Cybersecurity in the Cognitive Era: Priming Your Digital Immune System

©2015 IBM Corporation1 May 3, 2023

Cybersecurity in the cognitive eraPriming your digital immune system

David Jarvis, IBM Institute for Business ValueDiana Kelley, IBM Security

Today’s speakers

David JarvisSecurity & CIO LeadIBM Institute for Business Valuehttps://securityintelligence.com/author/david-jarvis https://www.linkedin.com/in/davidajarvishttp://twitter.com/dajarvis

Diana KelleyExecutive Security AdvisorIBM Securityhttps://securityintelligence.com/author/diana-kelleyhttps://www.linkedin.com/in/dianakelleysecuritycurve

https://securityintelligence.com/author/david-jarvis

https://securityintelligence.com/author/david-jarvis

https://www.linkedin.com/in/davidajarvis

https://www.linkedin.com/in/davidajarvis

http://twitter.com/dajarvis

http://twitter.com/dajarvis

https://securityintelligence.com/author/diana-kelley

https://securityintelligence.com/author/diana-kelley

https://www.linkedin.com/in/dianakelleysecuritycurve

Entering the cognitive era of security solutionsCybersecurity is reaching an inflection point:

– Increasing numbers and sophistication of threats on track to surpass current capabilities to address and mitigate them

– Volume of adverse events and incidents surpassing the capacity of most security operations teams

– Financial costs and risks are growing rapidlySecurity organizations need to leverage new capabilities to get ahead of the risks and challenges

But with mounting skills and resource gaps, spending more and staffing up security operations is getting harder and harder to do

What if?

– You could enhance the effectiveness of security operations with new tools that could ingest and organize the threat landscape much more rapidly

– Systems could be taught how to bring better context to each threat and identify real ones with greater accuracy

©2016 IBM Corporation May 3, 20234

Agenda

Overview Approach and firmographics

The current context Challenges, practices and gaps

Enter cognitive security solutions Benefits and challenges of cognitive security

Primed for cognitive security Characteristics of those that are ready

Recommendations How to start your cognitive security journey


Industry

We surveyed a balanced distribution of 700 security professionals in 35 countries, representing 18 industries

Over $10B

$500M - $1B

$1B – $5B

15%

40%

20%

Company size (in $USD annualized revenue)

Under $500M 20%

$5B – $10B

5%

Geography

North America

Central and South America

Middle East and Africa

Western Europe

Central and Eastern Europe

Asia Pacific

Japan

The current context

©2015 IBM Corporation7 May 3, 2023

“It’s literally like being a merchant sailor in the golden age of piracy —there is no navy to protect you, there is no police force, you are on your own. On top of that, many don’t know how to sail their boats, and they can’t fire back at the attackers (it’s illegal). You are literally trying to survive in a hostile world with both arms tied behind your back. However, you do have some really interesting and sophisticated tools to use that tell you all about your threats.”David Shipley – Director of Strategic Initiatives, Information Technology Services, University of New Brunswick


The current security operations context from our data

Dealing with increasing costs and justifying investments with the business

Worried about addressing speed and complexity of threats

Focused on impacts to operations and brand reputation

Improving security operations capabilities

Working to address gaps in network and data security and threat response

#1 cybersecurity challenge today and tomorrow is reducing average incident response and resolution time

78% have seen the cost for cybersecurity

increase in the last two years

57% looking to improve monitoring of network,

application, and data-level security in the next 2-3 years

68% say the loss of brand reputation

presents the greatest future concern as a major impact of an

intrusion


The top challenge today is around response speed – analytics will get even more focus in the future


Companies are increasingly concerned about a loss of reputation in the future – surpassing operational disruption

The rising costs of cybersecurity infrastructure also becomes a more substantial issue in the future – increasing ~2X from today

~2X increase in the worry around

loss of brand reputation as a

major impact of an intrusion

Most significant impacts enterprise has experienced / expect from intrusions

74% 57%Operational disruption

Data breach without financial or IP loss 37% 26%

Loss of brand reputation 68%35%

Rising costs for cybersecurity infrastructure 25% 43%

Regulatory violations 20% 23%

Financial loss 20% 31%

Stolen intellectual property 20% 32%

In the futurePast 2 years

Criminal prosecution & liability 5% 4%


Almost everything is important, but network and data protection coupled with speed are the weakest areas for most


Significantly changing priorities in the future suggest some gaps may widen if future initiatives don’t align to challenges


With security costs continuing to rise, security leaders are going to be under increased pressure to justify investments

Cost

78% have seen the cost for cybersecurity increase in the last two years

84% expect it to continue to increase in the next 2-3 years

Investment

70% spend over 10% of their IT budget on cybersecurity –focused mainly on prevention and detection

ROI

63% get over a 25% ROI on their cybersecurity investments

With the majority getting between a 25-50% ROI


This most important factor to obtain funding approval hinges on clear communication of risks and benefits

External industry expert opinion (security, legal, compliance, regulatory)

Third-party security services recommendations (managed security services, security consulting)

A high-profile breach in my industry

Cross-functional support from finance, risk management, operations, or other executives

Description of current risk exposure/gap in your company

0% 20% 40% 60% 80%

21%

24%

43%

51%

61%

Factors used to justify a request for cybersecurity-related investments

92% say their funding requests for cybersecurity initiatives require a return on investment (ROI) or other financial analysis for justification and approval


That communication has to be in the language of the business, cost to fix simply isn’t enough for financial analyses

Payback period

Cost of capital

Direct loss: equity, cash, intellectual property value, reputation

Opportunity cost; benefits lost as a result of a breach

Cost to fix

0% 10% 20% 30% 40% 50% 60% 70%

16%

31%

41%

46%

66%

Most important quantitative variables typically used in ROI/financial analysis for cybersecurity investments

Don’t underestimate the importance of incorporating opportunity cost/loss and direct loss into investment justifications – speak in the language of the business


A Canadian leader in financial protection, wealth and asset management takes a unique approach to create value

The right tone from the top

Their well educated CEO makes security #1 across the C-suite and promotes collaboration

This approach has reduced the friction associated with improving risk posture through projects and operations

Creating a solid business case for security

They look at the upstream and downstream benefits to the business from their security investmentsUse their security capabilities to improve overall business efficiency in a number of ways, for example:• Retire low use websites• Bandwidth savings based on blocking transactions

coming into the environment• Improve employee productivity by effective spam

mitigation

“I consider myself the Chief Marketing Officer of security to the rest of the enterprise, evangelizing the benefits of a strong security posture supported by demonstrating the value it brings to my stakeholders”


These challenges, weaknesses, efforts and pressures expose three gaps to address – in intelligence, speed and accuracy

#2 most challenging area today is optimizing accuracy alerts (too many false positives)

#3 most challenging area due to insufficient resources is threat identification, monitoring and escalating potential incidents (61% selecting)

Speed gapThe top cybersecurity challenge today and tomorrow is reducing average incident response and resolution time

This is despite the fact that 80% said their incident response speed is much faster than two years ago

Accuracy gapIntelligence gap

#1 most challenging area due to insufficient resources is threat research (65% selecting)

#3 highest cybersecurity challenge today is keeping current on new threats and vulnerabilities (40% selecting)

Addressing gaps while managing cost and ROI pressures

Enter cognitive security solutions


Cognitive security is the implementation of two broad and related capabilities:

– The use of cognitive systems to analyze security trends and distill enormous volumes of structured and unstructured data into information, and then into actionable knowledge to enable continuous security and business improvement

– The use of automated, data-driven security technologies, techniques and processes that support cognitive systems’ having the highest level of context and accuracy

To close the gaps, different technologies and approaches are needed – enter cognitive security

Enhance the work of SOC analysts

Speed response with external intelligence

Identify threats with advanced analytics

Strengthen application security

Reduce enterprise risk

Benefits


Traditionalsecurity data

Cognitive security solutions can help tap the tremendous amount of security knowledge created for human consumption

• Research documents

• Industry publications

• Forensic information

• Threat intelligence commentary

• Conference presentations

• Analyst reports

• Webpages

• Wikis• Blogs• News sources• Newsletters• Tweets

Security knowledge dark to defensesTypical organizations leverage only 8% of this content*

Human generated knowledge

• Security events and alerts• Logs and configuration data

• User and network activity• Threat and vulnerability feeds

* Forrester Research: Can You Give The Business The Data That It Needs? November 2013

Examples include:


Almost two thirds believe cognitive security solutions will address gaps – with ~20% planning to adopt in 2-3 years

Expectations Top 3 perceived benefits Adoption

Believe that “cognitive security” solutions can significantly slow down cybercriminals

57%

#1 Intelligence

#2 Speed

#3 Accuracy Although only 7% of the total sample are currently working on implementing cognitive-enabled security solutions today – this rises to 21% in the next 2-3 years

3X

Today Next 2-3 years

Improve detection and incident response decision-making capabilities (40%)

Significantly improve incident response time (37%)

Provide increased confidence to discriminate between events and true incidents (36%)


Factors holding back adoption include overall maturity and secondarily, budget and communicating the benefits

Don’t understand what is really meant by cognitive security solu-tions

Not convinced of value added to current cybersecurity solutions and capabilities

Not convinced of the benefits versus other solutions

Not ready from an infrastructure perspective (security operations center, software, hardware)

Lack of sufficient budget/funding to invest in this in the next 2–3 years

Too difficult to communicate benefits to decision-makers/lack proof points or use-cases

Lack of internal skills/competency to implement

Not ready from a competency perspective (skills, process, methods)

0% 10% 20% 30% 40% 50%

0%

15%

16%

25%

28%

28%

45%

45%

Most are convinced of the value add and benefits of cognitive security solutions and don’t feel it is a top challenge


EY sees how cognitive security solutions could be a way to reduce the overall level of enterprise riskSeeing internal and external challenges

A rapid pace of technological change and adversaries advancing their tools and techniques Digital innovation and transformation efforts within organizations are pushing the enterprise flat – how do you move fast with digital transformation without creating a more porous perimeter?

Reducing overall risk with cognitive security solutions

Cognitive security solutions could:• Provide better threat intelligence, helping to understand

potential attacks in the future• Act as an expert advisor for a security operations

analyst, it could not only enhance their expertise, but also may help to adapt and evolve security controls based on what the system has learned over time

• Help to manage GRC, deciphering the different requirements from multiple regulatory agencies

“There is a massive amount of noise out there, the human brain can’t process everything on a day to day basis – we need something to help, something like AI or cognitive technologies.”Chad Holmes, Principal and Cyber Strategy, Technology and Growth Leader (CTO) at Ernst & Young LLP

Primed for cognitive security


“We are poised to take the next step with cognitive and intelligent solutions that will efficiently ingest, organize and bring context to an enormous amount to security information and knowledge which today consumes a lot of our time and resources.”A Canadian leader in financial protection, wealth and asset management


We profiled participants based on their security effectiveness and appreciation of cognitive benefits

Security effectiveness Cognitive understanding Cognitive readiness

Foundational capabilities – risk awareness across the company, IT hygiene

Advanced capabilities – intelligent security and rapid threat response, robust data security and privacy

Believe cognitive security solutions can:

Improve detection and incident response decision-making capabilities

Provide increased confidence to discriminate between events and true incidents

Significantly improve incident response time

Are implementing or planning on implementing cognitive enabled security solutions

Ready to implement next-generation cognitive enabled security now

Believe that cognitive security solutions can significantly slow down cyber criminals


An analysis of the responses to these questions revealed three distinct clusters

Pressured

52% Primed

22% Prudent

27% Organization More likely to report to the

CIO/CTOMore likely to report to the CEO

More likely to report to the CIO/CTO

Resources

Lower % of IT budget allocated to cybersecurity

More likely to report challenges with obtaining sufficient funding and filling a shortage of staff

Higher % of IT budget allocated to cybersecurity

Higher % of IT budget allocated to cybersecurity

PerformanceLarge majority feel they are on

par compared with other companies

Large majority feel they are on par compared with other companies

Best self-assessed preparedness compared with other companies

Cognitive familiarity & challenges

A lower general familiarity with cognitive security features and value

More likely to report a lack of sufficient funding an adoption challenge for cognitive solutions

More likely to say that are not ready from a competency perspective to adopt cognitive-enabled security solutions and have trouble communicating the benefits

A higher general familiarity with cognitive security features and value


The Primed have a better familiarity with cognitive security and higher confidence, budget, and ROI than others


The Primed generally employ a more mature approach to their security practices


“Cognitive security has so much potential — you can meet your labor shortage gap, you can reduce your risk profile, you can increase your efficiency of response. It can help you understand the narrative story. People consume stories — this happened, then this happened, with this impact, by this person. Additionally, cognitive canlower the skills it takes to get involvedin cybersecurity. It allows you to bringin new perspectives from non-IT backgrounds into cracking the problem.”David Shipley – Director of Strategic Initiatives, Information Technology Services, University of New Brunswick


Although cognitive security solutions are still an emerging technology area, there are things you can do today to prepare

Recognize your weaknesses

Look at the primary weaknesses and vulnerabilities within your organization. How are they connected? What is a priority? Evaluate your intelligence, speed and accuracy.

Become educated about cognitive

security capabilities

Take a holistic and formal approach to learn about cognitive security solutions. There could be many misconceptions in your organization from a capability, cost and implementation perspective.

Define an investment plan

It is difficult to build an investment case when a technology is new and unproven – focus on the fact that cognitive security is a capability that can improve the overall effectiveness of security operations.

Look to augment your capabilities,

no matter your maturity

Cognitive security solutions are an emerging technology area, and its unique characteristics can benefit organizations of all sizes. Whether you are Pressured, Prudent or Primed, there are things you can do.

THANK YOU


Learn more about the study: Cybersecurity in the cognitive era

Visit ibm.com/security/cognitive to download the report

Read the blog at Securityintelligence.com

http://ibm.com/security/cognitive

https://securityintelligence.com/cognitive-security-to-the-rescue-study-predicts-widespread-adoption-in-the-next-few-years/


Learn more about IBM Security

A global leader in enterprise security• #1 in enterprise security

software and services*

• 7,500+ people

• 12,000+ customers

• 133 countries

• 3,500+ security patents

• 19 acquisitions since 2002

*According to Technology Business Research, Inc. (TBR) 2016

Join IBM X-Force Exchangexforce.ibmcloud.com

Visit our websiteibm.com/security

Watch our videos on YouTubeIBM Security Channel

Read new blog postsSecurityIntelligence.com

Follow us on Twitter@ibmsecurity

http://xforce.ibmcloud.com/

http://www.ibm.com/security/

https://www.youtube.com/channel/UClAgZm2OXFpX8WoMsOpWoXA



http://securityintelligence.com/

http://www.twitter.com/ibmsecurity


Learn more about the IBM Institute for Business Value

For more information To learn more about this IBM Institute for Business Value study, please contact us at [email protected]. Follow @IBMIBV on Twitter, and for a full catalog of our research or to subscribe to our monthly newsletter, visit: ibm.com/iibv Access IBM Institute for Business Value executive reports on your mobile device by downloading the free “IBM IBV” app for your phone or tablet from your app store.

The right partner for a changing world At IBM, we collaborate with our clients, bringing together business insight, advanced research and technology to give them a distinct advantage in today’s rapidly changing environment.

IBM Institute for Business Value The IBM Institute for Business Value, part of IBM Global Business Services, develops fact-based strategic insights for senior business executives around critical public and private sector issues.

©2015 IBM Corporation