“In most cases of security breaches, it’s not the cryptography that’s the problem. It’s the implementation,” said IBM’s Manager of Cryptographic Research Tal Rabin.
She’s referring to the cryptography used to protect our online lives – passwords, two-factor authentication, etc. The implementation is the software built around that cryptography – websites, email, etc. Holes in the latter allow hackers to circumvent the former.
Tal, whose career of writing and developing sophisticated cryptographic protocols has led to a New York Times feature, World Science Festival presentation, an appearance on WNYC’s The Takeaway’s Science Fair, and most-recently the Anita Borg Institute’s “Women of Vision” award, started out studying computer science at the Hebrew University of Jerusalem with the goal, as she puts it, “to get a tech job.” Continue Reading »
Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Today, Dr. Ponemon and IBM announced the 9th annual 2014 Cost of a Data Breach Study. Here’s a snapshot of our conversation.
What would you say is the number one finding from your research?
What is interesting is that globally the average cost of a data breach grew to $3.5 million (in U.S. dollars). That’s an increase of 15 percent compared to 2013. The average cost for each lost or stolen record containing sensitive and confidential information increased nine percent to $145. In the U.S., the average U.S. breach involved the loss or theft of 30,000 records and the average cost to the companies affected by the breach increased from $5.4 million in 2013 to $5.9 million in this year’s study.
By Laurence Guihard-Joly
Every company needs electricity, but that doesn’t require building a power plant. Many organizations have reached the same conclusion about computing and storage needs. Why build out data centers if it’s not your core business? Plus it can be a costly proposition.
That’s basically the premise of cloud computing – turn to trusted partners for your computing needs so you can focus on the business. But when deciding on a cloud strategy, organizations should be careful not to simply focus on saving money.
To be sure, moving to the cloud is economical and brings greater efficiencies, but it’s also an opportunity to reexamine everything from finance systems to enterprise resource planning and even the helpdesk. It can be a means of improving business efficiency over every operation that runs on software. Adding redundancy and automating backup are two functions most cloud providers offer, with more or less sophistication. A cloud strategy – public, hybrid, private – is also an excellent place to rethink security and continuity strategy and options across the board. Continue Reading »
By Chris Sciacca
Ballet or mathematics? Most ordinary eight year olds girls would probably choose ballet, but Maria Dubovitskaya was anything but an ordinary eight year old.
One day, after ballet lessons in the Moscow suburb of Domodedovo, Maria’s parents were running a little late. She heard other children, mostly boys her age, clacking away on IBM 286 PC keyboards in the classroom next door. Peeking through a crack in the door Maria was overcome with curiosity.
“I remember they were drawing different figures on the screens and magically changing their shapes and colors simply by typing on the keyboard. I just had to try this out for myself.”
When her parents finally arrived, she immediately asked them to sign her up for a computer class.
“I didn’t know what to expect, but thinking back now, my parents were very supportive. In fact, a few days later my dad bought me a programming book for kids called The Encyclopedia of Professor Fortran, and also brought home a very simple computer. I was hooked,” said Maria. Continue Reading »
By Robert Griffin
“Fraud is a normal cost of doing business.”
Any organization that subscribes to this long-standing mantra needs to rethink their priorities. With 2.5 billion gigabytes of data created every day, fraud is taking on a new face in the Big Data world.
According to the Association of Certified Fraud Examiners (ACFE), organizations forfeit five percent of annual revenue to fraud, which by conservative estimates amounts to more than $3.5 trillion lost each year to global fraud and financial crimes. Fraudulent activity has grown in scope, volume and complexity, with the brash sophistication of recent attacks — and magnitude of damage, both to the brand and bottom line — elevating the anti-fraud conversation from acceptable loss to C-Suite imperative.
Today’s generation of organized and digitally-savvy criminals are using the same technologies that deliver efficiency to business and convenience to consumers — such as mobile devices, social networks and cloud platforms — to constantly probe for vulnerabilities and weaknesses. The pace of this threat continues to accelerate. Identity fraud impacted more than 12 million individuals in 2012, resulting in theft of nearly $21 billion, and each day the U.S. healthcare industry loses $650 million due to fraudulent claims and payments. Continue Reading »
By Andy Daudelin
Among the 10 most stressful C-Suite roles of 2014 in business today is the role of chief information security officer (CISO). These IT security leaders set the strategy for the way a company protects itself from constantly evolving cyber threats – and they must implement these strategies without disrupting the speed of the business or its ability to innovate.
The threat landscape today is fraught with risk. IBM’s most recent Cyber Security Intelligence Index confirms that the average company faces 1.57 million security events per week, with 1,400 of those identified as actual attacks. And earlier this year, I discussed how new security threats and regulations will make 2014 a critical year for compliance and audit demands, and organizations need to be better prepared.
Cloud and mobile technologies are an excellent example of the balance CISOs must strike as they strive to protect the IT infrastructure while incorporating emerging technologies. Many companies are finding cloud an ideal platform for emerging business applications and are integrating those cloud-based services with their traditional technology platforms. It’s the CISO’s mission to secure all of this – and its underlying data – as a single seamless service. Continue Reading »
By Keith Byrne, Intelligence Manager, U.K. Federation Against Copyright Theft (FACT)
Last month, the fifth and final season of the hit television show Breaking Bad premiered in the U.S. Despite all the legal ways to view the show in the U.S. and in several other countries, many people still viewed the episode through pirate websites. In fact, within a few hours after the unauthorised copy of the episode was uploaded, 80,000 people had shared the file illegally and after 12 hours more than half a million people around the world were estimated to have downloaded the copy.
Such behaviour can have dramatic and negative economic impacts – impacts that often go unnoticed by consumers. When a producer or director is unable to score a box office hit, for example, their ability to secure backing to produce the next film is greatly diminished, setting off a chain reaction that affects the entire production ecosystem from lighting and carpentry, to catering and cinema staff – all of whom depend on the continued survival of the creative economy. Continue Reading »
By Dan Lohrmann
A radical change is sweeping across the global workplace: mobile technology is redefining the boundaries between work, home life and play.
According to IT analyst firm Gartner, the rise of bring your own device (BYOD) programs is the single most radical shift in the economics of client computing since the introduction of the personal computer in the workplace.
Bringing your own mobile device offers many benefits. Employees are comfortable with the various features and functionality of their preferred—and often beloved—smartphone. Also, using personally-owned mobile technology can eliminate the need for carrying two devices—one for personal use and the other for work. Continue Reading »
By Laurie Williams
According to a recent IBM Tech Trends report, both educators and students view security as extremely important. In fact, 56 percent of students and 44 percent of educators ranked it as one of the top three issues the IT industry will face over the next two years. In addition, a UK government report said that it may take 20 years to address the current cybersecurity skills gaps.
To help try and change that, North CarolinaStateUniversity is partnering with IBM to help better prepare the next generation of engineers with a secure-by-design focus and curriculum.
Why dedicate so many resources to building cybersecurity skills? The world operates with interconnected systems and as technology progresses these systems will only proliferate. The linchpin to success in securing these systems is in the design stage – not at the end of the process. Continue Reading »
By Christopher Padilla
This week, nearly 200 of IBM’s senior leaders representing all 50 states are on Capitol Hill to urge action on policies that will drive innovation and economic competitiveness. With more than 300 congressional delegation meetings, our executives are addressing a range of issues critical to U.S. business.
As public-private collaboration becomes increasingly critical to overcoming challenges that no single sector can handle alone, we look forward to working with U.S. congressional leaders on the following issues:
Share Information on Cyber Threats to Protect the Nation’s Critical Assets
Individuals, companies and governments are facing higher risks of cyber attacks as the world becomes more inter-connected. Now, more than ever, it is imperative to develop innovative measures to protect critical assets such as our energy and financial industries. To achieve this goal, private sector advances in innovation should be complemented with legislative policies that promote the collaboration needed to ensure cybersecurity. Continue Reading »