cybersecurity in the cognitive era: priming your digital immune system
TRANSCRIPT
©2015 IBM Corporation1 May 3, 2023
Cybersecurity in the cognitive eraPriming your digital immune system
David Jarvis, IBM Institute for Business ValueDiana Kelley, IBM Security
Today’s speakers
David JarvisSecurity & CIO LeadIBM Institute for Business Valuehttps://securityintelligence.com/author/david-jarvis https://www.linkedin.com/in/davidajarvishttp://twitter.com/dajarvis
Diana KelleyExecutive Security AdvisorIBM Securityhttps://securityintelligence.com/author/diana-kelleyhttps://www.linkedin.com/in/dianakelleysecuritycurve
Entering the cognitive era of security solutionsCybersecurity is reaching an inflection point:
– Increasing numbers and sophistication of threats on track to surpass current capabilities to address and mitigate them
– Volume of adverse events and incidents surpassing the capacity of most security operations teams
– Financial costs and risks are growing rapidlySecurity organizations need to leverage new capabilities to get ahead of the risks and challenges
But with mounting skills and resource gaps, spending more and staffing up security operations is getting harder and harder to do
What if?
– You could enhance the effectiveness of security operations with new tools that could ingest and organize the threat landscape much more rapidly
– Systems could be taught how to bring better context to each threat and identify real ones with greater accuracy
©2016 IBM Corporation May 3, 20234
Agenda
Overview Approach and firmographics
The current context Challenges, practices and gaps
Enter cognitive security solutions Benefits and challenges of cognitive security
Primed for cognitive security Characteristics of those that are ready
Recommendations How to start your cognitive security journey
©2016 IBM Corporation May 3, 20235
Industry
We surveyed a balanced distribution of 700 security professionals in 35 countries, representing 18 industries
Over $10B
$500M - $1B
$1B – $5B
15%
40%
20%
Company size (in $USD annualized revenue)
Under $500M 20%
$5B – $10B
5%
Geography
North America
Central and South America
Middle East and Africa
Western Europe
Central and Eastern Europe
Asia Pacific
Japan
The current context
©2015 IBM Corporation7 May 3, 2023
“It’s literally like being a merchant sailor in the golden age of piracy —there is no navy to protect you, there is no police force, you are on your own. On top of that, many don’t know how to sail their boats, and they can’t fire back at the attackers (it’s illegal). You are literally trying to survive in a hostile world with both arms tied behind your back. However, you do have some really interesting and sophisticated tools to use that tell you all about your threats.”David Shipley – Director of Strategic Initiatives, Information Technology Services, University of New Brunswick
©2016 IBM Corporation May 3, 20238
The current security operations context from our data
Dealing with increasing costs and justifying investments with the business
Worried about addressing speed and complexity of threats
Focused on impacts to operations and brand reputation
Improving security operations capabilities
Working to address gaps in network and data security and threat response
#1 cybersecurity challenge today and tomorrow is reducing average incident response and resolution time
78% have seen the cost for cybersecurity
increase in the last two years
57% looking to improve monitoring of network,
application, and data-level security in the next 2-3 years
68% say the loss of brand reputation
presents the greatest future concern as a major impact of an
intrusion
©2016 IBM Corporation May 3, 20239
The top challenge today is around response speed – analytics will get even more focus in the future
©2016 IBM Corporation May 3, 202310
Companies are increasingly concerned about a loss of reputation in the future – surpassing operational disruption
The rising costs of cybersecurity infrastructure also becomes a more substantial issue in the future – increasing ~2X from today
~2X increase in the worry around
loss of brand reputation as a
major impact of an intrusion
Most significant impacts enterprise has experienced / expect from intrusions
74% 57%Operational disruption
Data breach without financial or IP loss 37% 26%
Loss of brand reputation 68%35%
Rising costs for cybersecurity infrastructure 25% 43%
Regulatory violations 20% 23%
Financial loss 20% 31%
Stolen intellectual property 20% 32%
In the futurePast 2 years
Criminal prosecution & liability 5% 4%
©2016 IBM Corporation May 3, 202311
Almost everything is important, but network and data protection coupled with speed are the weakest areas for most
©2016 IBM Corporation May 3, 202312
Significantly changing priorities in the future suggest some gaps may widen if future initiatives don’t align to challenges
©2016 IBM Corporation May 3, 202313
With security costs continuing to rise, security leaders are going to be under increased pressure to justify investments
Cost
78% have seen the cost for cybersecurity increase in the last two years
84% expect it to continue to increase in the next 2-3 years
Investment
70% spend over 10% of their IT budget on cybersecurity –focused mainly on prevention and detection
ROI
63% get over a 25% ROI on their cybersecurity investments
With the majority getting between a 25-50% ROI
©2016 IBM Corporation May 3, 202314
This most important factor to obtain funding approval hinges on clear communication of risks and benefits
External industry expert opinion (security, legal, compliance, regulatory)
Third-party security services recommendations (managed security services, security consulting)
A high-profile breach in my industry
Cross-functional support from finance, risk management, operations, or other executives
Description of current risk exposure/gap in your company
0% 20% 40% 60% 80%
21%
24%
43%
51%
61%
Factors used to justify a request for cybersecurity-related investments
92% say their funding requests for cybersecurity initiatives require a return on investment (ROI) or other financial analysis for justification and approval
©2016 IBM Corporation May 3, 202315
That communication has to be in the language of the business, cost to fix simply isn’t enough for financial analyses
Payback period
Cost of capital
Direct loss: equity, cash, intellectual property value, reputation
Opportunity cost; benefits lost as a result of a breach
Cost to fix
0% 10% 20% 30% 40% 50% 60% 70%
16%
31%
41%
46%
66%
Most important quantitative variables typically used in ROI/financial analysis for cybersecurity investments
Don’t underestimate the importance of incorporating opportunity cost/loss and direct loss into investment justifications – speak in the language of the business
©2016 IBM Corporation May 3, 202316
A Canadian leader in financial protection, wealth and asset management takes a unique approach to create value
The right tone from the top
Their well educated CEO makes security #1 across the C-suite and promotes collaboration
This approach has reduced the friction associated with improving risk posture through projects and operations
Creating a solid business case for security
They look at the upstream and downstream benefits to the business from their security investmentsUse their security capabilities to improve overall business efficiency in a number of ways, for example:• Retire low use websites• Bandwidth savings based on blocking transactions
coming into the environment• Improve employee productivity by effective spam
mitigation
“I consider myself the Chief Marketing Officer of security to the rest of the enterprise, evangelizing the benefits of a strong security posture supported by demonstrating the value it brings to my stakeholders”
©2016 IBM Corporation May 3, 202317
These challenges, weaknesses, efforts and pressures expose three gaps to address – in intelligence, speed and accuracy
#2 most challenging area today is optimizing accuracy alerts (too many false positives)
#3 most challenging area due to insufficient resources is threat identification, monitoring and escalating potential incidents (61% selecting)
Speed gapThe top cybersecurity challenge today and tomorrow is reducing average incident response and resolution time
This is despite the fact that 80% said their incident response speed is much faster than two years ago
Accuracy gapIntelligence gap
#1 most challenging area due to insufficient resources is threat research (65% selecting)
#3 highest cybersecurity challenge today is keeping current on new threats and vulnerabilities (40% selecting)
Addressing gaps while managing cost and ROI pressures
Enter cognitive security solutions
©2016 IBM Corporation May 3, 202319
Cognitive security is the implementation of two broad and related capabilities:
– The use of cognitive systems to analyze security trends and distill enormous volumes of structured and unstructured data into information, and then into actionable knowledge to enable continuous security and business improvement
– The use of automated, data-driven security technologies, techniques and processes that support cognitive systems’ having the highest level of context and accuracy
To close the gaps, different technologies and approaches are needed – enter cognitive security
Enhance the work of SOC analysts
Speed response with external intelligence
Identify threats with advanced analytics
Strengthen application security
Reduce enterprise risk
Benefits
©2016 IBM Corporation May 3, 202320
Traditionalsecurity data
Cognitive security solutions can help tap the tremendous amount of security knowledge created for human consumption
• Research documents
• Industry publications
• Forensic information
• Threat intelligence commentary
• Conference presentations
• Analyst reports
• Webpages
• Wikis• Blogs• News sources• Newsletters• Tweets
Security knowledge dark to defensesTypical organizations leverage only 8% of this content*
Human generated knowledge
• Security events and alerts• Logs and configuration data
• User and network activity• Threat and vulnerability feeds
* Forrester Research: Can You Give The Business The Data That It Needs? November 2013
Examples include:
©2016 IBM Corporation May 3, 202321
Almost two thirds believe cognitive security solutions will address gaps – with ~20% planning to adopt in 2-3 years
Expectations Top 3 perceived benefits Adoption
Believe that “cognitive security” solutions can significantly slow down cybercriminals
57%
#1 Intelligence
#2 Speed
#3 Accuracy Although only 7% of the total sample are currently working on implementing cognitive-enabled security solutions today – this rises to 21% in the next 2-3 years
3X
Today Next 2-3 years
Improve detection and incident response decision-making capabilities (40%)
Significantly improve incident response time (37%)
Provide increased confidence to discriminate between events and true incidents (36%)
©2016 IBM Corporation May 3, 202322
Factors holding back adoption include overall maturity and secondarily, budget and communicating the benefits
Don’t understand what is really meant by cognitive security solu-tions
Not convinced of value added to current cybersecurity solutions and capabilities
Not convinced of the benefits versus other solutions
Not ready from an infrastructure perspective (security operations center, software, hardware)
Lack of sufficient budget/funding to invest in this in the next 2–3 years
Too difficult to communicate benefits to decision-makers/lack proof points or use-cases
Lack of internal skills/competency to implement
Not ready from a competency perspective (skills, process, methods)
0% 10% 20% 30% 40% 50%
0%
15%
16%
25%
28%
28%
45%
45%
Most are convinced of the value add and benefits of cognitive security solutions and don’t feel it is a top challenge
©2016 IBM Corporation May 3, 202323
EY sees how cognitive security solutions could be a way to reduce the overall level of enterprise riskSeeing internal and external challenges
A rapid pace of technological change and adversaries advancing their tools and techniques Digital innovation and transformation efforts within organizations are pushing the enterprise flat – how do you move fast with digital transformation without creating a more porous perimeter?
Reducing overall risk with cognitive security solutions
Cognitive security solutions could:• Provide better threat intelligence, helping to understand
potential attacks in the future• Act as an expert advisor for a security operations
analyst, it could not only enhance their expertise, but also may help to adapt and evolve security controls based on what the system has learned over time
• Help to manage GRC, deciphering the different requirements from multiple regulatory agencies
“There is a massive amount of noise out there, the human brain can’t process everything on a day to day basis – we need something to help, something like AI or cognitive technologies.”Chad Holmes, Principal and Cyber Strategy, Technology and Growth Leader (CTO) at Ernst & Young LLP
Primed for cognitive security
©2016 IBM Corporation May 3, 202325
“We are poised to take the next step with cognitive and intelligent solutions that will efficiently ingest, organize and bring context to an enormous amount to security information and knowledge which today consumes a lot of our time and resources.”A Canadian leader in financial protection, wealth and asset management
©2016 IBM Corporation May 3, 202326
We profiled participants based on their security effectiveness and appreciation of cognitive benefits
Security effectiveness Cognitive understanding Cognitive readiness
Foundational capabilities – risk awareness across the company, IT hygiene
Advanced capabilities – intelligent security and rapid threat response, robust data security and privacy
Believe cognitive security solutions can:
Improve detection and incident response decision-making capabilities
Provide increased confidence to discriminate between events and true incidents
Significantly improve incident response time
Are implementing or planning on implementing cognitive enabled security solutions
Ready to implement next-generation cognitive enabled security now
Believe that cognitive security solutions can significantly slow down cyber criminals
©2016 IBM Corporation May 3, 202327
An analysis of the responses to these questions revealed three distinct clusters
Pressured
52% Primed
22% Prudent
27% Organization More likely to report to the
CIO/CTOMore likely to report to the CEO
More likely to report to the CIO/CTO
Resources
Lower % of IT budget allocated to cybersecurity
More likely to report challenges with obtaining sufficient funding and filling a shortage of staff
Higher % of IT budget allocated to cybersecurity
Higher % of IT budget allocated to cybersecurity
PerformanceLarge majority feel they are on
par compared with other companies
Large majority feel they are on par compared with other companies
Best self-assessed preparedness compared with other companies
Cognitive familiarity & challenges
A lower general familiarity with cognitive security features and value
More likely to report a lack of sufficient funding an adoption challenge for cognitive solutions
More likely to say that are not ready from a competency perspective to adopt cognitive-enabled security solutions and have trouble communicating the benefits
A higher general familiarity with cognitive security features and value
©2016 IBM Corporation May 3, 202328
The Primed have a better familiarity with cognitive security and higher confidence, budget, and ROI than others
©2016 IBM Corporation May 3, 202329
The Primed generally employ a more mature approach to their security practices
©2016 IBM Corporation May 3, 202330
“Cognitive security has so much potential — you can meet your labor shortage gap, you can reduce your risk profile, you can increase your efficiency of response. It can help you understand the narrative story. People consume stories — this happened, then this happened, with this impact, by this person. Additionally, cognitive canlower the skills it takes to get involvedin cybersecurity. It allows you to bringin new perspectives from non-IT backgrounds into cracking the problem.”David Shipley – Director of Strategic Initiatives, Information Technology Services, University of New Brunswick
©2016 IBM Corporation May 3, 202331
Although cognitive security solutions are still an emerging technology area, there are things you can do today to prepare
Recognize your weaknesses
Look at the primary weaknesses and vulnerabilities within your organization. How are they connected? What is a priority? Evaluate your intelligence, speed and accuracy.
Become educated about cognitive
security capabilities
Take a holistic and formal approach to learn about cognitive security solutions. There could be many misconceptions in your organization from a capability, cost and implementation perspective.
Define an investment plan
It is difficult to build an investment case when a technology is new and unproven – focus on the fact that cognitive security is a capability that can improve the overall effectiveness of security operations.
Look to augment your capabilities,
no matter your maturity
Cognitive security solutions are an emerging technology area, and its unique characteristics can benefit organizations of all sizes. Whether you are Pressured, Prudent or Primed, there are things you can do.
THANK YOU
©2016 IBM Corporation May 3, 202333
Learn more about the study: Cybersecurity in the cognitive era
Visit ibm.com/security/cognitive to download the report
Read the blog at Securityintelligence.com
©2016 IBM Corporation May 3, 202334
Learn more about IBM Security
A global leader in enterprise security• #1 in enterprise security
software and services*
• 7,500+ people
• 12,000+ customers
• 133 countries
• 3,500+ security patents
• 19 acquisitions since 2002
*According to Technology Business Research, Inc. (TBR) 2016
Join IBM X-Force Exchangexforce.ibmcloud.com
Visit our websiteibm.com/security
Watch our videos on YouTubeIBM Security Channel
Read new blog postsSecurityIntelligence.com
Follow us on Twitter@ibmsecurity
©2016 IBM Corporation May 3, 202335
Learn more about the IBM Institute for Business Value
For more information To learn more about this IBM Institute for Business Value study, please contact us at [email protected]. Follow @IBMIBV on Twitter, and for a full catalog of our research or to subscribe to our monthly newsletter, visit: ibm.com/iibv Access IBM Institute for Business Value executive reports on your mobile device by downloading the free “IBM IBV” app for your phone or tablet from your app store.
The right partner for a changing world At IBM, we collaborate with our clients, bringing together business insight, advanced research and technology to give them a distinct advantage in today’s rapidly changing environment.
IBM Institute for Business Value The IBM Institute for Business Value, part of IBM Global Business Services, develops fact-based strategic insights for senior business executives around critical public and private sector issues.
©2015 IBM Corporation