Fraud & Identity Featured Article

IBM Offers Cyber Security Advice, Solutions

By Paula Bernier Executive Editor, TMC

The increased incidence of hacks, and the growing sophistication of such events, has put into stark relief just how important it is for people and organizations to secure their applications, data, devices, and networks. But we’re only human, and sometimes we are complacent, or simply don’t want to dedicate the time and resources required to do these kinds of things.

But then a story like the Equifax one comes up and reminds us all of how very damaging a security breach can be for both an organization and its customers. As we learned last night, Equifax this summer was attacked by hackers who were able to access the personal data of a whopping 143 million people in the U.S. Now the company is dealing with the fallout – in terms of a boat load of information requests from angry and confused consumers; a dropping stock price; a loss of reputation; and the need to redirect financial and human resources to work with frustrated consumers, law enforcement officials, and a security investigation team.

Of course, this is just the latest and greatest hack.

The 2017 IBM (News - Alert) X-Force Threat Intelligence Index offers us a reminder of other recent cyber security events, particularly in the information and communication technology sector. And it provides tips on how to prevent such situations.

As the Index notes, in October a data storage and web hosting company exposed millions of customer datapoints when it misconfigured a publicly accessible NoSQL database. And, before this company recognized and was able to secure that information, someone posted the data on Twitter (News - Alert), IBM noted.

Of course, this was not an isolated incident for the ICT industry. More than 3.3 billion records were compromised in the ICT arena last year – the most out of all sectors. And almost half of those records were from two breaches from previous years that affected one major web portal company, IBM said.

IBM offers an array of other cyber security statistics in the Index. And Big Blue provides recommendations for how to address security.

One of its suggestions is to test applications throughout their lifecycle.

“The No. 1 attack vector targeting the information and communication technology sector involved attackers attempting to gain unauthorized access through the manipulation of system data structures, such as an application's interaction with a buffer,” said IBM, which noted that its IBM Security AppScan can help address that. “By scanning web and mobile applications prior to deployment, organizations are better able to identify security vulnerabilities and generate reports and fix recommendations,” IBM added.

IBM also pointed to the need for centralized patching and data input sanitization, endpoint detection and response, incident response services, and security and threat intelligence.

“The No. 2 attack vector targeting the information and communication technology sector involved the use of malicious input data such as SQLi or CMDi,” IBM explained. “To mitigate these attacks, patching and maintaining current software versions are essential. The dilemma is that managing and deploying patches for multiple operating systems and applications across hundreds of thousands of endpoints can be challenging for administrators. Fortunately, information and communication technology enterprises can rely on solutions such as IBM BigFix Patch Management to help automate and simplify the patching process.”