Instrumented Interconnecteds Intelligent
security

By Chris Sciacca

Dr. Gregory Neven, IBM Research

Dr. Gregory Neven, Cryptographer, IBM Research – Zurich

If you believe the press, you may think that passwords are antiquated. And who could blame you? With major breaches being reported at popular websites such as LinkedIn, Adobe, Yahoo!, and Twitter, passwords may sound like a vestige of past security solutions.

Well, not so fast. IBM scientists have developed a three-pronged approach that can secure all of your passwords for social media, email, cloud files or shopping websites, with one practically, hack-proof password.

And this password is secured by something they like to refer to as the “Memento Protocol.” In the 2000 film “Memento” by Christopher Nolan, the protagonist suffers from short-term memory loss. Throughout the film he meets several so-called friends, but due to his condition he never really knows if they are trustworthy or if they are trying to steal something from him. Continue Reading »

Bookmark and Share

Tal Rabin

Tal Rabin, Manager of Cryptographic Research, IBM Research

“In most cases of security breaches, it’s not the cryptography that’s the problem. It’s the implementation,” said IBM’s Manager of Cryptographic Research Tal Rabin.

She’s referring to the cryptography used to protect our online lives – passwords, two-factor authentication, etc. The implementation is the software built around that cryptography – websites, email, etc. Holes in the latter allow hackers to circumvent the former.

Tal, whose career of writing and developing sophisticated cryptographic protocols has led to a New York Times feature, World Science Festival presentation, an appearance on WNYC’s The Takeaway’s Science Fair, and most-recently the Anita Borg Institute’s “Women of Vision” award, started out studying computer science at the Hebrew University of Jerusalem with the goal, as she puts it, “to get a tech job.” Continue Reading »

Bookmark and Share

Larry Ponemon, Chairman, Ponemon Institute

Larry Ponemon, Chairman, Ponemon Institute

Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Today, Dr. Ponemon and IBM announced the 9th annual 2014 Cost of a Data Breach Study. Here’s a snapshot of our conversation.

What would you say is the number one finding from your research?

What is interesting is that globally the average cost of a data breach grew to $3.5 million (in U.S. dollars). That’s an increase of 15 percent compared to 2013. The average cost for each lost or stolen record containing sensitive and confidential information increased nine percent to $145.  In the U.S., the average U.S. breach involved the loss or theft of 30,000 records and the average cost to the companies affected by the breach increased from $5.4 million in 2013 to $5.9 million in this year’s study.

Continue Reading »

Bookmark and Share

Laurence Guihard-Joly, General Manager, IBM Business Continuity and Resilience Services

Laurence Guihard-Joly, General Manager, IBM Business Continuity and Resilience Services

By Laurence Guihard-Joly

Every company needs electricity, but that doesn’t require building a power plant. Many organizations have reached the same conclusion about computing and storage needs. Why build out data centers if it’s not your core business? Plus it can be a costly proposition.

That’s basically the premise of cloud computing – turn to trusted partners for your computing needs so you can focus on the business. But when deciding on a cloud strategy, organizations should be careful not to simply focus on saving money.

To be sure, moving to the cloud is economical and brings greater efficiencies, but it’s also an opportunity to reexamine everything from finance systems to enterprise resource planning and even the helpdesk. It can be a means of improving business efficiency over every operation that runs on software. Adding redundancy and automating backup are two functions most cloud providers offer, with more or less sophistication. A cloud strategy – public, hybrid, private – is also an excellent place to rethink security and continuity strategy and options across the board. Continue Reading »

Bookmark and Share

Maria Dubovitskaya, Predoctoral Security Researcher, and Member of IBM Academy of Technology,

Maria Dubovitskaya, Predoctoral Security Researcher, and Member of IBM Academy of Technology

By Chris Sciacca

Ballet or mathematics? Most ordinary eight year olds girls would probably choose ballet, but Maria Dubovitskaya was anything but an ordinary eight year old.

One day, after ballet lessons in the Moscow suburb of Domodedovo, Maria’s parents were running a little late. She heard other children, mostly boys her age, clacking away on IBM 286 PC keyboards in the classroom next door. Peeking through a crack in the door Maria was overcome with curiosity.

“I remember they were drawing different figures on the screens and magically changing their shapes and colors simply by typing on the keyboard. I just had to try this out for myself.”

When her parents finally arrived, she immediately asked them to sign her up for a computer class.

“I didn’t know what to expect, but thinking back now, my parents were very supportive. In fact, a few days later my dad bought me a programming book for kids called The Encyclopedia of Professor Fortran, and also brought home a very simple computer. I was hooked,” said Maria. Continue Reading »

Bookmark and Share

Robert Griffin, Vice President, Industry Solutions, IBM

Robert Griffin, Vice President, Counter Fraud Solutions, IBM

By Robert Griffin

“Fraud is a normal cost of doing business.”

Any organization that subscribes to this long-standing mantra needs to rethink their priorities. With 2.5 billion gigabytes of data created every day, fraud is taking on a new face in the Big Data world.

According to the Association of Certified Fraud Examiners (ACFE), organizations forfeit five percent of annual revenue to fraud, which by conservative estimates amounts to more than $3.5 trillion lost each year to global fraud and financial crimes. Fraudulent activity has grown in scope, volume and complexity, with the brash sophistication of recent attacks — and magnitude of damage, both to the brand and bottom line — elevating the anti-fraud conversation from acceptable loss to C-Suite imperative.

Today’s generation of organized and digitally-savvy criminals are using the same technologies that deliver efficiency to business and convenience to consumers — such as mobile devices, social networks and cloud platforms — to constantly probe for vulnerabilities and weaknesses. The pace of this threat continues to accelerate. Identity fraud impacted more than 12 million individuals in 2012, resulting in theft of nearly $21 billion, and each day the U.S. healthcare industry loses $650 million due to fraudulent claims and payments. Continue Reading »

Bookmark and Share

Andy Daudelin, Vice President, Security Services, AT&T Business Solutions

Andy Daudelin, Vice President, Security Services, AT&T Business Solutions

By Andy Daudelin

Among the 10 most stressful C-Suite roles of 2014 in business today is the role of chief information security officer (CISO). These IT security leaders set the strategy for the way a company protects itself from constantly evolving cyber threats – and they must implement these strategies without disrupting the speed of the business or its ability to innovate.

The threat landscape today is fraught with risk. IBM’s most recent Cyber Security Intelligence Index confirms that the average company faces 1.57 million security events per week, with 1,400 of those identified as actual attacks. And earlier this year, I discussed how new security threats and regulations will make 2014 a critical year for compliance and audit demands, and organizations need to be better prepared.    

Cloud and mobile technologies are an excellent example of the balance CISOs must strike as they strive to protect the IT infrastructure while incorporating emerging technologies. Many companies are finding cloud an ideal platform for emerging business applications and are integrating those cloud-based services with their traditional technology platforms. It’s the CISO’s mission to secure all of this – and its underlying data – as a single seamless service. Continue Reading »

Bookmark and Share

SP FACT 2013By Keith Byrne, Intelligence Manager, U.K. Federation Against Copyright Theft (FACT)

Last month, the fifth and final season of the hit television show Breaking Bad premiered in the U.S. Despite all the legal ways to view the show in the U.S. and in several other countries, many people still viewed the episode through pirate websites. In fact, within a few hours after the unauthorised copy of the episode was uploaded, 80,000 people had shared the file illegally and after 12 hours more than half a million people around the world were estimated to have downloaded the copy.

Such behaviour can have dramatic and negative economic impacts – impacts that often go unnoticed by consumers. When a producer or director is unable to score a box office hit, for example, their ability to secure backing to produce the next film is greatly diminished, setting off a chain reaction that affects the entire production ecosystem from lighting and carpentry, to catering and cinema staff – all of whom depend on the continued survival of the creative economy. Continue Reading »

Bookmark and Share

Dan Lohrmann, Chief Security Officer, State of Michigan, and author of “BYOD for You”

Dan Lohrmann, Chief Security Officer, State of Michigan; author of “BYOD for You

By Dan Lohrmann

A radical change is sweeping across the global workplace: mobile technology is redefining the boundaries between work, home life and play.

According to IT analyst firm Gartner, the rise of bring your own device (BYOD) programs is the single most radical shift in the economics of client computing since the introduction of the personal computer in the workplace.

Bringing your own mobile device offers many benefits. Employees are comfortable with the various features and functionality of their preferred—and often beloved—smartphone. Also, using personally-owned mobile technology can eliminate the need for carrying two devices—one for personal use and the other for work. Continue Reading »

Bookmark and Share

Laurie Williams, Professor, Department of Computer Science, North Carolina State University

Laurie Williams, Professor, Department of Computer Science, North Carolina State University

By Laurie Williams

According to a recent IBM Tech Trends report, both educators and students view security as extremely important. In fact, 56 percent of students and 44 percent of educators ranked it as one of the top three issues the IT industry will face over the next two years. In addition, a UK government report said that it may take 20 years to address the current cybersecurity skills gaps.

To help try and change that, North CarolinaStateUniversity is partnering with IBM to help better prepare the next generation of engineers with a secure-by-design focus and curriculum.

Why dedicate so many resources to building cybersecurity skills? The world operates with interconnected systems and as technology progresses these systems will only proliferate. The linchpin to success in securing these systems is in the design stage – not at the end of the process. Continue Reading »

Bookmark and Share

Subscribe to this category Subscribe to security