By: Stephanie Porfiris, May 05 2021
“We live in a software-driven digital economy right now, and there is so much software that’s running critical services for us that are exposed to the internet. If you have a vulnerability, you can guarantee it’s being scanned for and looked for by hacking teams,” warns Christopher Bontempo, IBM’s VP of Cloud and Cognitive Software.
Cybersecurity is the barrier between those vulnerabilities and malevolent attackers.
The protection of computer systems and data is one of the most highly discussed topics in tech circles today, as more and more information is stored on digital platforms.
A threat of this magnitude warrants expert opinions.
Along with Bontempo, Elevate CEO Razor Suleman sat down with TD Global Executive Officer Claudette McGowan to explore insider perspectives on cybersecurity.
Bontempo and McGowan provided three key insights into the fast-paced, high-stakes world of cybersecurity that can help you keep your data — both personal and professional — out of the wrong hands.
Key Insight #1: The Cybersecurity Industry is Growing Exponentially
Like in almost all industries, artificial intelligence plays a role in the new cybersecurity landscape and is propelling the ecosystem to new heights. In many ways, it’s like searching for a needle in a haystack, explains Bontempo. Only with cybersecurity, there’s a twist: the haystack continually grows bigger and bigger and bigger.
“The magic of models trained on the language of cybersecurity and what to look for makes these problems a lot easier to deal with, and that lets our cybersecurity teams focus on ‘once you’ve found the needle, how did the needle get there, what’s the real root of this problem, what do I need to go take action on?’ And that’s really what we want our people focused on,” he says.
In conjunction with AI, automation is helping to revolutionize the cybersecurity industry as well. AI and automation accelerate every security process that a firm implements, providing a highly valuable speed advantage over attackers.
Key Insight #2: Attackers are Becoming Increasingly Ingenius With Their Tactics
“There’s a creative element to threat actors,” McGowan explains. “They are agile. They are versatile. And they’re funded. So they’re able to do things that we have to respect, while also making sure that we’re doing the right things to protect ourselves.
Here are three of the top attack tactics, according to Bontempo:
Tactic #1: Ransomware
Ransomware was “the number one attack vector seen across all incidents” according to IBM. Up from 20% in 2019 to 23% of today’s investigated attacks, this threat will only get worse. There are entire enterprises being built around ‘ransomware as a service’, making this malevolent tool accessible to anyone with a credit card.
Tactic #2: Scan and Exploit
Scan and exploit was the top infection vector investigated last year. Here are Bontempo’s thoughts on this threat:
Tactic #3: Phishing
Phishing, although lower on the current list of assailants than in previous years, is still very much top of mind for IBM and TD alike. Bontempo relays the story of a company which recently experienced a phishing attack. 100 executives at this company received phishing emails; one executive took the bait. Bontempo elaborates on this incident, musing, “You can do all the security training you want. All they had to do was get one out of a hundred.”
With more and more services moving to the cloud, both firms and individuals are exposing themselves to an increased threat of cyberattacks. Bontempo believes that cloud computing is a “supremely hot topic because all critical data services are moving into the crowd, across multiple clouds.”
Check out McGowan’s views on the risks and benefits of cloud computing here:
Key Insight #3: Cybersecurity Means More Than Just Secure Technology
“Cybersecurity is not just a technology. There are tons of great solutions out there from all sorts of vendors. But security is a people-process-technology solution,” Bontempo explains.
For a firm to absolutely minimize the risk of an attack, a culture of security must be implemented.
The leadership figures must embed security into the everyday processes of the company. Bontempo believes, “We will work on the technology and the technology will keep getting better. The people and process part is what the business leadership can take on.”
Additionally, communication between business leadership and security leadership is crucial. Hear Bontempo’s thoughts on the importance of clear communication between all parties here:
McGowan emphasizes the value of identifying every actor involved in your cybersecurity ecosystem. Who are your third parties? Your fourth parties? Where are the weak links? She warns, “If the security is compromised, the company is compromised.”
Action Items: What Can You Do To Protect Yourself?
The expert advice provided by McGowan and Bontempo ranges from the micro to the macro, guiding us on how to protect ourselves both at home and at work.
McGowan advocates for the use of VPNs and the regular mixing-up of passwords.
She also encourages listeners to run cybersecurity drills. Much like standardized fire drills, running through existing cyber protocols can help both individuals and firms to identify weak spots in their defenses.
Bontempo also emphasizes the importance of cyber-preparedness. “Something bad will happen. It’s inevitable. You just need to be ready for that. When the bad day happens, you implement the run book, and just start going.”
As the world’s data continues its digital migration, the threat of cyber attacks are more prevalent than ever. But the knowledge and advice imparted by these industry experts can serve as the first steps to protecting yourself from the malevolent threat of cyber attacks.
Watch the full session
– To further discuss your Security needs, request a consultation with an IBM specialist