IBM Study on Evolution of Hacks

when it comes to cyber attacks. Yeah, really important story that we definitely need to keep monitoring, monitoring, and I think our next guest is going to help us be smarter on it. This is Charles Henderson, Global Managing Partner and head of IBMS X Force, joining us via zoom from Austin, Texas. Charles, thank you so much for being here with us. Give us just the lowdown on IBM

State of Security Report. What are your big takeaways? So you know, you think about every company that you just dealt with A closing Belle, and the name of the game is agency and return on investment and criminal organizations are no different. What you're seeing is organized crime step up to the plate and look at how do we gain efficiencies, how do we improve our gross profit margin, and how do we do that with automation. All the same things that you want to see companies doing, and

right now they're doing it exceedingly well. Go ahead, no, no, go ahead no. Really really interesting to hear you talk about them doing well, because we don't always get good good news on this topic. What are some of the other major findings when it comes to sort of where you're seeing energy attacks at X Force specifically, so you know, one of the key things the attackers are looking for. The criminals are looking for is leverage. They are looking

for real world output of their labors. So you know, if you think about like energy or manufacturing or industry a little tolerance for downtime, they are a key target of attackers because those sectors tend to know what the cost of downtime is going to be down to the

dollars and cents. So if you have ransomware against an energy provider and the lights go out or a manufacturing facility and the assembluny line star stops working, criminals are relying on the fact that they're likely to pay a ransom or extortion because they know how much it's costing them in the real world dollars. Hey, listen, what I'm always curious about it, and and I feel like at this point, Charles, we know that this is happening, right, It's happening around

the world. It's kind of a part of normal operations when it comes to business. What are we learning year by year? What's different about what happened last year versus the year before. Is it just the frequency, is it the type of cyber attacks that are happening? What is it or is it all kind of the same. It's just more perhaps, So you know, one of the biggest things, and I already talked about efficiency, but let's put that

into numbers. A ransomware activity on the part of a criminal enterprise takes ninety five percent less time than it did three years ago. So three years ago, we'd say two two and a half months soup denuts from the point at which they got in to the point at which they accomplished their goals. Now that's closer to four days. That is huge efficiency gains. That means that we as an industry have way less time to detect and respond to an active attack. That means we need to get better.

We need to gain those efficiencies as well. Where are we at now with those efficiencies? How what like letter grade would you give us in our ability to respond to these four day attacks? Not great? And I'll tell you why. We have a vulnerability debt that is going to be difficult to overcome. Most organizations cannot keep up with patching anymore, and so it's no longer a wise strategy to just try and keep everybody out and count

on that as working. So what we need to do is focus on assuming that you've been breached and what can you do to detect and respond to an attacker that's moving laterally through your environment. That pivot is going to be key as we go forward. Organizations are starting to do it. You see, you saw an executive order two years ago that has really changed the way a lot of organizations approach working from a sooon breach a strategy,

implementing zero trust strategies. All these things come together to modernize our approach to security. But the final piece of this is giving up on the perimeter and starting to focus on the interior. Hey, listen, one thing I was wondering, Charles, how much of an impact of a global war, the war in Ukraine. How is that impact in the frequency

and severity of cyber attacks? You know, it certainly didn't help in any time that you have conflict, you have folks that are straying, they're under stress, and that's exactly what criminals are looking for. They're looking for either supply chain stress, real world stress that they can pile onto with cyber attacks and gain leverage. Because at the end of the day, extortion is all about leverage. It's knowing that your victim has no choice but to pay you.

And this is also getting worse because of like activist groups. Right, I don't necessarily have the best understanding of those groups, but I know that it's not good and that they're getting better. Are you more concerned about them or about um more? I guess institutional hackers that we've already known about for some time. You know, Look, activism is a real problem for organizations. But at the end of the day,

I'm most concerned with the evolution of attacks. We've gone from the advanced technical attacker to organized crime employing business tactics that they've tested long and true in street crime and applying them to digital crime. And what that means is they're gaining efficiencies, they're working smarter, not harder, and they're using a fail fast mentality that quite frankly, it's going to be difficult to keep up with. If the defenders don't adapt as well, we're gonna need to start

thinking like attackers. Hey listen, but I wonder too, Charles, and I feel like this is just like I said, you know, cyber attacks, unfortunately, are just a way of life for us increasingly. So having said that, I mean, you guys certainly play into the space and provide, you know, ways for companies to protect themselves. What's the uptick that

you've seen in demand for your products? So you know, I would say that the biggest demand we are seeing now is for you know, threat hunting, adversary stimulation, things that help organizations think like an attacker. So they're concerned with their attack surface monitor and they're they're concerned with red teaming that will help them understand where they may have gaps in detection. So it's not enough just to defend anymore. Now you need to understand do your defenses

work and how are they working? Whereas in the past it was more of a bioproduct, set it and forget it.

Now it's more of an interrogation of those products. I wonder too, if you've seen any sort of interest from consumers about wanting to protect ourselves as well, and if you have any advice for the average listener out there who might be hearing this and thinking, yes, this is obviously bad for big companies and governments, but also we want to make sure we're protecting ourselves on an individual level from any cybersecurity threats. You know, everyone needs to

worry about cybersecurity now. It's no longer just big companies, and you know, you only need to look at the real world repercussions of cyber attack, whether it's colonial pipeline a year ago or any number things. But consumers can do some things just to protect themselves on a personal level. Multi factor authentication is huge, you know that's been in

the news a lot lately. But a lot of organizations, a lot of the businesses that you work with already offer multi factor authentication, but it doesn't come enabled by default necessarily, So go into your settings, look for multi factor authentication. They may call it two factor Authentication or other names similarly and enable it. Also, make sure that

your passwords are are not easily guessed. Make sure that you're not sharing passwords between multiple platforms because remember, if one password is compromised, you don't want it to affect you multiple times. Okay. And then finally, be aware of your surroundings into the digital realm. Understand that you're scammer on us out there and they're looking to take advantage of you. All right, Charles Henderson, thank you so much.

Global Managing Partner, head of x Force at IBM, joining us Vias Zoom from Austin, Texas,