Generic
We train everything – why not cyber security?
31/07/2017 | Written by: Erno Doorenspleet
Categorized: Generic
Share this post:
“By failing to prepare, you are preparing to fail.”
Although I think everybody agrees with this famous quote by Benjamin Franklin, when it comes to cyber security, my own experience still differs. While the importance of lifelong learning, of company-wide fire drills and disaster recovery schemes is evident to all, I have the impression that a similar intensive cyber attack preparedness is still underestimated. In any case, lifelike cyber attack simulations are not an unnecessary luxury in a time when cybercrime and data breaches hit the news as regular as clockwork.
You’re both the weakest link and the best solution
That is why we decided, as part of our recent investment of $200 million towards a major expansion of our incident response capabilities, to build the industry’s first physical Cyber Range for the commercial sector, where participants experience preparing for and responding to cyber attacks using live malware and real-world scenarios. After all, if you think that the right infrastructure and the appropriate security software will provide you with a 100% protection rate, you better think again. We can’t forget that even in a virtual world, decisions are still made by people – and nobody’s perfect. People tend to react differently under the enormous amount of pressure a cyber attack brings with it. Emotions at a management level tend to increase. While your theoretical road map may include a nice outline of what to do in case cyber disaster strikes, theory alone is by no means a guarantee that everything will pan out nicely and exactly as planned. On top of that, every situation is different, and a lifelike simulation might prepare you for any variations. However, if it’s true that humans make mistakes, they also are the key to a solution. A Cyber Range experience is an ideal opportunity to discover who can really keep a cool head and take charge when confronted with an attack.
Digitalized business = everyone impacted
While they also need to be thoroughly trained, the guys and girls in the cybersecurity department generally know what’s up – to them, we never really have to underline the impact a cyberattack can have. That’s the thing, though: a cyberattack impacts the whole organization. Every department can be affected, but every department can also be part of the solution: that is often being forgotten. In a digitalized environment, all business processes can suffer, and your whole organization can grind to a halt from one moment to the next. That’s why the need for cybersecurity drills is so urgent – to let people across departments realize how an attack impacts them. What do C-Suite executives need to do? How will the PR manager communicate on the issue, and reduce reputational damage? How will logistics managers react to their planning tools being out of order? How will your legal department respond to new regulations? Companies should be up and running again as soon as possible – time is money, and products and services need to be provided. If your IT or cybersecurity staff are the only ones that know what to do, it might very well be the case that someone at the other end of your organization thinks the problems are solved and just goes about their daily routine, unaware of the imminent dangers.
Beating the bad guys to it
Our Cyber Range anticipates all of the above, and offers a personalized experience (complemented with the expertise and knowledge we source from our own Security Operation Centers) that is adapted to the sector and the specific vulnerabilities of specific clients. It’s only by doing so that we can truly anticipate a cybersecurity sector that is evolving at an insanely fast pace, and in which those with bad intentions become more inventive by the day. Staying one step ahead is key – and the key to that is a thorough preparation.
The state-of-the-art Cyber Range is only the next chapter in our continuous push for increased security here at IBM. To learn more about the importance of breach preparedness attend IBM’s Benelux Security Summit on may 17 in Utrecht.
Global Executive Security Advisor, IBM Security X-Force Command
Is regulation enabling or hindering innovation in the financial services industry?
Anne Leslie, Cloud Risk & Controls Leader Europe, IBM Cloud for Financial Services Europe’s financial services sector is in the throes of wide scale digital transformation – a transition being accelerated by the growing adoption of digital solutions and services to help keep up with the demands of digitally savvy consumers. While there can be […]
The Digital Operational Resilience Act for Financial Services: Harmonised rules, broader scope of application
The Digital Operational Resilience Act – what and why As part of the European Commission’s Digital Finance Package, the new Digital Operational Resilience Act, or in short DORA, will come into force in the coming period. The aim of DORA is to establish uniform requirements across the EU that improve the cybersecurity and operational resilience […]
Banking on empathy
Suppose you’re owning a small boutique wine shop and have gone through two difficult years because of the Covid-19 pandemic. As the pandemic seems to be on its way back, it is time to revitalize the shop. And this causes direct a huge challenge: the wine stock needs to be replenished but you have used […]