As the new administration adjusts regulations, chief information security officers (CISOs) will need to add governmental cyber regulations to their daily watchlists. Consider the following key areas that impact enterprise security in multiple ways.

Federal Cybersecurity Regulations

The Cybersecurity Information Sharing Act of 2015 provides a framework for the federal government, some state governments and private industry to securely share cyberthreat information. As part of that action, the Security and Exchange Commission (SEC) established guidelines for regulated firms to comply with specific regulations. For example, the SEC recently settled a case with a company that suffered a data breach that compromised the personally identifiable information (PII) of nearly 100,000 people, showing its commitment to increasing security — particularly in the financial sector.

Government Fraud and Waste

Banking and finance regulations have been the focus of attention in the years since the Great Recession, and offshore tax evasion has been high on the Department of Justice’s list of targets. In 2015, the DOJ, under its Swiss Bank Program, entered agreements with multiple banks to encourage cooperation with regard to financial transactions.

Additionally, the Organization for Economic Cooperation and Development (OECD) created a global standard for financial institutions to exchange account information automatically in an effort to restrict offshore tax evasion. These efforts need to be understood and considered as companies conduct business around the globe. CISOs must institute measures to alert them when suspicious activities threaten their standard business practices.

Corporate Compliance

The Organizational Sentencing Guidelines of 1991 set the stage for federal oversight of corporate activities. In 2015, the DOJ hired a compliance counsel to guide prosecutors with regard to specific charges that might be brought against companies.

Since that time, the DOJ has demonstrated a commitment to pursuing a variety of charges. New guidelines are likely to bring about changes in how the agency monitors compliance. CISOs need to be aware of changes and update their compliance practices as needed.

Global Cooperation

The internationally connected internet narrows or eliminates separations between regulators in countries around the globe. This connectedness increases the complexity of interactions in companies, some of which may not even know the specific countries where they are doing business. Privacy regulations vary widely and change frequently as governments strive to protect their own and their citizens’ interests. CISOs need to be vigilant about changes in regulations on a global basis.

Focus on Money Laundering

Global trade involves the movement of money across international borders, and some governments are concerned about funds being routed to terrorist organizations. Closely associated with those concerns is the prospect of money laundering that hides the sources and destinations of funds. CISOs must monitor the routes of transactions and assure they are within federal and state guidelines.

Trade Sanctions as Foreign Policy

Trade sanctions have long been used to encourage behavioral changes in foreign governments. The U.S. has increased its use of sanctions for a variety of purposes against countries in recent years. Often, those sanctions impose criminal or civil penalties against U.S. companies that violate them. CISOs need to understand the specifics of international sanctions and monitor the sources and destinations of business transactions that take place across borders to be in full compliance with laws.

Government regulations are in flux, and CISOs are responsible for the security and compliance of their companies’ transactions and business dealings. They must maintain a current view of government rules and understand how they apply to and affect the data that flows in and out of the organization, even if they are not responsible for the contents of those transactions.

Listen to the podcast: Lessons from the NIST Cybersecurity Framework

The post Cybersecurity Regulations Get Demanding appeared first on Security Intelligence.

Having a secure connection also makes it harder for cybercriminals to insert man-in-the-middle (MitM) or man-in-the-browser (MitB) attacks, and it prevents users from getting malware through this channel. It also prevents fraudsters from injecting unwelcome ads into the browsing session.

There are other benefits as well. Internet providers can’t easily track what pages users are seeing when this traffic traverses their networks, since the traffic is encrypted. Plus, Google offers benefits to sites that make use of HTTPS in its search rankings.

Making the Switch

But it isn’t as easy as just swapping out one protocol for another. The Guardian released an interesting case study about the publication’s own experience in this matter, which should be required reading for any IT department that is considering a switch from HTTP to HTTPS.

One issue is that many of the publication’s partners, such as advertising agencies and networks, didn’t support HTTPS. This is, perhaps, the biggest limiting factor in making the move to encryption. Before these entities began supporting HTTPS, the publication was not able to adopt the more secure protocols.

Second, the editorial team had to migrate older content, particularly interactive content, over to HTTPS and ensure that nothing broke in the transfer. The team decided to tackle it piecemeal, with one audience and one project at a time, to gain experience and resolve problems for each project before moving on to the next one.

Completing the HTTPS Transition

The IT staff made use of three important techniques: monitoring, stack changes and using early adopters. Monitoring is key — did overall readership drop as a result of the implementation? What about page error rates or other warnings? Keeping a close eye on these metrics is a great early warning system.

Next, they made changes to their web stack and migrated their back-end systems first before making any changes to their front ends. This made problems easier to identify and fix. Part of the stack changes required them to work with their content network provider to add redirection rules, log all mixed mode warnings and employ various automated scripts to update their old URLs to take advantage of HTTPS. They also got rid of their URL-shortening service, since Twitter no longer counts characters in its message URL links.

Finally, the team asked for users’ help, partly to get additional early warnings of any errors in the migration. This included having The Guardian’s own journalists participate in the process so that they would view the secure version of the site early in the process.

All told, the publication’s editorial, sales and IT staffs collaborated over the three-year transition, and now it is completely running over HTTPS. The teamwork provides a great model for other organizations looking to make the switch.

The post Making the Move to an All-HTTPS Network appeared first on Security Intelligence.

Many security professionals have fallen into this hole, and it’s easy to see how. Any security briefing will tell you that the capability, sophistication and volume of cyberattacks hitting the U.K. on a daily basis is growing, seemingly exponentially. You can see how people connect the dots and start thinking about super secure, dedicated data centers and 10-digit passwords that change every day.

But that is the wrong answer. Even if you follow all those best practices, you wouldn’t increase your security posture that much. It would be a total waste of time if the economy goes into free fall because no one can do any work.

Introducing the UK’s National Cyber Security Centre

That is why I am so pleased by the launch of the U.K. government’s National Cyber Security Centre (NCSC). This team really knows about IT security and has seen the ugly truth about how good the bad can be, yet it does not advocate impossible-to-implement standards. Here is an organization that uses the cloud extensively and promotes simpler password rules.

In short, the NCSC is rethinking the old tried-and-true security techniques that have been developed over the years and instead asking, “Why?” This is just the kind of fresh approach we need to make the U.K. one of the safest places to do business online in an affordable and realistic way.

The Potential of Cognitive Security

A security regime breaks down into three parts: prevent, detect and respond. Up until now, security teams have always focused on the prevention component — getting the basics right — and a certain amount of detection — knowing when the basics were not enough. But just knowing you have a problem is not enough. As an old friend of mine in the Royal Navy once said, “Knowing you have a missile coming in is a good start, but little comfort if you can’t do anything about it.”

Once we know we have a potentially successful cyberattack, we have to turn our attention to identifying what is happening to which parts of our system. Then we must move quickly and precisely to coordinate our response in a consistent and audited manner. This is where IBM sees the great power of cognitive computing, in which we leverage machine learning and reasoning engines to help human security teams quickly identify the attack, which elements of the systems are affected and what would be the best way to respond.

We can use automation and integration to enrich the information at every step of the process to support decision-makers and help them become informed and coordinated across the entire organization, not just IT. In this way, we can reduce weeks of intense work to hours or minutes.

Talk About Security at CYBERUK 2017

IBM Security is proud to sponsor CYBERUK 2017, the U.K. government’s biggest and most influential artificial intelligence and cybersecurity event to date, to show support for this major initiative.

Visit our stand (H1) in the exhibition area to talk about security with IBM Security experts and try our virtual reality security operations center (SOC) experience. Through a VR headset, visitors will experience the process of detecting a threat using the latest technologies, including QRadar, Watson for Cyber Security and Resilient, our incident response platform, to locate and mitigate a threat at speed and scale.

For those wishing to gain a deeper understanding of these technologies in action, we will be running a Cognitive Security Operations Center Workshop on Tuesday, March 14, to show how machine learning and cognition, when integrated with an incident response platform, can help the U.K. government, the national critical infrastructure and British industry.

Learn more and register to attend CyberUK 2017

The post The First Rule of Security Club: Don’t Talk About Security appeared first on Security Intelligence.

This is one of the main reasons why IBM recently announced the Cognitive Security Operations Center (SOC). An industry first, the Cognitive SOC uses Watson for Cyber Security to improve analysts’ ability to fill gaps in intelligence and act with speed and accuracy.

Watson Powers the Cognitive SOC

George Mina, program director of Watson for Cyber Security, recently sat down with Chris Meenan, director of QRadar product management and strategy, to discuss the Cognitive SOC and how it will revolutionize security operations.

Mina: For those who haven’t heard about it, what exactly is a cognitive SOC?

Meenan: A cognitive SOC is all about helping organizations utilize structured and unstructured data from internal and external sources to better detect and respond to threats across networks, endpoints, users and cloud. And because the cognitive SOC is powered by Watson for Cyber Security, it’s a system that continuously learns, reasons and understands.

Join the Feb. 28 webinar: How Watson is Revolutionizing the Security Operations Center

Mina: There’s a lot of buzz in the marketplace around artificial intelligence (AI). Is this AI?

Meenan: This is absolutely AI, although we are redefining it as augmented intelligence. What we’re doing is helping security analysts with a trusted advisor. Today in security operations, analysts have an extremely tough job. Not only are they inundated with alerts, but they have to be increasingly knowledgeable because the threats are evolving so quickly, and there are always new types of malware and new threat actors.

So analysts have a lot on their plates just to keep up with, and on top of that they’ve got to triage all these alerts and incidents, so they need help. The Cognitive SOC is intended to help these analysts do their job, to make them more effective and less likely to miss threats.

Preparing for the Cognitive Revolution

Mina: I recall the cognitive security study IBM did last year showed that in the next three years the adoption rate of cognitive solutions will triple, and I’m sure it’s very much due to these reasons you’ve just cited. Now, let’s talk a bit about the type of information we’re feeding Watson for Cyber Security.

Meenan: This has actually been a momentous project. We have been feeding Watson with threat intelligence data, blog posts, forums, Wikipedia articles, threat research … all being absorbed on a real-time basis. In addition, people, of course, publish new indicators, new behaviors, new attack patterns, new malware all the time, and Watson is continually reading and learning from these new insights as well.

This information is available to all of our Cognitive SOCs, so as soon as one of our Cognitive SOCs spots a new behavior or pattern, Watson for Cyber Security connects the dots instantly to help us understand what we’re dealing with. Needless to say, this all happens much more quickly than it’s ever been able to before.

Teaching Watson the Language of Security

Mina: So there’s a vast volume of information that we’re tapping into with Watson. Tell me more about the machine learning elements and how we’re training Watson.

Meenan: There are two major types of data: structured and unstructured. Structured data is straightforward — it’s a known quantity. But unstructured data in the form of imprecise human language is where so much of the value is. This value is found by joining documents together, by understanding what type of malware, for example, is exploiting what type of vulnerability that’s used by what types of threat actor.

These are the sorts of things that appear a lot in unstructured data. But to get to this point, we actually had to teach Watson how to read and how to understand not just natural language, but also the language of security so that we could give it a threat report and it could read it and identify who’s the threat actor, what’s the malware, what are the vulnerabilities, what are the attack vectors. So we actually spent a lot of time teaching Watson how to do all that and now that we’ve done it, Watson is literally reading tens of thousands of articles every day on the internet and it’s pulling in all that information and it’s learning and growing.

The Cognitive SOC in Action

Mina: So Watson isn’t simply ingesting this data, but there’s an actual sense of deep learning, of making sense of this information and truly understanding the language of cybersecurity. It’s this unstructured data that’s most valuable. Remembering that that data was unintelligible before, you can really start to see the value of Watson and its ability to connect the dots.

Meenan: We launched our beta program for this a couple of months ago and we have some fantastic use cases of support. Just as an example, one of our beta customers was using QRadar Advisor with Watson, and it had a distributed denial-of-service (DDoS) attack on its network. So it gave this to its level 1 and 2 analysts to analyze using their traditional, structured threat intelligence feed and their other best practices.

Sure enough they said yes, it’s a DDoS attack, they looked it up, it’s well-known as a source of DDoS. The threat was mitigated, they were blocking it and they put the IP addresses on a watchlist, and all this took about an hour and a half.

Then they sent it to Watson for Cyber Security via QRadar and it came back in two minutes and said, yes, this is a DDoS, but actually this source is associated with other threat campaigns and those threat campaigns use XYZ attack vectors and indicators of compromise. And they actually found they’d been compromised by those other attacks vectors, and they would have completely missed it without Watson. That’s a perfect example of what Watson is able to do, because it’s connecting the dots that structured data isn’t able to provide and that analysts don’t always have the time or resources to work out. This is where augmented intelligence can dramatically improve security.

Connecting the Dots

Mina: This story perfectly illustrates the three gaps that cognitive security aims to solve and why we’ve made this huge investment in Watson for Cyber Security.

First, the intelligence gap — being able to tap into that large corpus of knowledge to uncover the relationships and patterns multiple steps beyond what a security analyst would likely see. Second is the speed piece — being able to do all this and draw these conclusions in a matter of minutes. And then, finally, accuracy — having the confidence from evidence-based findings that, for instance, this DDoS attack is related to other attack vectors that the analysts alone could have missed.

Tell me now how our readers can actually access Watson for Cyber Security.

Meenan: When we set about building this product, we wanted it to be accessible by everyone in minutes. We wanted to use the power of the cloud, so we built a Watson for Cyber Security cloud service and then we created a lightweight QRadar app available on our IBM App Exchange that users can download and install into QRadar in minutes. It doesn’t need any extra infrastructure whatsoever; it just plugs straight into QRadar and connects to the Watson for Cyber Security cloud service.

Then, when there are incidents and anomalies that users want analyzed, they simply click a button and literally a minute later they get their results. Many of our beta customers were actually getting their first results within 10 or 15 minutes of installing the app, and that’s information that previously would have taken days to compile.

The main use case is just getting a much better picture of the whole threat environment. What we’re seeing is that users who submit incidents for analysis are getting more knowledge back because they’re getting a fuller picture of the entire threat environment — they’re actually identifying threats that they’d previously missed because Watson is connecting the dots that their existing data feeds were not catching or they didn’t have the time to research and investigate.

Fundamentally, they’re just getting through more work more effectively because they’re don’t have to spend so much time digging, pivoting, searching, looking up sources — Watson is doing all that work for them and then just presenting the results. With this app, Watson becomes a trusted advisor sitting by your side to help uncover new insights.

A 30-day free trial of the IBM QRadar Advisor with Watson app is available on Feb. 28.

Join the Feb. 28 webinar: How Watson is Revolutionizing the Security Operations Center

The post Connecting the Dots With the IBM Cognitive SOC and Watson for Cyber Security appeared first on Security Intelligence.

Top Three Attractions at the Gartner IAM Summit

Featured speakers will include IAM experts from IBM Security, who will be giving away swag and educational materials at the IBM booth. Below is a guide to the must-attend sessions and must-have swag at the Gartner IAM Summit.

Watch the on-demand webinar: How to Know if Cloud IAM is Your Perfect Match

1. Learn About IAM-as-a-Service With the Ultimate IDaaS Kit

If you are coming to the Gartner IAM Summit in London to learn more about the agility, security and cost savings of cloud-delivered identity and access management, don’t pass up the chance to get your free IDaaS Success Kit at the IBM Security Booth. In this kit, you will receive three guides that will help you:

• Calculate the cost savings of IAM-as-a-service.
• Create a customized list of your IAM needs.
• Compare top IDaaS vendors.

2. Learn How to Reduce Organizational Risk With IAM Expertise and Actionable Intelligence

Your IAM solution is the cornerstone of your security program because it can answer two critical questions about your users: “Who are they?” and “What are they doing?”

Security experts from IBM will discuss these key questions and how to protect your organization from insider threats in this must-attend session.

• Session title: “Security Starts With People”
• Date: March 6, 2017
• Time: 14:30 to 15:00
• Speakers: Jason Keenaghan, Angelika Steinacker

3. Learn About IAM’s Important Role in GDPR Compliance

May 25, 2018 is right around the corner, and the heat is on for organizations that are bound to adhere to the European Union’s General Data Protection Regulation (GDPR). Don’t miss this roundtable discussion with IBM Security experts who will discuss how IAM-related controls will play an important role in meeting the new law’s requirements.

• Session title: “GDPR: The Heat Is on…Yes…but…What’s the IAM Role in It?”
• Date: March 7, 2017
• Time: 14:20 to 15:05
• Speakers: Andrea Rossi, Sridhar Muppidi

Start Your Cloud IAM Journey Today

Can’t make it to the Gartner IAM Summit in London this year? Not to worry! You can watch our on-demand webinar to start learning more about cloud-delivered IAM today.

The post Gartner IAM Summit London 2017: Your Guide to the Swag and Must-Attend Sessions appeared first on Security Intelligence.

The Best Defense

IT leaders must continuously verify and combat new threats, insiders, malware techniques or other forms of attacks. Security analysts are always running to investigate events and flows using software and tools. Obviously, these tools are crucial to help IT professionals organize their initial security programs and later bolster their defenses. But what is the most important attention point for a security team?

The imperative is always the same: Reduce the elapsed time between the violation and the remediation. That requires hard work, especially when privileged users are involved. It also requires a big budget, since reliable software solutions are expensive. There is, however, a more rudimentary yet effective defense mechanism that won’t break the bank: user education.

The Value of User Education

Education is fundamental in every discipline — in ordinary life, at work, and in the context of social groups, relationships and the digital world. Still, IT leaders too often undervalue user education and user behavior analytics (UBA), which creates opportunities for attackers.

In fact, threat actors constantly monitor users’ activities to identify potential vulnerabilities to exploit. Meanwhile, security teams are merely playing defense. But before taking an offensive stand against these threats, organizations must thoroughly train their employees to adopt good security practices.

Think of everyday valuables such as your wallet, smartphone and keys. You always know where they are and how they are being used. Employees must protect their identities, passwords and devices with the same level of vigilance.

This is where security awareness and education initiatives can step in and help. Users need to know how to create complex passwords and change them periodically. Whenever possible, they should use multifactor authentication when logging into sensitive accounts. Furthermore, employees should know which devices they’re expected to use, who else can access them and how they’re secured.

A Breach Is Just a Click Away

As a general rule, users should assume that each mouse click or keystroke represents the origin of a possible attack. They must also establish definitive trust before sharing any sensitive information, the same way they would treat a face-to-face interaction.

Think of traditional mail, for example. First we see the sender address and postal stamp, then we open the envelope and read the letter. We cannot click links, execute commands or open files that might lead to cyberattacks — instead, we must read, read and read again before acting. Users need to apply this principle to their online safety practices.

It seems like an impossible task, but it really isn’t. It’s just a matter of educating users, establishing good habits and spreading awareness — three invaluable security solutions any organization can afford.

The post The Best Defense Is a Good Offense: The Value of User Education appeared first on Security Intelligence.

A staggering 20,000-plus vulnerabilities were found on the DOI’s systems (some dating back to 2009) along with nearly 4,000 patches. The IG’s recommendation? Install BigFix immediately. A related article found that a number of the endpoints and servers did not have BigFix installed and as a result could not adequately identify unauthorized devices and associated vulnerabilities.

If there’s a silver lining here, it’s that these high-profile breaches are accelerating the adoption of major initiatives such as the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program. CDM provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based on potential impacts and enable cybersecurity personnel to mitigate the most significant problems first.

Agencies need to identify potential threats in minutes, not weeks. Real-time knowledge of each endpoint’s status and overall security posture is invaluable. In the most recent case, IG cited continuous monitoring and configuration of endpoints as well as the need to quickly address vulnerabilities in order to protect the data belonging to the 24 exposed endpoints within the agency.

Meeting the Increasing Federal Requirements for Security Compliance

A holistic CDM solution must be able to continuously monitor, manage and mitigate vulnerabilities while providing a rapid return on investment. Many endpoint solutions that lay claim to continuous monitoring are based on the old paradigm for vulnerability management that implements disparate technologies for assessment and remediation. This approach can leave agencies with major compliance gaps and little time to investigate the implementation of a truly continuous monitoring solution. Considering today’s threat environment and the amount of malware released by cybercriminals, this approach to security management falls dangerously short.

An effective CDM solution must do the following:

• Deliver visibility, control and remediation of all endpoints, regardless of their type, location or bandwidth
• Provide continuous monitoring of the infrastructure to identify security issues as they occur and remediate them in real time
• Deliver reporting that proves compliance with cybersecurity and data privacy regulations under a number of standards, including the Security Content Automation Protocol (SCAP), the Federal Desktop Core Configuration (FDCC), the U.S. Government Configuration Baseline (USGCB) , the Defense Information Systems Agency (DISA), the Security Technical Implementation Guides (STIG), the Center for Internet Security (CIS), the Payment Card Industry Data Security Standard (PCI DSS) and others
• Fund compliance operations in a way that delivers rapid time-to-value while leveraging existing infrastructure investment

A Better Way Forward

Continuous monitoring is a necessary mandate that ensures business continuity and federal IT security compliance within the government and national critical infrastructure. Ultimately, federal agencies need to implement a continuous management solution to meet the requirements of current and future mandates. Even more importantly, they need to secure the nation’s networks from cyberthreats that could compromise national security.

An enterprise cybersecurity solution can help government agencies combat threats and eliminate vulnerabilities. That’s why more than 55 U.S. Federal agencies have standardized on IBM BigFix to manage and secure over 4 million workstations, servers (both physical and virtual), and many other endpoints across a vast array of operating systems. Such solutions deliver real-time, continuous endpoint security and compliance by leveraging a library of many thousands of checks. It’s also a major factor in IG’s recommendation to the DOI to install IBM BigFix on all endpoints in light of the most recent security exposure.

Listen to the FedScoop podcast on endpoint security

These out-of-the-box checks greatly accelerate an organization’s time-to-compliance and remediation, especially when compared to less-mature tools that require administrators to create scripts for each new task or action. A unified platform needs to secure and manage endpoints across heterogeneous operating system environments, enabling situational awareness and incident response, simplifying federal security compliance requirements and protecting the nation’s front lines throughout the cyber battlefield.

The post National Security Requires Real-Time Endpoint Compliance appeared first on Security Intelligence.

Uniting Remediation and Security Teams

Some corporate managers see the security folks as part of the problem, but rarely as part of the solution. The defensive teams are responsible for identifying the risks, vulnerabilities and threats confronting the business, but they aren’t usually responsible for actually addressing those issues. Instead, they are viewed as the human equivalent of a frequent car alarm — always going off when the wind shifts or crying wolf at false red flags that don’t really identify actionable issues.

The defenders need the remediation teams — the individuals who typically don’t have security in their titles but are essential players in security nevertheless. These are the folks who have to clean up after an infection, update Windows after Patch Tuesday revelations, handle router firmware upgrades and perform other chores to keep the infrastructure humming along. They can come from many departments, including application developers, system administrators, DevOps leads and network operations center staffers, just to name a few.

Communication Breakdown

Not helping matters is how the defenders communicate with the remediators. A defender might, for example, send a huge, hundred-plus page report to someone with a note saying, “Fix these things” without even so much as a “please.” In another situation, defenders may run a vulnerability scanner that shows thousands of issues that need fixing. That has to change.

The time has come to put together a mechanism to bring both sides to a common goal. Defenders and remediators must work to understand where the other team is coming from and apply a little empathy to bridge the gap. There has to be agreement on common metrics to measure everyone’s success and a closed feedback loop so the two sides can monitor progress.

Shifting Perspective

For the two teams to collaborate effectively, they need to assess remediation resources and align them so that both defenders and the remediators are covered. For example, instead of listing hundreds of vulnerabilities, security teams should provide prescriptive direction, specifying which patches need to be applied to which servers.

The reality, according to the Kenna Security post, is that “100 percent, foolproof, absolute security isn’t a realistic goal, and if security is focused on that as an objective, they’re only setting everyone up for failure.” It is time to change that perception and perspective.

The post Time to End the Tension Between Corporate Remediation and Security Teams appeared first on Security Intelligence.

There is also a continuous stream of discourse on both the positive and negative aspects of this digital revolution. Many laud detailed, insightful solutions such as IBM Watson for the tremendous benefits they bring to the health care industry. This acclaim contrasts with health concerns related to the extensive use of certain technologies, such as cellphones.

Very few of these discussions, however, have focused on the disconnect inherent in the digital ecosystem. These inconsistencies can create concerns related to information security, privacy and compliance.

Connecting a Fragmented Digital World

In any major evolution, there are always going to be gaps in the desired or even expected connections. The aggressive move toward train travel in the 19th century had a signature moment in the U.S. when the transcontinental railroad was completed in 1869. During this time, however, there were still some 20 different rail types that would necessitate difficult transitions for people and goods traveling around the country.

The ongoing transformation to a digital world is no exception, and there are certainly myriad disconnects to be found. We will focus on several key areas in which these disconnects may present issues related to security and compliance.

Communication From the Top-Down

Let’s start at the top — in this case the top of the organization. Business leaders indicate the importance of security and compliance to the organization in a variety of ways. Common vehicles include periodic communications, general conduct guidelines for members and specific policies related to information security.

Is there consistency in the messages transmitted to different levels of the organization? Does everyone buy in to the level of importance? In practice, does the behavior of the organization differ in substantial ways from the overall goals of the enterprise? The answers to these questions can help IT leaders identify material disconnects.

To cite an example from our daily life, I’m sure most people understand the need to drive cautiously and at appropriate speeds. Everyone knows the posted speed policy, and yet many drivers exceed the limit. A comparable example in the enterprise IT world would be a policy requiring the encryption of all confidential data at rest. Some employees might ignore this standard due to the increased complexity and other performance factors that might result from full compliance with the policy.

Contract Negotiations

Another area that could present substantial gaps is formal contract negotiations between parties. A great deal of effort is put into establishing a contract that protects the interests of both parties, and there are often specific requirements related to the protection of information and services.

However, it is not always straightforward to accurately translate all the applicable contract provisions into actionable policies and procedures for a particular IT deployment. Also, there may be several layers in the organization between those who negotiate the contract and those who interact directly with the data and services. Do the people in charge of implementation and operation understand all the relevant IT security provisions of the contract? In practice, does the environment provide the necessary protections?

Policy and Tools

How about an example from an area that is near and dear to many IT practitioners? That is, the availability of tools that effectively and efficiently support policy rules. Creating good information security policies is certainly hard work, but it is often easier to get the new policy down on paper than it is to acquire, develop, deploy and migrate to tools that can operationally support new policies. This disconnect can lead to additional cost, complexity and inconsistencies in security posture within the organization.

The example above is related primarily to privacy, security and compliance tools, but what about the solutions we utilize each day to get things done, both in our professional and personal worlds? Are there situations in your organization that present gaps in a consistent security posture? Do certain solutions involve stringent controls while alternate, approved solutions have lax controls? Perhaps your organization has specific policies regarding the protection of confidential data in enterprise-provided tools, but the bring-your-own-device (BYOD) option and related services present opportunities to overlook or bypass controls.

Information Blindness

Ironically, the continuous stream of digital information itself can create a dissociative effect. Digital feeds such as social media, email, enterprise messaging and collaborative communities inundate individuals to the point where they become info-blind. People are unable to recognize the important slivers of information within the digital landscape before them.

How many helpful informational messages are sent in your organization each day, week and month? Are personnel now in the habit of simply filing these away or deleting them before absorbing what may be an important security item? In the same way that startups and DevOps talk about the minimum viable product (MVP), as described in “The Lean Startup: How Today’s Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses,” by Eric Ries, perhaps we need something akin to a minimum viable digital insight for security.

For individual consumers of information, you may want to check out “The Information Diet: A Case for Conscious Consumption,” by Clay Johnson, for thoughts on managing the digital flood.

Mind the Gaps in Your Digital Transformation

I’m looking forward to a time when more IT security professionals can make use of newly available solutions that deliver greater levels of awareness, deep insights and subject matter expert (SME) augmentation, which can dramatically increase an organization’s security posture.

Solutions such as IBM Watson Security for Cyber Security and the new IBM Machine Learning offering depend on extensive data feeds from the digital world. They may even be able to identify certain gaps in privacy, security and compliance, but there will always be a set of disconnects that we need to identify through a variety of other means. As we keep moving forward with our digital, always-on evolution, we should always remember to mind the gaps.

Learn More About IBM Watson for Cyber Security

The post The Disconnected Digital World appeared first on Security Intelligence.

The “2017 Identity Fraud Study” by Javelin Strategy & Research revealed that the number of identity fraud victims has increased by 16 percent, rising to 15.4 million U.S. consumers.

The study also found that despite the ongoing efforts to prevent these breaches, fraudsters were able to steal a total amount of $16 billion last year, up $1 billion or 6.67 percent from 2015. One interesting example is the resurrection of account takeover (ATO) attacks, which rose 61 percent to $2.3 billion in total losses, marking a major comeback since the 2015 report.

All in all, 2016 was a very successful year for cybercriminals, who largely abandoned areas with heightened security in favor of less fashionable techniques such as card-not-present (CNP) fraud and successfully exploited the path of least resistance.

A Swinging Trapeze Act

With a growing number of digital interactions and the variety of new malware configurations released on a daily basis, keeping up with the countless trends can feel like a swinging trapeze act, one that requires continuous training, split-second timing and teamwork.

Organizations are required to securely manage digital identities. This poses a dilemma: How can IT teams provide a seamless experience to real customers while maintaining cybersecurity mechanisms to keep fraudulent activity out?

On the one hand, the growing number and variety of daily events requires substantial manual analysis, which can force the organization to increase its security team’s headcount. On the other hand, successfully verifying digital identities sometimes incurs additional security measures, which may ultimately have a negative impact on the customer experience and overall usability.

Using Adaptive Security as a Safety Net

In the early days of the circus, flying trapeze acts often performed without safety nets or were pulled in during high-risk maneuvers. Nowadays, IT leaders must provide a safety net to end users in the form of adaptable security measures across various stages of the digital journey.

The key lies in the organization’s ability to protect itself and its customers in a constantly changing risk environment while leveraging adaptive security and intelligence mechanisms. Just as not all trapeze artists agree on taking the same risks, financial organizations often have differing levels of risk tolerance.

IBM Trusteer leverages cognitive fraud detection across different security layers to identify and analyze large amounts of previously untapped unstructured data. By using machine learning, statistical analysis, graph analysis and more, IBM Trusteer continuously analyzes banking sessions while comparing them against previously analyzed patterns. This means that organizations can now make use of these adaptive security measures to further improve customers’ online experience.

Learn more about how Cognitive fraud detection fuels adaptable intelligence

The post Adaptive Security: The Safety Net in the Flying Trapeze Act appeared first on Security Intelligence.