How Cognitive Could Help Companies Respond to Cyber Attacks

Share this post:

The state of cybersecurity is at an inflection point.

As the volume and sophistication of threats grow exponentially, security operations teams struggle to stay abreast using traditional approaches. At the same time, many organizations are faced with a lack of security experts with the right skills.

These different stresses make it difficult for organizations to maintain the digital “immune systems” they need to protect themselves, and to respond to threats quickly and efficiently.

Cognitive Security Solutions

Different technologies and approaches are needed.

The IBM Institute for Business Value (IBV) surveyed 700 chief information security officers (CISOs) and other security leaders from 35 countries, representing 18 industries for its new report, “Cybersecurity in the Cognitive Era.” The primary cybersecurity challenge for security executives, according to the report, is reducing the average incident response time.

A study by the Ponemon Institute this year found that the time required to identify a breach averaged 201 days. The time required to contain a breach averaged 70 days. Addressing a breach quickly can translate to significant savings of more than $1 million, according to Ponemon, if the incident can be contained in under 30 days.

Today, we are beginning to enter the cognitive era of security defined by solutions that can understand context, behavior and meaning by analyzing both structured and unstructured security data.

Cognitive security has the potential to unlock a new partnership between security analysts and their technology. These solutions ingest, organize and analyze large quantities of security data and events, while providing context to evaluate threats. This allows security analysts to focus on the most pressing threats and determine how to respond to them quickly and efficiency, rather than spending hours searching for the proverbial “needle in the haystack.”

Cognitive solutions also learn continuously as data accumulates and insights are derived. Cognitive systems will be used to analyze security trends and distill enormous volumes of structured and unstructured data into actionable knowledge, and blend that information with more traditional security data.

The Promise and Challenges of Cognitive

Many of those surveyed by the IBV believe that the benefits of cognitive security solutions will address the gaps they are facing. Even though cognitive security is still an emerging technology area, 57 percent already believe that cognitive security solutions can significantly slow the efforts of cyber criminals.

When the IBV asked security leaders to select the benefits of a cognitive-enhanced security solution, the study found that:

• 40 percent cited improved detection and incident response decision-making capabilities,
• 37 percent pointed to significantly improved incident response times, and;
• 36 percent said increased confidence to discriminate between events and true incidents.

Today, only seven percent of those surveyed by the IBV are working on implementing cognitive-enabled security solutions to improve cybersecurity risk preparedness. This is expected since the capability is so new. In the next two to three years, the number who plan to implement these solutions rises threefold to 21 percent.

Respondents did see potential challenges to the adoption of cognitive security solutions. It is not that security leaders don’t understand the technology conceptually or aren’t convinced of the value or the benefits versus other solutions; the challenges are more about skills, processes and methods.

Forty-five percent of respondents list the top adoption challenges as not being ready from a competency perspective and a lack of internal skills to implement. To address these concerns and ensure successful roll-outs of cognitive solutions, more education and preparation is needed.

To learn more about the new era of business, visit ibm.com/outthink.