Mid-sized businesses are in a tight spot. As their ability to collect customer data increases, so too does the burden of protecting that data. At a time when digital information regularly travels via mobile devices and in the cloud, a hacker’s access to that data multiplies. How have the tactics of hackers evolved? And how can a midsize company with limited resources stay ahead of the latest security threats?
To try to answer these questions, ForwardView spoke with Joseph Tal, a speaker for the IBM X-Force® team. One of the most renowned commercial security research and development teams in the world, IBM X-Force studies and monitors the latest threats and vulnerabilities facing security professionals. Read excerpts from the interview below.
ForwardView: What are some of the ways that IBM X-Force stays on top of the latest security threats?
Joseph Tal: We are always running research, trying to understand what kinds of vulnerabilities exist in the industry’s off-the-shelf products. On top of that, we have managed security services and monitor customers in more than 133 countries and try to understand what kind of attack patterns they’re getting. We get more than 15 billion security events per day. Based on that specific information, we analyze the attack patterns that exist in the wild, attack patterns that are targeting our customers.
ForwardView: How do you think the security concerns of a small or midsize company differ from those of a larger enterprise?
Joseph Tal: For midsize companies, it’s not in their DNA to deploy security measures or security controls to better maintain their data, compliance or whatever is needed to better protect themselves. So if you are a regular company that has antivirus on the end points, it’s not enough.
I’ll give you an example. By 1998, we were able to monitor almost any virus that was spreading in the wild. Since 2008, the spread of viruses is huge. They come in all shapes and forms. They can come through your mobile device, which is usually connected to your corporate e-mail. They connect to your laptop while you sit in an Internet cafe.
Attack patterns are changing, and we need to bring new ways and new technologies and new tools to mitigate these new challenges. Today most of the sophisticated attacks [are] targeting your mobile. We need to deploy security controls to better control your mobile device. And we [need to] better secure your laptop. Don’t allow anyone to install anything on your laptop. And if someone is installing something on your laptop, allow it in advance and control whatever is going on [your] laptop and mobile device.
ForwardView: What would you say are some of the most common security mistakes that a company makes?
Joseph Tal: Usually the business runs faster than security measures. Revenue comes from the business, so there is usually a race [for security] to keep up with the business. If there is a new capability to make faster revenue by using a mobile device or a new laptop or even a new form of point of sale in the field, usually security measures are not immediately taken into consideration.
ForwardView: You’ve talked about the evolution of security threats entering what you call a parasitic era. Can you explain?
Joseph Tal: Viruses and malware are spreading and evolving like nothing else in the real world. There are thousands and thousands of new types of malware and do-it-yourself kits. Basically, [a hacker] can go onto the Internet and download any kind of do-it-yourself malware kit and perform a QA [check] to make sure that the virus is able to hit the mark that [the hacker] wants to hit. And if it’s not working, he can get a refund on the software. We need to put security measures in every operational lifecycle to be able to mitigate all the threats out there. There [are] so many unknown threats that it’s unbelievable.
ForwardView: So it sounds like attackers have hit a whole other level of sophistication?
Joseph Tal: Absolutely. Just to give you an idea, in our IBM X-Force 2013 Mid-Year Trend and Risk Report, we were able to monitor a lot of spear-phishing attacks, SQL injections, DDoS [attacks], watering holes. All those things are things that we already know about.
But there [were] so many unknown attacks that [were] revealed only after we performed forensics and analysis on the customer premises. Only then were we able to understand that there was an attack or breach.
ForwardView: Can you talk about how cloud can impact a company from a security perspective?
Joseph Tal: Today, you can buy a service on the cloud very easily, and if you are going to deploy a service through a cloud platform, you need to invest more in that specific space of the cloud. It holds your name. It holds your brand. But it’s not on your premises, so you will need to put in place the same security measures [in the cloud] that you have within your organization.
ForwardView: Any advice that you would give a company that wants to strengthen their security posture?
Joseph Tal: First of all, perform a gap analysis. Invite our professional services and ask us to come and perform a vulnerability assessment on [your] public Web sites and internally. Second, deploy security controls and measures within the organization to understand exactly what kind of vulnerabilities you have. Deploy, as fast as possible, our intelligence platform. It’s going to give all the information that is needed to mitigate and understand what kind of security risk you hold today and to help you prepare for future attacks.