IBM has one the largest and most complex internal IT infrastructures in the world. We are providing solutions in over 2,000 major sites in our 170 countries. Our team includes 400,000-plus security specialist of which over 50 percent are mobile. IBM has security consultancy practices and dedicated security research capabilities across the globe.
Chief executive officers are under increasing pressure to increase demand and business value while maintaining the same or fewer resources. Organizations are facing a growing realization that our physical and IT assets, systems, and infrastructure are reaching a breaking point. As the pace of business and the world continues to accelerate, the physical and digital foundations on which progress depends are straining to keep up. Today’s businesses need to find ways to reduce operational expenses while meeting the greater demands of a highly instrumented world. You face unprecedented challenges in your ability to respond to change while enabling access to data and services around the clock. With customer and competitive pressures only increasing, it is clear that we need to address the deficiencies in infrastructure that threaten to hold us back—both at an organizational and at a societal level. In spite of these pressures to do more, IT organizations are spending roughly 70 percent of their funds on maintaining what they have today. And they are not getting any significant budget increases, so budgets are essentially flat.
Security leaders are under intense pressure and navigating a period of change. Information security leaders are charged with protecting some of the enterprise’s most valuable assets—money, customer data, intellectual property and, increasingly, brand. Today’s security risks are fundamentally different; instead of managing current threats, businesses have to be proactive about security. They need to anticipate the kinds of risks that expanding the business or opening up operations to more clients and partners will create. Executive attention – Nearly two-thirds of CISOs surveyed in IBM’s 2012 Chief Information Security Officer Study say that their senior executives are paying more attention to security today than they were two years ago because a series of high-profile hacking and data breach incidents have convinced them of the key role that security needs to play in the modern enterprise. Budget and spend – Nearly two-thirds of respondents expect information security spend to increase over the next two years. Of those, 87 percent expect double-digit increases and 11 percent expect increases of more than 50 percent. Threat – External threats were the top overall challenge and 69 percent of respondents ranked external threats as either their number one or number two challenge. Challenges – Securing the mobile world is a major challenge – 55 percent of respondents cited mobile security as a primary technology concern over the next two years. Aspirations – Two years from now, respondents expect to be spending more time reducing potential future risks, and spending less time mitigating current known threats or complying with government and industry mandates. Attention plus resources plus greater threat plus technical challenges plus aspiration equals a time for change.
The more the environment changes, the more the opportunities exist for risk. Technology is rapidly changing and the world we live in is becoming more digitized and interconnected. In order to keep up and stay competitive, chief executive officers need to be able to embrace new technology through the use of cloud, mobility and Big Data, but at the same time they need to consider the risks of potential threats and vulnerabilities in order to reduce the impact of a breach. Security risk management is a key component to consider when adopting new technology to help ensure that security is built in. From a risk perspective, new technology raises the level of a potential threat, which means that new investments needs to be made in protecting your company.
Today’s threats are more sophisticated. We are seeing an increase in: Advanced persistent threat Discovering new zero day threats Financially motivated and target attacks The types of threats differ depending on the type and motivation of the attacker: Insiders - employees, contractors, outsourcers – inexperienced, no funding, harm often caused by accident Worms and virus writers, script kiddies - inexperienced, limited funding, opportunistic behavior; target has know vulnerabilities “ White hat” and “black hat” hackers – inexperienced-to-higher-order skills, target usually known; they prefer denial of service attacks, which are increasing National governments, organized crime, industrial spies, terrorist cells – sophisticated trade craft, foreign intelligence, well financed and motivated by profit; these are increasingly difficult to detect and are also increasingly prevalent Source: Government Accountability Office (GAO), Department of Homeland Security's (DHS's) Role in Critical Infrastructure Protection (CIP) Cybersecurity, GAO-05-434
The Ponemon Institute found that 39 percent of employees lost or “misplaced” an unencrypted data-bearing device (such as Universal Serial Bus, or Universal Serial Bus (USB) drive, smart phone, laptop computer); 74 percent of those employees did not report the loss immediately, either because they were embarrassed, worried about losing their job, or thought they just misplaced the device and would find it soon.
New technology and business models are generating an increase in vulnerabilities . Because of the far-reaching impact of a security breach and its increasing complexity, we are seeing the potential impact to a company increase as they try to adopt mobility, cloud and social business. This impact can be felt across the entire corporation.
Source: IBM X-Force® Report 2011 and IBM Center for Applied Insight Security experts at IBM X-Force predict that Botnet infections rate will continue to increase, driven by evolution to bring your own IT (BYOIT) . Botnet infection rate for corporate owned and corporate managed devices equals 4 to 8 percent Botnet infection rate for personally owned devices equals 20 to 30 percent IMPACT: Loss of Data or Productivity: A targeted, advanced attack – also known as an APT, which is designed to be undetectable Sensitive data disclosure: Loss or theft of technology (laptops, memory sticks, personal digital assistants, or PDAs) which contain sensitive data Loss of data or productivity: Inadvertent disclosure of dataMalware infection - A virus, worm, Trojan horse, or other code-based malicious entity that successfully infects a host Impact to brand: defacement - A person gains logical or physical access without permission and defaces a web application. IBM is building integrated security solutions around four domains: people, data, applications and infrastructure. If you can better secure across those domains, not just within each as a stand-alone, siloed area, you can build a more security-rich environment and foster more innovative use of technology.
Loss of customers: A denial of service attack that prevents or impairs the use of networks, systems, or applications by exhausting resources.
IBM has security consultancy practices and dedicated security research capabilities across the globe.
The IBM 2012 Chief Information Security Officer (CISO) assessment This IBM initiative was created to enable a broader conversation with our clients around the expanding role of information security to confront the challenges facing enterprises today. In the new report, IBM identifies three types of security leaders: influencers, protectors and responder. We welcome you to review the assessment, related whitepapers and info graphics to see where you see your organization and enable you to be better prepared to meet new threats with confidence. IBM CEO Study This is IBM’s fifth biennial Global CEO Study. The primary focus of this year’s survey “How are CEOs responding to the complexity of increasingly interconnected organizations, markets, societies and governments—what we call the connected economy?” To find out, we spoke with more than 1,700 CEOs, general managers and senior public sector leaders from around the globe. Security Intelligence and Compliance Analytics aligns with several of our key focus initiatives. Our message demonstrates IBM’s thought leadership and capabilities to take clients to the next level in security. IBM Institute for Advanced Security This link takes you to a number of useful resources including the latest security news, research, interviews and a calendar of upcoming security events.
For more information, visit: http://www-142.ibm.com/software/products/us/en/category/tivoli/SWI00