TechRepublic’s Dan Patterson spoke with Ted Julian, VP of product management and co-founder of IBM Resilient, about a recent report the company did on cybersecurity preparedness.
Watch the video, or read the transcript of their conversation below:
Patterson: Ted, thanks a lot for your time today, let’s talk a little bit about the 2018 Cyber Resilient Organization study that IBM just released. According to your report, 72% of respondents to the survey feel as though they are more resilient today than they were last year and yet, this gap persists between actual preparedness and knowledge. What do you think leads to this gap?
Julian: Yeah, I think they’ve made some progress on hiring. It’s clear when you look at the survey results, that they brought some key people into the organization. And compared to last year, that probably, rightly so, makes them feel a little bit better about their preparedness, but it is true in terms of some of the underlying things that you’d want to look for, response plans, ones that you practice on a routine basis, things of this nature. They’ve still got work to do.
Patterson: There does seem to be an interesting false sense of security. Again, according to your report, another 77% of respondents said that they do not have an incident or disaster, a cyber disaster, preparedness plan. What leads to this high knowledge of need and also lack of preparedness?
Julian: Yeah, it’s a glaring gap for sure, and it’s something that we will be revisiting for sure when we do this study again. The best we can do at this point is hypothesize that this feeling of improvedness[sic] simply comes from, hey, we’ve worked really hard, we’ve gotten some key people in the good positions, and they’re going to have an impact and do the right things for the organization, but that’s fairly recent. They have yet to take action on some of these underlying activities like updating the response plan and practicing it. As I said, it’s a hypothesis, it’s a logical one, but it’s one that we’ll have to revisit next year.
Patterson: So what do you do at IBM Resilient to help increase not just the knowledge but actual preparedness?
Julian: Oh, thanks for asking that question. I mean, it’s a big part of why we started the company almost seven years ago, was to address this gap in the market between prevention and detection and response, and the response side, at that point, was really professional services, SWAT teams, to help you clean up the mess. Very little in terms of helping you get ready for that day and helping you be effective when that day comes. So that really is why we started the company, and it’s everything from, sure, you can put response plans in Resilient. You can do virtual tabletops where people get around the table and they go through the process of practicing that response, which is a really, really good idea. But on through to when that incident happens, people are using Resilient to orchestrate and automate the people-process and technology around incident response.
SEE: IT leader’s guide to cyberattack recovery (Tech Pro Research)
Patterson: I know particular when we speak to SMBs and startups, they will say, well look, I understand the need for cyber defense, but look, we just don’t have the resources. Enterprise companies say a similar thing, either my organization doesn’t have the resources or we simply don’t have the talent. There is a cyber skills gap that exists in the marketplace, so what strategies do you recommend companies do if they have some of these hurdles that they can make and produce effective results, whether it’s in an organization or at a SMB.
Julian: Yeah, we actually have a maturity model we’d be happy to share with you if it’s something that might be helpful to include in this, because it talks about different organizations at different stages of their maturity, what can they do? But at the low end, it does start with, if you don’t have a plan, you’ve got to get one and guess what? It can’t really be one plan, because what you do for a denial-of-service attack is very, very different from what you do for a malware outbreak. And then practice that plan, and include all the people that need to be involve, because it probably just isn’t people in IT. At the other end of the continuum, where you have much more sophisticated enterprise organizations, we find the opportunities for improvement lie more in orchestrating and automatic key steps of the process. At one level, just to give you the consistency and repeatability you’re really going to want, cause people move around, people change, that sort of thing. You can’t rely on heroics.
SEE: Disaster recovery: Tech tips and leadership advice (TechRepublic on Flipboard)
But two, to start to automate those key parts of the process that you came automate to get much greater efficiency out of the team that you do have. In other words, instead of having the key analyst in the sock have 10 tabs open in their browser of the different threat feeds that they use and other ways that they enrich their understanding of incidents, use something like Resilient to grab all that information generally automatically. So instead of having to gather that data, it’s just presented to them right when they need it and they can make the decisions based on it.