By Laurie Williams
According to a recent IBM Tech Trends report, both educators and students view security as extremely important. In fact, 56 percent of students and 44 percent of educators ranked it as one of the top three issues the IT industry will face over the next two years. In addition, a UK government report said that it may take 20 years to address the current cybersecurity skills gaps.
To help try and change that, North CarolinaStateUniversity is partnering with IBM to help better prepare the next generation of engineers with a secure-by-design focus and curriculum.
Why dedicate so many resources to building cybersecurity skills? The world operates with interconnected systems and as technology progresses these systems will only proliferate. The linchpin to success in securing these systems is in the design stage – not at the end of the process. Continue Reading »
By Christopher Padilla
This week, nearly 200 of IBM’s senior leaders representing all 50 states are on Capitol Hill to urge action on policies that will drive innovation and economic competitiveness. With more than 300 congressional delegation meetings, our executives are addressing a range of issues critical to U.S. business.
As public-private collaboration becomes increasingly critical to overcoming challenges that no single sector can handle alone, we look forward to working with U.S. congressional leaders on the following issues:
Share Information on Cyber Threats to Protect the Nation’s Critical Assets
Individuals, companies and governments are facing higher risks of cyber attacks as the world becomes more inter-connected. Now, more than ever, it is imperative to develop innovative measures to protect critical assets such as our energy and financial industries. To achieve this goal, private sector advances in innovation should be complemented with legislative policies that promote the collaboration needed to ensure cybersecurity. Continue Reading »
By Sandy Bird
Over the years, the game of cat and mouse between cyber attackers and the people charged with defending networks against their advances has become increasingly more complex. Every new advance in defensive technologies has forced attackers to adopt new tactics, and every new attack technique has produced a new response.
We’re at the point where some of the most diligent and advanced security organizations in the world have deployed over 60 different security products; products that, unfortunately, infrequently communicate with one another. Realistically, we can’t rely on these disconnected technologies to be successful 100 percent of the time, especially when they operate in isolation. We need a different, foundational approach.
Fortunately for security professionals, even the most advanced attackers share the same human limitations as the people defending the networks: they are not perfect and they will leave clues about their presence in a network. The enduring challenge is to figure out how to identify and combine those subtle indicators of an attack. Today, more advanced organizations are turning to Big Data in search of evidence of security breaches. Continue Reading »
By Kris Lovejoy
As companies and individuals continue to connect in new and exciting ways – through the cloud, mobile technology and social media – each are becoming more informed and empowered. However, this always-on, real-time, hyper-connected world is not without its pitfalls. And while privacy, security, and performance tend to garner the headlines, the growing risk to reputation is gaining increasing attention.
A new study by the Economist Intelligence Unit commissioned by IBM reveals that reputational risks extend far beyond faulty products or shoddy services. Companies face serious risks to their brand if their IT is compromised. From stolen customer data to hacked passwords – an IT security breach can lead to dramatic and negative sentiment about a company and its image. Continue Reading »
By John Potter
When I speak to enterprise CIOs about the cloud, one issue comes up in conversation more than any other: security.
As the momentum grows around cloud services, enterprises are starting to move toward this model of computing, recognizing the benefits they can gain in terms of flexibility and scalability. However, the anticipated revolution is more of a slow evolution with a significant number of large businesses still sitting on the sidelines. The main reason for their reluctance: concerns over reliability, performance, and most of all, security.
The cloud may be a relatively new concept, but these concerns aren’t. For businesses, customer data and intellectual property are often the currency with the highest value. They demand a cloud that lets them protect this data using the same enterprise-grade security they’ve experienced in their existing corporate networks. They want to know that their most important currency is protected as it travels to and from the cloud. Continue Reading »
For security officials, the first half of 2012 was marked by intelligence and sophistication – which, when it comes to securing a computer network, are not always positive traits. Yesterday IBM released the results of the X-Force 2012 Mid-Year Trend and Risk Report. The report highlights a sharp increase in browser-related exploits, weaknesses around password security, and growing operational challenges in the adoption mobile “bring your own device (BYOD) programs and policies since last year. In fact, half of all the Chief Information Security Officers interviewed indicated that mobile BYOD security is their greatest near-term technology concern.
There’s no question that protecting a business from IT security threats is getting increasingly complex for companies of all sizes – particularly with the rapid adoption of innovative technologies like mobility, cloud computing, big data analysis and social collaboration. Increased concern about privacy protection, regulatory compliance and rapid globalization add additional dimensions of complexity.
It is clear the ability to succeed in their efforts is hindered by the lack of security skills and requirements to work with tighter budgets. According to Frost and Sullivan’s 2011 (ISC)2 Global Information Security Workforce Study, a lack of skills has made many cybersecurity professionals under-qualified to adequately secure organizations from threats associated with adoption of social media, cloud computing, mobile devices and software applications. The 2010 Center for Strategic & International Studies (CSIS) report called “A Human Capital Crisis in Cybersecurity” documented a need for 30,000 cybersecurity professionals in the United States, with only 1,000 positions filled.
There’s an evolution going on in the executive suite–emerging technologies like mobile, cloud and embedded devices are making the world more instrumented, and at the same time, producing huge amounts of data. Senior executives are paying close attention to these emerging technologies, not only because of the opportunity to learn more about behavior, but also because of the potential security risks they pose. With this, security is increasingly moving beyond simply a technology issue to a business issue. Continue Reading »
The nature of IT security in 2011 shows evolution at work. While some positive trends and improvements have emerged in thwarting security vulnerabilities, attacker’s methods continued to adapt.
Issued today, the 2011 IBM X-Force Report shows surprising improvements in several areas of security such as a reduction in application security vulnerabilities, exploit code and spam. As a result, the report suggests attackers today are being forced to rethink their tactics to targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices. Continue Reading »
In the digital age, increasing amounts of data are being shared in new and often unanticipated ways. This proliferation of data, devices and connections brings a set of new security threats. And midsize companies, in particular, are feeling the heat.
While security budgets are often at risk for cuts, recovering from the damage a security breach can cause could cost a midsize much more in lost revenue and productivity. No matter how big or small a business may be, a security glitch is not an option. This is especially the case for midsize companies that operate with tight budgets and limited IT staff.
It has become more important, yet more difficult, to secure and protect critical information and related assets. Whether it’s evaluating the potential risk to the brand, understanding the financial implications of adverse events or assessing the impact of IT systems disruptions on ongoing operations, developing security intelligence – the ability to predict, identify and react to potential threats – is taking on new importance.