Mobile World Live spoke to Martin Borrett, distinguished engineer and CTO, IBM Security Europe (pictured, right), about the steps the company is taking to ensure the security of its partners and customers in the next-generation era of connectivity.
How have security risks increased with today’s technology landscape?
As the world has become increasingly digital and connected, crime has also gone digital and now represents one of the greatest threats to companies around the world. Cybercrime is estimated to cost the global economy around $600 billion annually.
The amount of data being lost or stolen each year continues to rise, with more than 8.5 billion records compromised in 2019 alone: that’s more compromised records than the amount of people on the planet currently (7.7 billion).
That said, through innovation and collaboration amongst the security community, we can create better approaches for cybersecurity that are designed to work with today’s connected technology landscape and stay ahead of evolving threats.
What are some of the steps IBM is taking to ensure the safety of its customers and partners?
The security challenges facing organisations in every industry mean that we need to continue to invest in both open standards-based platforms that enable teams to get more out of the security investments they already have, and build partnerships with security vendors of every size.
We know that customers get tremendous value when their tools work together. Today, many customers need to hire security engineers at nearly the same rate to make sure their tools work together. In fact, the majority of teams hire about a 1:1 ratio of engineers to analysts. By adopting open source code and standards, the security industry can help organisations speed their time-to-value and reduce the cost of integrating their tools.
With that in mind, we are focused on building solutions that will help our clients embrace things like decentralised identity and cloud native data security solution that span the lifecycle of data regardless of where it resides. And because the threats that clients face are becoming more complex and more numerous, we’re constantly applying AI and automation to modernise threat management.
What are the challenges of safeguarding connected systems, factories and utilities?
According to IBM X-Force analysis, attacks targeting Industrial Control Systems and Operational Technology have grown by 2,000 per cent since 2018: in fact, in 2019, the number was the highest it’s been in the last three years.
One of the key challenges in safeguarding this broader ecosystem of technology is cultural. As organisations connect new systems and devices including operational technology they do not always think with a security mindset. Two key areas that companies should focus on is building the right teams, and rehearsing their response to various risk scenarios.
Do you believe that increased security risks are inevitable as more data becomes available?
This is very much the risk that we face. Cybercrime is 21st century organised crime, with the vast majority of attacks being driven by highly organised crime rings in which data, tools and expertise is widely shared. Security teams are overwhelmed with growing volumes of attack and attack related data: these analysts are sifting through 200,000 security events per day on average, in addition to staying up to date on the latest security research being published on new threats, malware and more. As threats grow, demand for security talent is increasing, yet the talent pipeline is struggling to keep pace.
That said, we see companies embracing new approaches designed to address these challenges and take advantage of modern IT infrastructures.
For instance, enterprises are increasingly looking for integrated and actionable architectures that will help them overcome the “tool sprawl” and complexity challenges facing their security teams. We also see a movement towards embracing open standards. This means that open, integrated platforms will beat out best-of-breed point solutions.
How much of a factor is security when it comes to industries aiming to digitise and transform their operations?
Security is a key consideration for organisations as they continue to digitise and move towards hybrid multi-cloud. Cloud is an opportunity to do security right, but most deployments are never fully public cloud but a combination of public and private, or what we call hybrid multi-cloud. However, failing to ensure the proper security processes are in place during the transition to cloud is a huge concern: in fact, 86 per cent of records compromised in 2019 were due to misconfigured cloud servers and other improperly configured systems according to IBM’s recent Threat Intelligence Index.
IBM has extended its market leading offerings in Data Protection, Identity Access Management and Threat Management to the work in the various cloud environments, to help our clients as they navigate these challenges. Our X-Force Cloud Services teams can help with everything from designing a cloud security strategy, to centralising policy management across your hybrid cloud environment, to deploying security controls at cloud speed to meet the fast pace of DevOps.
Another big focus companies will tackle this year on the journey to digital transformation is an overhaul of Identity and Access Management. Organisations are looking to provide frictionless experiences and give more control to their users. To effectively deliver on these goals organisations will move toward consolidating their IAM solutions, which will help them close security gaps and drive innovation and growth.
In addition to IAM projects, 2020 will be a year where security teams will look to cloud native controls to drive data security. End-to-end data lifecycle management will give organisation confidence embracing the cloud.
This article was originally due to appear in the MWC20 Barcelona Show Daily newspapers as part of our conference speaker coverage. Due to the cancellation of the event we are instead publishing online.Subscribe to our daily newsletter Back