The 2019 IBM Ponemon report revealed that an alarming 77 percent of organizations are still underprepared to properly respond to cybersecurity incidents.
There is a silver lining, though -- the report projects that companies that contain a cyber-attack within 30 days save over USD 1 million on the total cost of a data breach. It was revealed that automation improved detection and containment of cyber-attacks by nearly 25 percent.
Vaidyanathan Iyer, Security Software Leader at IBM India, South Asia, observed that although respondents surveyed in India disclosed that they do not have a plan in place yet, they are in active pursuit of the same. In an exclusive interaction with CSO Online, the man spearheading IBM's security business sheds light on what security heads can do to mitigate threats.
In his 11 years of experience at IBM, Vaidy, as he is popularly known in the circuit, has been instrumental in driving the company's cybersecurity posture. Drawing a parallel with what's going on in the health industry, he says that security vendors are creating a sense of paranoia around cybersecurity to push their products.
He believes that unless there's a need to add a particular security feature, companies shouldn't invest in it because security consultants tend to paint a picture that's downright scary.
Additionally, security leaders in the country have unanimously pointed out to the skills shortage that exists in the cybersecurity space. Iyer believes that while there's a gap in between the way curriculums are designed and the skill set the enterprise demands, companies can turn to augmented intelligence and bots to plug the skills gap.
Could you tell us more on the trend of leveraging artificial intelligence for security?
At IBM, we don't believe in artificial intelligence; we called it augmented intelligence. This is because it augments human intelligence.
Simply put, cybersecurity is an extension of threats that we see in the physical world. Peter Norton came up with disc utility tools because there were a lot of gaps in the fundamental operating system.
Mostly what happens with third party operating systems is that a lot of fields were missing.
In the present day enterprise IT landscape, customers have numerous choice. So it's hard for vendor companies to establish a monopoly.
A Ponemon research survey revealed that one in four breaches are repeat incidents. Where, in your point of view, do organizations face a problem in containing recurring breaches?
Similar to the way a batsman gets out playing the same type of shot that dismissed him earlier, the solution doesn't lie in playing the same shot again.
You have got new people and new technologies coming in, so there's always a chance of repetition from a different source. Even though the manifestation may be the same, the cause of the attack could be a completely different one.
Breaches occur due to the way business is conducted. You have to consistently mitigate your risks and reevaluate them. The risk profile of your organization needs a constant re-look.
If risk mitigation is not carried out, the same risk can manifest in a different format. You cannot 'eliminate' a risk. And then there's always the residual risk to worry about. The right thing to do here is to constantly evaluate your risk profile. One of the challenges the industry is facing right now is that the risks are not being properly evaluated. Also, the way to go about incident response is not shared appropriately with all stakeholders.
There's a gap in adequately training new employees and the protocol followed during mergers and acquisitions.
Our readers would love to know more about security in mainframes. Could you elaborate on this?
Mainframes is not legacy, it's current. One of the biggest banking institution in the country runs all its credit card operations entirely on mainframe.
As the hardware and software in mainframes is constantly updated, I would say mainframes is one of the strongest security platforms available in the enterprise today. It is very difficult to put a virus in a mainframe and the proliferation is very limited.
The mainframe hardware is refreshed or upgraded and the software is automatically and constantly updated. It's very important to keep the mainframe system current. Most breaches occur because we don't patch at the correct time.
Mainframes remains to be one of the most profitable businesses for IBM.
Only 23 percent of respondents said that their organization was well-equipped to quickly detect and contain a cyber attack. What challenges are CISOs facing when it comes to identifying and controlling a threat, and what solution does IBM offer to tackle this ?
It all depends on your security posture - at what level do you identify the threat. Our solution to the problem is the Cognitive SOC. The Security Operations Center is highly intelligent and helps tackle threats with speed and accuracy.
If anything fishy is detected, the issue is immediately escalated to the SOC. Training people to spot anomalies is imperative.
Your security operations center should be able to capture a security event before it becomes an incident. How fast I tackle threats depends upon the risk posed by the threat.
Our X-Force solution is one of the largest threat intelligence engines. X-Force service not only gives you a report of all the threats, it goes a step ahead and indicates if a threat is applicable to you. IBM Watson has also reduces the load and effort spent on mundane activities.
Is the skills shortage a real threat in the cybersecurity space?
Skillset shortage is a real threat - I face it everyday. There's a big gap in the way the industry is moving and the way in which curriculum is designed.
A workaround to this problem is through the usage of augmented intelligence and bots.
IBM has a global university program in which we introduce people to the latest technologies and industry experts in the cybersecurity space. Building skillset is a process of continuous acquisition.
If I don't learn continually or engage with the security community, I will be outdated in no time. International organizations like ISACA also play a very important role in building cybersecurity skillset.
Could you also throw some light on the future of quantum computing and what role does it play in the cybersecurity space?
We have seen demonstrations of quantum being hacked. IBM is dabbling with the technology and has funded several research activities in quantum computing, in addition to companies like Google and Microsoft.