UPDATED 14:30 EDT / OCTOBER 19 2023


The high cost of cyber vulnerability

Companies are constantly under siege from relentless cyber threats in today’s digital landscape. Fortifying defenses and bolstering resilience against malicious actors has never been more critical.

Welcome to a world where data breaches can cost organizations millions and where cyberattacks can cripple even the most formidable giants of industry. Companies can’t afford to overlook the financial and operational consequences of cyber vulnerabilities. By leveraging advanced technologies, fostering collaboration between security and storage teams, and implementing best practices outlined in frameworks such as the National Institute of Standards and Technology, businesses can bolster cyber resilience and better protect data and operations from evolving cyber threats, according to IBM Corp. industry experts.

“Another thing that I think you overlay on top of all of that are zero-trust principles,” said Jeff Crume (pictured, right), distinguished engineer, cybersecurity architect and chief technology officer of IBM Security Americas. “The idea that you assume the system has already been breached, a lot of people have said to me, ‘Zero trust is not so different.’”

Crume and Christopher Vollmar (left), storage and data resiliency architect for IBM Canada, spoke with theCUBE industry analyst Rob Strechay at the “Beyond Firewalls: Resilience Strategies for All” event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the staggering costs of cyber vulnerabilities, explored the path to cyber resilience and unveiled strategies to safeguard data and operations from the ever-shifting tides of cyber warfare. (* Disclosure below.)

The high cost of cyber vulnerability

The average cost of a data breach worldwide is approximately $4.5 million per incident, as reported by IBM’s annual “Cost of a Data Breach” study, according to Crume. This cost can double in the United States, underlining the substantial financial burden that organizations face when failing to protect data adequately.

“One thing that came from that report is that the most significant way to cut the cost of a data breach was organizations who had an extensive use of AI and automation,” he said. “They saved, on average, $1.76 million off of that $4.5 million. That was the most significant way to cut the cost of that data breach.”

High-profile incidents, such as the MGM breach, cost hundreds of millions of dollars, proving that cyber threats affect organizations of all sizes, not just large corporations. The financial implications of inadequate cyber resilience are severe, making it important for businesses to invest in robust cybersecurity measures, Crume added.

Navigating the path to cyber resilience

In addition to leveraging artificial intelligence and automation, organizations can integrate security and storage teams to ensure cyber resilience. This collaboration is crucial for understanding the attack surface and ensuring that data remains protected. By working together, these teams can develop strategies to recover from attacks rapidly, Vollmar pointed out.

“I need 15 people and they’ve got to show up with five cases of tools, and we’re going to be here for two months,” he said. “It’s how do we make … things that make sense to work together? And then we get to learn off each other. That, I think, has been an interesting adventure”

Building immutability into data copies is essential. Having immutable copies in both primary and backup storage systems ensures that attackers cannot modify or encrypt the backups, making recovery more feasible. Additionally, organizations should focus on proactive testing of data copies for validity.

The fundamentals of encryption

Encryption is a fundamental defense measure against cyber threats. It ensures that even if attackers gain access to data, they can’t read it without the encryption keys. Organizations should prioritize encryption at both the application and storage levels to enhance data security, according to Crume.

“There’s really two main types of ransomware attacks. One is the, ‘I’ve got your data, and I’m not gonna give it back unless you pay me.’ The other is, ‘I’ve got your data, and I’m about to give it to everybody else.’ Now that second one, the best protection against that is good encryption,” he said.

The NIST Cybersecurity Framework provides a comprehensive and accessible roadmap for improving cybersecurity practices. Organizations should consider using this framework as a guide for enhancing cyber resilience efforts, according to Vollmar.

“I think NIST is looking at that because … both security and storage work together,” he said. “Even from the identified detect, protect, all of those places have places that storage and security can augment each other.”

Here’s the complete video interview, and follow theCUBE’s complete series on cyber resilience, as IBM provides a no-cost assessment for companies of all sizes to jumpstart their journey:

(* Disclosure: TheCUBE is a paid media partner for the “Beyond Firewalls: Resilience Strategies for All” event. Neither IBM Corp., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One-click below supports our mission to provide free, deep and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy