Security Intelligence Podcast

“Every cloud conversation should be also a security conversation,” says Anna Van Wassenaer, Cloud Business Development Leader, Europe, for IBM Security Services. Abhijit Chakravorty, Partner & Cloud Security Competency Leader for IBM Security, joins Van Wassenaer for a conversation about why cloud strategy should go hand-in-hand with a security strategy. The conversation covers the cloud threat landscape; balancing CISO, CIO and developer objectives for cloud migration; and advice on where to start when developing a cloud security strategy. For more on cloud security, visit the SecurityIntelligence blog: https://securityintelligence.com/category/cloud-protection/

"The idea of chaos engineering is essentially to help test resilience before an accident happens," says Itzik Kotler, co-founder and CTO of SafeBreach.  Kotler joins Matthew Dobbs, Chief Integration Architect for the IBM Security Command Center, for a conversation about the value of testing systems and people through "dynamic but controlled chaos." They discuss training for the shifting adversary landscape and TTPs, who benefits from chaos engineering training, and what makes for a good simulation experience. Read more about chaos engineering on the Security Intelligence blog: https://securityintelligence.com/posts/chaos-engineering-security-simulation-exercises-dynamic-threat-environments/

What are the top findings from the Cost of a Data Breach Report 2020? Charles DeBeck, a cyber threat intelligence expert with IBM X‑Force IRIS, talks about what drives costs higher for some organizations. "We observed a growing divide between organizations that were well prepared and organizations that weren't," DeBeck says. DeBeck covers more highlights from the report, including top root causes such as cloud misconfiguration and compromised credentials. He also shares what the study found were the most successful security measures for mitigating costs: security automation and incident response readiness. View highlights and download the report: https://www.ibm.com/security/digital-assets/cost-data-breach-report/

The threat landscape has changed as a result of the global pandemic. What does that mean for organizations and their employees? How can leaders "manage through chaos" successfully? Hosts Pam Cobb and David Moulton reflect on these questions by drawing on insights from speakers at IBM Think Digital 2020.  See the full sessions referenced in the episode: Address New Cybersecurity Risks - https://www.ibm.com/events/think/watch/replay/126550847/ Detect & Respond to Accelerating Threats - https://www.ibm.com/events/think/watch/replay/126499081/ Virtually Extend Your Security Team and Quickly Add Expertise -  https://www.ibm.com/events/think/watch/replay/126497278/

As digital transformation accelerates, so does the importance of verification. "I think it's become more important right now to ensure the right person has access to the right data and apps at the right time under the right circumstances," says Aarti Borkar, Vice President, OM, for IBM Security. "And to me that's Zero Trust." Borkar returns to the podcast to explore the connection between verification, context and successful applications of Zero Trust — or in other words, "Never trust, always verify." The conversation covers why the demands of remote work call for a Zero Trust philosophy; how Zero Trust goes hand in hand with innovation; and who on the leadership team can help apply context plus verification to an organization's security strategy. Read the full episode transcript on the SecurityIntelligence blog: https://securityintelligence.com/media/contextualizing-zero-trust/

"APT groups jump at the chance to take advantage of people's emotions," says Ryan Castillo, an analyst on the threat hunt and discovery team within IBM X‑Force IRIS. One such advanced persistent threat (APT) group has recently been detected mining the "treasure trove of COVID-19 lures" activated by overall uncertainty and misinformation in the face of the global pandemic. Castillo and Joshua Chung, a strategic cyber intel analyst for IBM X-Force IRIS, join the hosts to discuss recent activity from ITG16, a North Korean government state‑sponsored threat group. The conversation covers the threat group's targets and tactics and how they anticipate ITG16 to evolve their operations in the future. Read the full episode transcript on the SecurityIntelligence blog: https://securityintelligence.com/media/recent-activity-from-itg16-a-north-korean-threat-group/

If you introduced yourself at a dinner party and a short time later the host forgot your name, maybe you'd be confused and a little frustrated. The same goes for consumers when interacting with a brand, signing up or verifying their identity. "That kind of experience is something we see on a regular basis in many consumer applications where you're asking for information that isn't necessary or maybe you already have and should not be asking again," says Sean Brown, Program Director for IBM's identity and access management team. "And with that friction, consumers lose confidence."  For more stories on identity and access management, visit SecurityIntelligence.com. Brown and Martijn Loderus, Global CIAM Lead for IBM, join the podcast for a discussion of consumer identity and access management, or CIAM. The conversation covers the distinction between CIAM and traditional identity and access management; what happens when there's friction in the consumer authentication process; and how to create friction-less CIAM experiences for consumers without reducing any levels of security.

ITG08, which shares overlap with the group FIN6, is a financially motivated threat group known for currently targeting e-commerce platforms. Chris Caridi from IBM's Threat Intelligence Production Team and Ole Villadsen from the Threat Hunt and Discovery team of IBM X-Force IRIS join the hosts to explore research around the threat group. The conversation covers a discussion of advanced persistent threats (APTs); ITG08's tools, techniques and procedures (TTPs); and how organizations can effectively defend their assets against ITG08 and related criminal threat activity.   Learn more about the ITG08 threat group on the SecurityIntelligence blog: https://ibm.biz/BdqzjR

Human beings have inherent biases. That's all the more reason to make an effort to be "consciously unbiased" when developing artificial intelligence (AI). "When we build AI technology for mission-critical applications like security...we don't get to use that excuse of being unconsciously biased," said Aarti Borkar, Vice President of OM for IBM Security. Borkar joined the podcast for a conversation about steps in developing unbiased AI, why subject matter experts are instrumental in the process and how data security best practices come into play. Read the full episode transcript on the SecurityIntelligence blog: https://ibm.biz/BdqigH

Every year, IBM Security releases the X-Force Threat Intelligence Index. When asked what finding surprised him most from the 2020 report, Charles DeBeck, senior cyber threat intelligence researcher, highlighted OT security. "We saw threat actors in 2019 much more actively targeting the operational technology field than we saw in any previous year," he said. At the same time that threat actors are leveraging new targets, previously identified trends continue to have traction: ransomware, phishing and even leveraging spam vulnerabilities that are up to two years old. DeBeck returns to the podcast to unpack these trends, explore the impact on various industries and discuss how organizations can prioritize security measures. Read the full episode transcript on the SecurityIntelligence blog: https://ibm.biz/BdqEvA

Nearly a decade ago, Forrester championed the concept of "Zero Trust." Fast forward to today, and the industry is seeing a confluence of technology and strategy that has pushed Zero Trust from the theoretical realm into the practical. In brief terms, Zero Trust boils down to "never trust, always verify." Forrester analyst Chase Cunningham joins the podcast to dig into the depths behind that definition, including how the concept evolved, why the journey towards Zero Trust needs to begin with devices and users, why organizations benefit from a simplified security portfolio and how to coach the next generation on identity best practices. Plus, Pam and David discuss their resolutions for the new year and consider a line of security merch. For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn. Read the full episode transcript: https://ibm.biz/BdqRFU

"It's work to put together and come up with a diverse panel," co-host Pam Cobb observes about her work in the cybersecurity industry. "And diversity here is not just male and female. It is backgrounds and ways of thinking, and all of the different ways that we think of diversity." Bestselling author and entrepreneur Jane Frankland, whose company Cyber Security Capital focuses on gender inclusion in science, joins the podcast for a discussion about diversity in cybersecurity, particularly recruiting and retaining women. Cobb and Frankland discuss the skills that are needed in the security industry, how professionals can raise awareness about the skills gap, what people can do to get a foot in the door, and the benefits of a more diverse workforce. "I'm obsessional about this," Frankland says, "to be that change agent, and to enable both women coming into it and women already in it so that they can progress through the industry at whatever level that they want to be at." For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.

"State and local governments’ IT infrastructure is currently in a state of what we would call transformative change...making information technology now a primary medium for citizens to interact with their local government," explains Claire Zaboeva, an expert in identifying and assessing cyber-based threats for IBM X-Force IRIS. For all the benefits these changes bring, there's a flip side: there are now more vectors for threat actors to conduct malicious activities within government infrastructures.  Why are threat actors targeting state and local governments and how can states protect public infrastructure? Melissa Frydrych, who researches cyber threat intelligence for IBM X-Force IRIS, joins Zaboeva in a conversation about the kinds of preventative measures states are taking to protect everything from citizens to utilities to elections.  For more security stories and to learn more about the research covered in this episode, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.

Recovering from a ransomware attack isn't like paying your electric bill; there's no guarantee that the lights suddenly come back on. How, then, should organizations like municipalities and hospitals plan to remediate in the case of a ransomware attack — or better yet, take preventative security measures? Matthew DeFir and Robert Gates, both members of the IBM X-Force IRIS team, share their advice on how organizations can prevent ransomware attacks. They discuss why attackers choose moments when they can apply maximum pressure, the importance of backing up systems, insights into taxpayers' views on ransomware, and why organizations should not pay the ransom. Plus, Pam and David discuss how ransomware has impacted the cities they live in.  For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.

Cloud is not the ultimate destination; it's the path to an end goal. "The idea of cloud is to get you a modern architecture," says Vikram Chhabra, who leads product management for IBM Security Services with a focus on cloud and infrastructure security. "The destination is transformation to help you innovate and drive modern experiences for your end customers." Chhabra identifies multiple challenges as CISOs steer their businesses down this path to a modern architecture: talent, cloud controls, centralized strategy, compliance. Security — beginning with automation — can act as an enabler in light of these challenges. Chhabra chats with David about types of cloud models, who the CISO should partner with on cloud migration, and how to manage threats and prove continuous compliance in a cloud environment. Plus, Pam and David discuss their opinions on pineapple pizza (it's relevant, promise).  For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.

What’s the difference between a destructive attack and a traditional breach? “Destructive malware is malicious software that has the capability to render an effective system inoperable and also challenges reconstitution,” explains Charles DeBeck, a senior cyber threat intelligence researcher at IBM X-Force IRIS. A kind of attack originally associated with nation-states, new research suggests an expanding trend in who is employing destructive attacks, and where. Wendi Whitmore, director of the IBM X-Force Threat Intelligence team, says, “The average cost of one of these attacks — a destructive incident versus a traditional breach — is actually 61 times higher.” DeBeck and Whitmore join our hosts for a conversation about the evolution of destructive attacks, how organizations can defend against them, and how to best prepare for remediation. For a further look at trends in destructive attacks, visit SecurityIntelligence.com: https://ibm.co/2OFUHs5

As regulations such as GDPR and CCPA go into effect around the world, organizations are seeing the impact of data privacy laws on their businesses. As recent headlines show, fines are one possible impact, but they shouldn't be the only impetus to review privacy compliance and run through incident response plans.  "It really comes down to a matter of trust," says Monica Dubeau, privacy program director for IBM Security. "You need your clients to trust you. You want your clients to trust you. And your clients expect you to take care of their data and to make sure it's protected." Dubeau joins the podcast for a discussion about how GDPR has changed the way organizations are required to respond to data breaches, steps to building out a documented incident response plan, and the importance of continued cybersecurity education for consumers. For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.

On average, according to the 2019 Cost of a Data Breach Report, it takes 279 days to contain a data breach, up from 266 days last year. "I think it's true we're getting better identifying data breaches," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. However, at the same time as organizations improve their security postures, cybercriminals are becoming stealthier.  While factors such as a lack of preparedness or third-party risk can amplify the cost of a data breach, the good news is that, according to the findings in this year's report, incident response strategy, encryption technology, and other factors can mitigate the financial impact of a breach. In fact, the combination of having an incident response team and testing that plan can save $1.2 million for a business. Dr. Ponemon returns to the podcast to discuss the lifecycle of a data breach, variations by industry and region, and why organizations are increasingly sensitive to privacy and data protection. For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn. Explore the 2019 Cost of a Data Breach Report at databreachcalculator.mybluemix.net.

"I think we've really seen the concept of a SOC grow and evolve over the past 10 years or so," says Emma Bickerstaffe, Senior Research Analyst at the Information Security Forum. As your business and the threat landscape change, how do you keep pace with your security operations center (SOC)?    Bickerstaffe and Jamie Cowper, Product Marketing Manager at IBM Security, join the podcast for a discussion about building and enhancing a SOC, or "the eyes and ears of an organization." They cover business drivers for improving a SOC; perspectives on internal, external, and hybrid models; and the five core capabilities of a SOC. For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.

"We, as CISOs, and as risk management practitioners, and as risk executives, have to be aware that a risk rating vendor isn't the entire answer to our risk posture," says Shamla Naidoo, a Managing Partner at IBM Security who was most recently the global CISO for IBM. "It is a part of the answer, not the entire answer."  Naidoo joins David to discuss taking a 360 degree view of third party risk. They explore why risk rating reports are the beginning of risk management but not the end; why trust and transparency is critical in relationships among all parties; and the value in taking an objective approach to testing risk postures.  For more security stories, visit SecurityIntelligence.com or follow IBM Security on Twitter and LinkedIn.