendees.
In an age of exponentially more data, connected devices and computing power, there are more ways for attackers to breach an organization than ever before. Teams are challenged to manage these threats as they deal with too many disparate tools from too many vendors, an enormous security and IT skills shortage, and a growing number of compliance mandates.
Marc van Zadelhoff, General Manager, IBM Security, kicked off the session "Ready For Anything: Build a Cyber Resilient Organization". The year 2017 was a tough year for security. People can relate to the number of security breaches that happened.
Why do companies struggle in this area? It is not just because hackers have become more sophisticated. IBM Security has over 8,000 security experts to help clients. When IBM is called in, we find 90 percent lack basic fundamentals from firewall rules and patch management. It takes on average 200 days for companies to detect breaches. Sadly, 77 percent do not have a response plan after the breach happens.
To help this, IBM has come up with new terminology. At a certain point, [the shit hits the fan], a Canadian phrase meaning "messy consequences are brought about by a previously secret situation becoming public." Marc explained that it often is accompanied by FBI agents showing up at the front door.
Marc referred to this event as "the Boom". All of the preparation and prevention happen "left of Boom". The clean-up, salvaging your brand reputation, and remediating the damage was called "right of Boom". Here are some examples of a Boom event:
Left of Boom is our domain of choice. We are surrounded with just security and IT problems, problems we have studied our entire careers, involving daily activities we complete with a sense of certainty.
Right of Boom is a completely different matter. Others get involved, including Legal, HR, and sometimes even the Board of Directors. These are distant, hazy problems that don't occur every day, and more uncertainty.
The Boom is not the initial breach, but when the breach becomes public, an average of 200 days later. Hackers can do quite a lot of damage during these 200 days. What might have started as phishing emails, might continue with access to sensitive databases, stolen credentials to other servers, access to internal networks, and additional compromises.
Likewise, companies should not expect to clean up the mess in just a few days either. IT forensics are used to determine the scope of the breach. Regulators and auditors are notified, press conferences and legal dispositions are scheduled to address the public concerns, and social media sentiment might fall.
Back in 2016, [IBM acquired Resilient] a security software company. Ted Julian, IBM VP Product Management and Co-Founder of Resilient, performed a live demo of this software. Basically, it is a dashboard that automates gathering incident data, determines the tasks required, and then orchestrates appropriate responses. This allows the security administrator to launch remediation directly in context.
Last year, over 1,400 customers have taken advantage of IBM's security breach simulator lab, the IBM X-Force Command Center. On the right side of the boom, time matters. What might take 90 minutes manually can be done in two minutes with IBM Resilient dashboard and the right amount of practice and training.
Next on stage were Wendi Whitmore, IBM Security Services, and Mike Errity, Vice President IBM Resiliency Services. While Wendi's team is handling the situation from afar, Mike's team lives in the data center. Mike explained Recovery Time Objective (RTO) and Recovery Point Objective (RPO), which applies to recovery after cyberattack, similar to Disaster Recovery after a hurricane.
Wendi indicates that executives need visibility into what is going on after a breach, and to have retainers involved in PR firms and other industry experts to be called on a short notice as needed right of boom.
Richard Puckett, Vice President Security Operations, Strategy and Architecture, at Thomson Reuters, was the final speaker. Richard spent the first six months of his job uplifting the security protocols at Thomson Reuters. They partnered with IBM to build up their talent for their Security Operation Center (SOC).
Threats are asymmetric. Unlike traditional physical threats from mobs of people, or trucks parked at the front door, cyber threats go undetected. Once they are detected, it can be difficult to identify the perpetrator. Richard suggests that good security requires good management. Patch management is not the sexiest, but is critical. Don't focus on shiny new objects, but rather fixing weak passwords and poor patch management procedures.
In the struggle to keep up, organizations are not doing a good job of mastering the security fundamentals. IBM believes that with the right approach, technologies and experts, our clients can fight back. IBM can deliver security and resiliency at the scale and speed necessary to protect businesses against the challenges of today, and tomorrow.
technorati tags: IBM, #Think2018, #IBMthink, #Think18, #Think, Marc van Zadelhoff, IBM Security, hackers, firewall rules, patch management, security breach, left of Boom, right of Boom, zero-day+malware, ransomware, IBM Resilient, Ted Julian, X-Force Command Center, Wendi Whitmore, Mike Errity, Richard Puckett, Thomson Reuters, asymmetric threat