IBM was founded 110 years ago and is one of the oldest computer companies in the world. Today, it is working hard on cybersecurity and is proposing three areas of investment for businesses: become more intelligent, respond more quickly and work together more efficiently.
What are the stakes of cybersecurity?
Crime – and cybercrime in particular – are thriving today thanks to data breaches. In France, the average cost of a data breach increased 20% to 3.6 million euros between 2017 and 2018. This includes cybersecurity preparation, correction and recovery measures.
On average, companies take 285 days to "plug" a breach, with 210 days to detect it and another 75 to stem it and recover from it. These companies could save a million euros if they cut this time by 100 days. So, security has to be redesigned to reduce this window and detect breaches more quickly.
The strengths of Artificial Intelligence
Artificial Intelligence is already being used extensively to detect malware, but until recently it had never been used to understand cybersecurity and apply it to any incident.
IBM has developed an artificial intelligence program called Watson. To be applied to cybersecurity, it was "fed" over two million recent documents (blogs, books, etc.). Approximately 60 000 blogs are published on cybersecurity every month. Humans cannot ingest such a vast amount of information, but Watson can. Not only that, it never complains and never gets tired.
IBM’s clients have used Watson with Security Operation Centers (SOC). As soon as an alert is launched, artificial intelligence can report everything it knows about it. Before this innovation, analysts could process only ten alerts per day on average. Now they can handle three times that number.
Artificial Intelligence makes people smarter, so that now, 500 people can do the work of 5 000. That’s why Marc van Zadelhoff, the speaker of this conference, speaks of "augmented intelligence".
How can we respond more quickly as a team through orchestration and automation?
Crisis situations often cause panic. Everyone wonders who they should contact and especially how they should contact them when traditional communication modes are down. However, it’s not good enough just to prepare and draft crisis scenarios in advance. They need to be paired with a technology that transmits automated messages like recommendations from upper management, talking points for the press and the resolution steps to be implemented.
This technology also has to automate and orchestrate actions like blocking firewalls, changing routers or revoking identities. All this drastically reduces the time it takes for a company to respond.
IBM has also set up a dummy SOC that its clients can use to run drills. So far, 2 000 clients have used it, including three senators and two governors. But, no matter how good the team, every one of them has failed. That is why it is important to practice orchestration to improve responsiveness within the company.
Focus on open collaboration
Cybersecurity experts are stronger together. Yet, while researchers in disciplines like medicine or history willingly share their discoveries, this is less true when it comes to cybersecurity. In a context where hackers take advantage of perfect collaboration through encrypted browsers or the Dark Web, computer security experts have to work together more. This is why IBM has opened access on three levels:
- Making threat information accessible via a platform that already has 20 000 clients and a vast threats database
- Opening a sharing platform that allows partners, competitors and clients to build applications and innovate
- Offering Quad9, a free service for a safer Web experience. Quad9 is a free-access DNS platform providing security protection and true confidentiality on the Internet
In short, firms have to invest in artificial intelligence, orchestration and automation, and collaborate openly in order to improve their cybersecurity.
Speaker : Marc VAN ZADELHOFF, IBM SECURITY