Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cybersecurity in the cognitive era: Priming your digital immune system


Published on

Security leaders are working to address three gaps in their current capabilities — in intelligence, speed and accuracy. Some organizations are beginning to explore the potential of cognitive security solutions to address these gaps and get ahead of their risks and threats. There are high expectations for this technology.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cybersecurity in the cognitive era: Priming your digital immune system

  1. 1. ©2015 IBM Corporation1 13 January 2017 Cybersecurity in the cognitive era Priming your digital immune system David Jarvis, IBM Institute for Business Value Diana Kelley, IBM Security
  2. 2. Today’s speakers David Jarvis Security & CIO Lead IBM Institute for Business Value Diana Kelley Executive Security Advisor IBM Security
  3. 3. Entering the cognitive era of security solutions  Cybersecurity is reaching an inflection point: – Increasing numbers and sophistication of threats on track to surpass current capabilities to address and mitigate them – Volume of adverse events and incidents surpassing the capacity of most security operations teams – Financial costs and risks are growing rapidly  Security organizations need to leverage new capabilities to get ahead of the risks and challenges  But with mounting skills and resource gaps, spending more and staffing up security operations is getting harder and harder to do  What if? – You could enhance the effectiveness of security operations with new tools that could ingest and organize the threat landscape much more rapidly – Systems could be taught how to bring better context to each threat and identify real ones with greater accuracy
  4. 4. ©2016 IBM Corporation 13 January 20174 Agenda Overview Approach and firmographics The current context Challenges, practices and gaps Enter cognitive security solutions Benefits and challenges of cognitive security Primed for cognitive security Characteristics of those that are ready Recommendations How to start your cognitive security journey
  5. 5. ©2016 IBM Corporation 13 January 20175 Industry We surveyed a balanced distribution of 700 security professionals in 35 countries, representing 18 industries Over $10B $500M - $1B $1B – $5B 15% 40% 20% Company size (in $USD annualized revenue) Under $500M 20% $5B – $10B 5% Geography North America Central and South America Middle East and Africa Western Europe Central and Eastern Europe Asia Pacific Japan
  6. 6. The current context
  7. 7. ©2015 IBM Corporation7 13 January 2017 “It’s literally like being a merchant sailor in the golden age of piracy — there is no navy to protect you, there is no police force, you are on your own. On top of that, many don’t know how to sail their boats, and they can’t fire back at the attackers (it’s illegal). You are literally trying to survive in a hostile world with both arms tied behind your back. However, you do have some really interesting and sophisticated tools to use that tell you all about your threats.” David Shipley – Director of Strategic Initiatives, Information Technology Services, University of New Brunswick
  8. 8. ©2016 IBM Corporation 13 January 20178 The current security operations context from our data Dealing with increasing costs and justifying investments with the business Worried about addressing speed and complexity of threats Focused on impacts to operations and brand reputation Improving security operations capabilities Working to address gaps in network and data security and threat response #1 cybersecurity challenge today and tomorrow is reducing average incident response and resolution time 78% have seen the cost for cybersecurity increase in the last two years 57% looking to improve monitoring of network, application, and data-level security in the next 2-3 years 68% say the loss of brand reputation presents the greatest future concern as a major impact of an intrusion
  9. 9. ©2016 IBM Corporation 13 January 20179 The top challenge today is around response speed – analytics will get even more focus in the future
  10. 10. ©2016 IBM Corporation 13 January 201710 Companies are increasingly concerned about a loss of reputation in the future – surpassing operational disruption The rising costs of cybersecurity infrastructure also becomes a more substantial issue in the future – increasing ~2X from today ~2X increase in the worry around loss of brand reputation as a major impact of an intrusion Most significant impacts enterprise has experienced / expect from intrusions 74% 57%Operational disruption Data breach without financial or IP loss 37% 26% Loss of brand reputation 68%35% Rising costs for cybersecurity infrastructure 25% 43% Regulatory violations 20% 23% Financial loss 20% 31% Stolen intellectual property 20% 32% In the futurePast 2 years Criminal prosecution & liability 5% 4%
  11. 11. ©2016 IBM Corporation 13 January 201711 Almost everything is important, but network and data protection coupled with speed are the weakest areas for most
  12. 12. ©2016 IBM Corporation 13 January 201712 Significantly changing priorities in the future suggest some gaps may widen if future initiatives don’t align to challenges
  13. 13. ©2016 IBM Corporation 13 January 201713 With security costs continuing to rise, security leaders are going to be under increased pressure to justify investments Cost 78% have seen the cost for cybersecurity increase in the last two years 84% expect it to continue to increase in the next 2-3 years Investment 70% spend over 10% of their IT budget on cybersecurity – focused mainly on prevention and detection ROI 63% get over a 25% ROI on their cybersecurity investments With the majority getting between a 25-50% ROI
  14. 14. ©2016 IBM Corporation 13 January 201714 This most important factor to obtain funding approval hinges on clear communication of risks and benefits 21% 24% 43% 51% 61% 0% 10% 20% 30% 40% 50% 60% 70% External industry expert opinion (security, legal, compliance, regulatory) Third-party security services recommendations (managed security services, security consulting) A high-profile breach in my industry Cross-functional support from finance, risk management, operations, or other executives Description of current risk exposure/gap in your company Factors used to justify a request for cybersecurity-related investments 92% say their funding requests for cybersecurity initiatives require a return on investment (ROI) or other financial analysis for justification and approval
  15. 15. ©2016 IBM Corporation 13 January 201715 That communication has to be in the language of the business, cost to fix simply isn’t enough for financial analyses 16% 31% 41% 46% 66% 0% 10% 20% 30% 40% 50% 60% 70% Payback period Cost of capital Direct loss: equity, cash, intellectual property value, reputation Opportunity cost; benefits lost as a result of a breach Cost to fix Most important quantitative variables typically used in ROI/financial analysis for cybersecurity investments Don’t underestimate the importance of incorporating opportunity cost/loss and direct loss into investment justifications – speak in the language of the business
  16. 16. ©2016 IBM Corporation 13 January 201716 A Canadian leader in financial protection, wealth and asset management takes a unique approach to create value The right tone from the top Their well educated CEO makes security #1 across the C- suite and promotes collaboration This approach has reduced the friction associated with improving risk posture through projects and operations Creating a solid business case for security They look at the upstream and downstream benefits to the business from their security investments Use their security capabilities to improve overall business efficiency in a number of ways, for example: • Retire low use websites • Bandwidth savings based on blocking transactions coming into the environment • Improve employee productivity by effective spam mitigation “I consider myself the Chief Marketing Officer of security to the rest of the enterprise, evangelizing the benefits of a strong security posture supported by demonstrating the value it brings to my stakeholders”
  17. 17. ©2016 IBM Corporation 13 January 201717 These challenges, weaknesses, efforts and pressures expose three gaps to address – in intelligence, speed and accuracy #2 most challenging area today is optimizing accuracy alerts (too many false positives) #3 most challenging area due to insufficient resources is threat identification, monitoring and escalating potential incidents (61% selecting) Speed gap The top cybersecurity challenge today and tomorrow is reducing average incident response and resolution time This is despite the fact that 80% said their incident response speed is much faster than two years ago Accuracy gapIntelligence gap #1 most challenging area due to insufficient resources is threat research (65% selecting) #3 highest cybersecurity challenge today is keeping current on new threats and vulnerabilities (40% selecting) Addressing gaps while managing cost and ROI pressures
  18. 18. Enter cognitive security solutions
  19. 19. ©2016 IBM Corporation 13 January 201719  Cognitive security is the implementation of two broad and related capabilities: – The use of cognitive systems to analyze security trends and distill enormous volumes of structured and unstructured data into information, and then into actionable knowledge to enable continuous security and business improvement – The use of automated, data-driven security technologies, techniques and processes that support cognitive systems’ having the highest level of context and accuracy To close the gaps, different technologies and approaches are needed – enter cognitive security  Enhance the work of SOC analysts  Speed response with external intelligence  Identify threats with advanced analytics  Strengthen application security  Reduce enterprise risk Benefits
  20. 20. ©2016 IBM Corporation 13 January 201720 Traditional security data Cognitive security solutions can help tap the tremendous amount of security knowledge created for human consumption • Research documents • Industry publications • Forensic information • Threat intelligence commentary • Conference presentations • Analyst reports • Webpages • Wikis • Blogs • News sources • Newsletters • Tweets Security knowledge dark to defenses Typical organizations leverage only 8% of this content* Human generated knowledge • Security events and alerts • Logs and configuration data • User and network activity • Threat and vulnerability feeds * Forrester Research: Can You Give The Business The Data That It Needs? November 2013 Examples include:
  21. 21. ©2016 IBM Corporation 13 January 201721 Almost two thirds believe cognitive security solutions will address gaps – with ~20% planning to adopt in 2-3 years Expectations Top 3 perceived benefits Adoption Believe that “cognitive security” solutions can significantly slow down cybercriminals 57% #1 Intelligence #2 Speed #3 Accuracy Although only 7% of the total sample are currently working on implementing cognitive- enabled security solutions today – this rises to 21% in the next 2-3 years 3X Today Next 2-3 years Improve detection and incident response decision- making capabilities (40%) Significantly improve incident response time (37%) Provide increased confidence to discriminate between events and true incidents (36%)
  22. 22. ©2016 IBM Corporation 13 January 201722 Factors holding back adoption include overall maturity and secondarily, budget and communicating the benefits 0% 15% 16% 25% 28% 28% 45% 45% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Don’t understand what is really meant by cognitive security solutions Not convinced of value added to current cybersecurity solutions and capabilities Not convinced of the benefits versus other solutions Not ready from an infrastructure perspective (security operations center, software, hardware) Lack of sufficient budget/funding to invest in this in the next 2–3 years Too difficult to communicate benefits to decision- makers/lack proof points or use-cases Lack of internal skills/competency to implement Not ready from a competency perspective (skills, process, methods) Most are convinced of the value add and benefits of cognitive security solutions and don’t feel it is a top challenge
  23. 23. ©2016 IBM Corporation 13 January 201723 EY sees how cognitive security solutions could be a way to reduce the overall level of enterprise risk Seeing internal and external challenges A rapid pace of technological change and adversaries advancing their tools and techniques Digital innovation and transformation efforts within organizations are pushing the enterprise flat – how do you move fast with digital transformation without creating a more porous perimeter? Reducing overall risk with cognitive security solutions Cognitive security solutions could: • Provide better threat intelligence, helping to understand potential attacks in the future • Act as an expert advisor for a security operations analyst, it could not only enhance their expertise, but also may help to adapt and evolve security controls based on what the system has learned over time • Help to manage GRC, deciphering the different requirements from multiple regulatory agencies “There is a massive amount of noise out there, the human brain can’t process everything on a day to day basis – we need something to help, something like AI or cognitive technologies.” Chad Holmes, Principal and Cyber Strategy, Technology and Growth Leader (CTO) at Ernst & Young LLP
  24. 24. Primed for cognitive security
  25. 25. ©2016 IBM Corporation 13 January 201725 “We are poised to take the next step with cognitive and intelligent solutions that will efficiently ingest, organize and bring context to an enormous amount to security information and knowledge which today consumes a lot of our time and resources.” A Canadian leader in financial protection, wealth and asset management
  26. 26. ©2016 IBM Corporation 13 January 201726 We profiled participants based on their security effectiveness and appreciation of cognitive benefits Security effectiveness Cognitive understanding Cognitive readiness  Foundational capabilities – risk awareness across the company, IT hygiene  Advanced capabilities – intelligent security and rapid threat response, robust data security and privacy Believe cognitive security solutions can:  Improve detection and incident response decision-making capabilities  Provide increased confidence to discriminate between events and true incidents  Significantly improve incident response time  Are implementing or planning on implementing cognitive enabled security solutions  Ready to implement next-generation cognitive enabled security now  Believe that cognitive security solutions can significantly slow down cyber criminals
  27. 27. ©2016 IBM Corporation 13 January 201727 An analysis of the responses to these questions revealed three distinct clusters Pressured 52% Primed 22% Prudent 27% Organization More likely to report to the CIO/CTO More likely to report to the CEO More likely to report to the CIO/CTO Resources Lower % of IT budget allocated to cybersecurity More likely to report challenges with obtaining sufficient funding and filling a shortage of staff Higher % of IT budget allocated to cybersecurity Higher % of IT budget allocated to cybersecurity Performance Large majority feel they are on par compared with other companies Large majority feel they are on par compared with other companies Best self-assessed preparedness compared with other companies Cognitive familiarity & challenges A lower general familiarity with cognitive security features and value More likely to report a lack of sufficient funding an adoption challenge for cognitive solutions More likely to say that are not ready from a competency perspective to adopt cognitive- enabled security solutions and have trouble communicating the benefits A higher general familiarity with cognitive security features and value
  28. 28. ©2016 IBM Corporation 13 January 201728 The Primed have a better familiarity with cognitive security and higher confidence, budget, and ROI than others
  29. 29. ©2016 IBM Corporation 13 January 201729 The Primed generally employ a more mature approach to their security practices
  30. 30. ©2016 IBM Corporation 13 January 201730 “Cognitive security has so much potential — you can meet your labor shortage gap, you can reduce your risk profile, you can increase your efficiency of response. It can help you understand the narrative story. People consume stories — this happened, then this happened, with this impact, by this person. Additionally, cognitive can lower the skills it takes to get involved in cybersecurity. It allows you to bring in new perspectives from non-IT backgrounds into cracking the problem.” David Shipley – Director of Strategic Initiatives, Information Technology Services, University of New Brunswick
  31. 31. ©2016 IBM Corporation 13 January 201731 Although cognitive security solutions are still an emerging technology area, there are things you can do today to prepare Recognize your weaknesses Look at the primary weaknesses and vulnerabilities within your organization. How are they connected? What is a priority? Evaluate your intelligence, speed and accuracy. Become educated about cognitive security capabilities Take a holistic and formal approach to learn about cognitive security solutions. There could be many misconceptions in your organization from a capability, cost and implementation perspective. Define an investment plan It is difficult to build an investment case when a technology is new and unproven – focus on the fact that cognitive security is a capability that can improve the overall effectiveness of security operations. Look to augment your capabilities, no matter your maturity Cognitive security solutions are an emerging technology area, and its unique characteristics can benefit organizations of all sizes. Whether you are Pressured, Prudent or Primed, there are things you can do.
  32. 32. THANK YOU
  33. 33. ©2016 IBM Corporation 13 January 201733 Learn more about the study: Cybersecurity in the cognitive era Visit to download the report Read the blog at
  34. 34. ©2016 IBM Corporation 13 January 201734 Learn more about IBM Security A global leader in enterprise security • #1 in enterprise security software and services* • 7,500+ people • 12,000+ customers • 133 countries • 3,500+ security patents • 19 acquisitions since 2002 *According to Technology Business Research, Inc. (TBR) 2016 Join IBM X-Force Exchange Visit our website Watch our videos on YouTube IBM Security Channel Read new blog posts Follow us on Twitter @ibmsecurity
  35. 35. ©2016 IBM Corporation 13 January 201735 Learn more about the IBM Institute for Business Value For more information To learn more about this IBM Institute for Business Value study, please contact us at Follow @IBMIBV on Twitter, and for a full catalog of our research or to subscribe to our monthly newsletter, visit: Access IBM Institute for Business Value executive reports on your mobile device by downloading the free “IBM IBV” app for your phone or tablet from your app store. The right partner for a changing world At IBM, we collaborate with our clients, bringing together business insight, advanced research and technology to give them a distinct advantage in today’s rapidly changing environment. IBM Institute for Business Value The IBM Institute for Business Value, part of IBM Global Business Services, develops fact-based strategic insights for senior business executives around critical public and private sector issues.
  36. 36. ©2015 IBM Corporation