By Sandy Bird
Over the years, the game of cat and mouse between cyber attackers and the people charged with defending networks against their advances has become increasingly more complex. Every new advance in defensive technologies has forced attackers to adopt new tactics, and every new attack technique has produced a new response.
We’re at the point where some of the most diligent and advanced security organizations in the world have deployed over 60 different security products; products that, unfortunately, infrequently communicate with one another. Realistically, we can’t rely on these disconnected technologies to be successful 100 percent of the time, especially when they operate in isolation. We need a different, foundational approach.
Fortunately for security professionals, even the most advanced attackers share the same human limitations as the people defending the networks: they are not perfect and they will leave clues about their presence in a network. The enduring challenge is to figure out how to identify and combine those subtle indicators of an attack. Today, more advanced organizations are turning to Big Data in search of evidence of security breaches. Continue Reading »
By Kris Lovejoy
As companies and individuals continue to connect in new and exciting ways – through the cloud, mobile technology and social media – each are becoming more informed and empowered. However, this always-on, real-time, hyper-connected world is not without its pitfalls. And while privacy, security, and performance tend to garner the headlines, the growing risk to reputation is gaining increasing attention.
A new study by the Economist Intelligence Unit commissioned by IBM reveals that reputational risks extend far beyond faulty products or shoddy services. Companies face serious risks to their brand if their IT is compromised. From stolen customer data to hacked passwords – an IT security breach can lead to dramatic and negative sentiment about a company and its image. Continue Reading »
By John Potter
When I speak to enterprise CIOs about the cloud, one issue comes up in conversation more than any other: security.
As the momentum grows around cloud services, enterprises are starting to move toward this model of computing, recognizing the benefits they can gain in terms of flexibility and scalability. However, the anticipated revolution is more of a slow evolution with a significant number of large businesses still sitting on the sidelines. The main reason for their reluctance: concerns over reliability, performance, and most of all, security.
The cloud may be a relatively new concept, but these concerns aren’t. For businesses, customer data and intellectual property are often the currency with the highest value. They demand a cloud that lets them protect this data using the same enterprise-grade security they’ve experienced in their existing corporate networks. They want to know that their most important currency is protected as it travels to and from the cloud. Continue Reading »
For security officials, the first half of 2012 was marked by intelligence and sophistication – which, when it comes to securing a computer network, are not always positive traits. Yesterday IBM released the results of the X-Force 2012 Mid-Year Trend and Risk Report. The report highlights a sharp increase in browser-related exploits, weaknesses around password security, and growing operational challenges in the adoption mobile “bring your own device (BYOD) programs and policies since last year. In fact, half of all the Chief Information Security Officers interviewed indicated that mobile BYOD security is their greatest near-term technology concern.
There’s no question that protecting a business from IT security threats is getting increasingly complex for companies of all sizes – particularly with the rapid adoption of innovative technologies like mobility, cloud computing, big data analysis and social collaboration. Increased concern about privacy protection, regulatory compliance and rapid globalization add additional dimensions of complexity.
It is clear the ability to succeed in their efforts is hindered by the lack of security skills and requirements to work with tighter budgets. According to Frost and Sullivan’s 2011 (ISC)2 Global Information Security Workforce Study, a lack of skills has made many cybersecurity professionals under-qualified to adequately secure organizations from threats associated with adoption of social media, cloud computing, mobile devices and software applications. The 2010 Center for Strategic & International Studies (CSIS) report called “A Human Capital Crisis in Cybersecurity” documented a need for 30,000 cybersecurity professionals in the United States, with only 1,000 positions filled.
There’s an evolution going on in the executive suite–emerging technologies like mobile, cloud and embedded devices are making the world more instrumented, and at the same time, producing huge amounts of data. Senior executives are paying close attention to these emerging technologies, not only because of the opportunity to learn more about behavior, but also because of the potential security risks they pose. With this, security is increasingly moving beyond simply a technology issue to a business issue. Continue Reading »
The nature of IT security in 2011 shows evolution at work. While some positive trends and improvements have emerged in thwarting security vulnerabilities, attacker’s methods continued to adapt.
Issued today, the 2011 IBM X-Force Report shows surprising improvements in several areas of security such as a reduction in application security vulnerabilities, exploit code and spam. As a result, the report suggests attackers today are being forced to rethink their tactics to targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices. Continue Reading »
In the digital age, increasing amounts of data are being shared in new and often unanticipated ways. This proliferation of data, devices and connections brings a set of new security threats. And midsize companies, in particular, are feeling the heat.
While security budgets are often at risk for cuts, recovering from the damage a security breach can cause could cost a midsize much more in lost revenue and productivity. No matter how big or small a business may be, a security glitch is not an option. This is especially the case for midsize companies that operate with tight budgets and limited IT staff.
It has become more important, yet more difficult, to secure and protect critical information and related assets. Whether it’s evaluating the potential risk to the brand, understanding the financial implications of adverse events or assessing the impact of IT systems disruptions on ongoing operations, developing security intelligence – the ability to predict, identify and react to potential threats – is taking on new importance.
This is the latest in an occasional series of posts about A New Era of Computing. A monumental shift is coming. Computing will be ubiquitous and machines will learn from their interactions with data and humans–essentially programming themselves. This leap will be enabled by advances in artificial intelligence, data analytics, computing systems and nanotechnology. It will result in a smarter, better planet.
Quantum computing has been a Holy Grail for researchers ever since Nobel Prize physicist Richard Feynman in 1981 challenged the scientific community to build computers based on quantum mechanics. For decades, the pursuit remained firmly in the theoretical realm. But now scientists and entrepreneurs believe they’re on the cusp of building systems that will take computing to a whole new level. “The work we’re doing shows it’s no longer just a brute force physics experiment. It’s time to start creating systems based on this science,” says IBM scientist Matthias Steffen, part of a team at IBM Research that’s focused on developing quantum computing to a point where it can be applied to real-world problems.
Here’s Steffen explaining the latest breakthroughs:
We have all read the news reports of company IT systems being attacked, hacked and compromised. With this comes potential loss of shareholder value, marketplace reputation and possible legal action. This is the stuff that keeps CIO’s and Chief Information Security Officers (CISOs) awake at night. Continue Reading »