Tushar Haralkar, IBM Security Software
According to a recent IBM Cost of a Data Breach Report, organizations with fully deployed security AI and automation save $3.05 million per data breach compared to those without. That’s a 65.2% difference in average breach cost. As cyber gangs refine tactics, they are often backed by substantial private or state funding. AI-powered cyberattacks will only become more common in the near future. In the meantime, security teams are understaffed.
Due to the increasing use of cloud computing and third-party providers, it has become difficult to define and secure attack surfaces. Increasingly, businesses and agencies are turning to AI and automation to protect themselves. As cyber threats increase and change, the stakes could not be higher. Eventuality preparedness has become more important than ever. As we progress into India’s techade, AI and automation will be critical components of this new security landscape. In the same vein, Tushar Haralkar, IBM Security Software, Technical Sales Leader, India/South Asia Region recently spoke to Dataquest.
DQ: We have been hearing about a lot of cyber-attacks post-pandemic. However, what have you been witnessing?
Tushar Haralkar: As reported in the Cost of Data Breach Report 2022, India’s data breach costs rose to 176 million in 2022, nearly 25% over the past two years. These breaches are taking longer to identify and contain. Additionally, 5G will enable more devices to connect at fast speeds, placing a great deal of pressure on updating security monitoring methods. Similarly, AI and hybrid cloud will be able to scale in a way never imagined before, and cybersecurity is going to be a major factor. As we increase our dependency on digital technologies, businesses have begun to realize that identifying and closing security gaps is the key to ensuring their future is resilient.
In spite of the increasing number of cyberattacks, and the speedy digitization that the pandemic ushered in, the security skills shortage isn’t improving at the same rate. In fact, according to an IBM study, 62% of global businesses that suffered a breach in the past year lacked sufficient security staff, costing an average of $550,000. This Cybersecurity Awareness Month, businesses need to build a culture of cybersecurity that protects and strengthens digital defences in order to stay ahead of hackers. To close the talent gap and create cyber superheroes, organizations need to commit to investing in university programs, technical training, and certifications in collaboration with an ecosystem of partners and industry associations.
DQ: How have you been helping organizations cope with these attacks?
Tushar Haralkar: Cybersecurity is one of our major investment priorities and growth verticals in India and Asia Pacific. By using our broad range of expertise and capabilities, including IBM’s Security Command Center and IBM’s Security Operations Center, we are doing our part to help India strengthen its digital defences. We ALIGN the security strategy to the business, PROTECT identities, data, apps, endpoints, and cloud, MANAGE defences against growing threats and MODERNIZE security architecture with an open platform.
The best way to ensure everyone in the organization knows their roles and what to do in a given situation is to rehearse for various types of potential security incidents. Through our Command Center facility, we recreate the environment and pressure in a very realistic way, to put those skills to the test.
IBM Command Centers help test their teams’ skills and response plans and learn where gaps may exist for improvement, in a variety of gamified challenges based on real-world attacks – this includes challenges for cross-business “fusion team” response to an attack, to technical trainings for security and IT staff. We have been investing in India, and the Command Center cyber range is part of our continued efforts to bring the best capabilities for our customers here.
DQ: What are the long terms implications of a cyber-attack on organizations?
Tushar Haralkar: As our reliance on technology grows, so will the complexity and scale of cybersecurity threats. Each year, cybercrime costs billions of dollars and increases in frequency, scope, and severity. Data breaches are more costly and more damaging than ever before, as IBM Security’s annual Cost of a Data Breach Report revealed, with the global average cost of a data breach reaching an all-time high of $4.35 million. Cyberattacks are now directly affecting cost of goods, contributing to inflation and soaring prices, and consumers are paying the price. In a world where zero trust is resisted, high impact breaches will become more common and harder to detect and contain.
DQ: What must organizations do to protect themselves from cyber-attacks?
Tushar Haralkar: The majority of security teams today are unknowingly building “less trust” networks, not zero trust networks. By approaching our environment as if it’s compromised and under attack, we can solve this problem by turning the tables and looking at networks through the eyes of an attacker. Companies should focus on detection, threat hunting, scrutinizing connections and relationships, and leveraging AI and analytics. In the next year, extended detection and response (XDR) will gain a lot of traction by providing security analysts with high-fidelity insights and quick responses.
As companies adapt to and overcome new security challenges in the digital age, they should also practice security preparedness. A recent IBM Security Incident Responder report found that 53% of incident responders in India commonly respond to two or more overlapping incidents at the same time in the face of a growing number of cyberattacks. To strengthen security defences, playbooks for Incident Response should be developed, tested regularly, and thought beyond the technical aspects. As cyber threats increase, businesses and industry need to establish a cyber preparedness plan that can adapt to these dynamic changes.
DQ: Kindly highlight top 6 observations/trends of the evolving cybersecurity landscape?
Tushar Haralkar: Cyber security issues continue to evolve and become more complex as the threat landscape changes. For companies to be prepared for protection challenges in the upcoming year, here are some key observations/trends to consider.
- Critical Infrastructure Showing “Blind Trust” – Critical infrastructure has been reshaped by the pandemic. There were great hurdles to overcome in order to keep up with production in the last two years, more than ever. Our critical infrastructure cannot be over-trusted. As attackers pursue disruption rather than data theft, this sector is at the top of the target list. We have to put our defense on the offense and assume the adversary is already in their environment.
- Cloud Insecurity – As we enter the next phase of cloud maturity, the security industry should make the most of this shift and re-design security services for cloud-based environments. Clouds and security tools themselves are not the problem, but rather the need for a more CONNECTED means of hybrid cloud security. To connect tools and clouds, we need security tools that are built on open foundations.
- It is time to take quantum-safe seriously – Quantum computers are maturing faster than we could have imagined years ago. They may also pose new, fundamental threats to today’s shared digital infrastructure. Quantum-safe cryptography will be essential to protect communication networks, transactions, and sensitive data in the era of fault-tolerant quantum computing.
- Security AI and Automation is Giving Defenders a Boost – The most recent IBM Cost of a Data Breach Report shows that organizations with fully deployed security AI and automation save $3.05 million per data breach. That’s a 65.2% difference in average breach cost. As we progress into India’s techade, AI and automation will be critical components of this new security landscape.
- Zero Trust and XDR Strategy has to integrate – Zero Trust and XDR strategy integrated approach can help organizations modernize security operations and adopt digital transformation that will allow security to become a business enabler by dynamically adapting to users, datasets, and workloads throughout the business – no matter where they are.
- We need Cyber Superheroes – Cybersecurity threats are growing in both volume and sophistication. In order to counter and prevent such cyberattacks, a constant supply of rightly skilled talent is necessary. As ransomware thrives, it’s clear there needs to be a bigger focus on finding security professionals to fill these roles.