October is Cybersecurity Awareness Month in the United States and elsewhere, coming at a point in time in which there has been no shortage of high-profile hacks, such as the ransomware attack that crippled services at MGM Resorts International Inc. It’s a big challenge for organizations and industry leaders.

One of the primary targets for bad actors is data. That’s one of the focuses for Ram Parasuraman (pictured), executive director of IBM Corp.

“What does it take to deliver end-to-end data resiliency? We heard this quite a bit. But what does that entail, and how can we bring it to market?” Parasuraman said. “That’s my primary responsibility. I’m responsible for product management, for data resilience.”

Parasuraman spoke with theCUBE industry analyst Rob Strechay at the “Beyond Firewalls: Resilience Strategies for All” event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the power of IBM Storage Defender and what it means to define true recovery. (* Disclosure below.)

Bad actors move beyond ransomware

In today’s cyber landscape, there are many tactics that bad actors use to steal data. Some of the most successful include leveraging social engineering. Ransomware, of course, is grabbing all of the headlines, according to Parasuraman.

“What I like to tell our customers is, basically, ransomware is like a bachelor’s degree. It’s kind of a must-have. All attackers are well-versed with what ransomware is,” he said. “The reason it takes or grabs the headlines is it’s so popular and voluminous. But attackers are not just sitting on ransomware. They’re moving beyond.”

The speed at which these attacks occur has increased tenfold, so how can organizations keep up with the threats? It involves throwing out conventional wisdom, according to Parasuraman.

“Just like we have access to AI to help with detection, the bad guys have access to the same AI to help cause attacks faster. It’s about how you use and harness the tools,” he said. “There’s research from IBM that states what used to take attackers 60 days to cause these attacks today take less than four days.”

The response, meanwhile, is still roughly about two to three weeks for a basic kind of initial response to these attacks, according to Parasuraman. That, of course, says something about the mismatch involved here.

Fighting back

When businesses think about defense, something that may come to mind mentally is that defenders are all united, standing in formation and sharing intelligence. But that’s not what takes place in practice inside enterprises, according to Parasuraman.

“I think what’s hurting the most are silos between teams, between products and between intelligence,” he said. “If you take data teams, AI teams, storage teams and your security teams, these are all disparate teams within the organization, where there is not a clear collaboration between these teams in the face of an attack.”

The reason why it takes longer to respond to attacks is that organizations are not able to share and collaborate information so that they get to recovery plans sooner, according to Parasuraman. That’s why he believes one of the key things that the industry needs to do is break those silos.

“The longer these silos exist, the longer it’s going to take us to respond to those attacks,” he said.

This can’t just be done via Slack or Microsoft Teams — or whatever methodology of chat an organization is using — but needs to be integrated into the products that they’re using. On the product management side of things, helping organizations get a handle on things boils down to three factors, according to Parasuraman.

“One of the first things is detection. The earlier you detect, the better, but it’s not about you just saying, ‘I detected something.’ It needs to be high fidelity,” he said. “Basically saying, ‘Hey, you know, I’ve detected something but, highly reliably, we can say that that’s an attack.”

Safe recovery is the second factor, as the last thing an organization wants is to recover some data and then be attacked again. The final element is the integration of the existing workflows between security and storage.

“It’s not about some team detecting an attack, another team being called into the rescue and these teams are not on the same page,” Parasuraman said. “It’s about how can we make these more collaborative, not just during wartime, which is when an attack is on, but also during peacetime, as a discipline just to improve the rapport between these teams and get them working together.”

Here’s the complete video interview with Ram Parasuraman, and follow theCUBE’s complete series on cyber resilience, as IBM provides a no-cost assessment for companies of all sizes to jumpstart their journey:

(* Disclosure: TheCUBE is a paid media partner for the “Beyond Firewalls: Resilience Strategies for All” event. Neither IBM Corp., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE