To counter these threats, IBM Philippines Chief Security Officer Lope Doromal said there has to be several approaches to help enterprises deal with these challenges “We believe that the security industry should come together in order to achieve a more connected security ecosystem,” Doromal told the BusinessMirror in a recent interview via e-mail.
Doromal said this could be achieved by introducing a new breed of unified security platforms that can connect disparate security tools as well as analyze data that resides across multiple, hybrid cloud environments. As the country enters a new phase of cloud computing, Doromal said the security industry could capitalize on this shift and redesign security for a cloud-based world.
As hackers are collaborating on the dark web, Doromal said the security industry must simultaneously improve their methods in terms of collaborating and sharing information on threats and finding methods to stop them. As hackers have become smarter and bolder, Doromal said it has also become increasingly impprotant for companies to have adequate defenses against them.
With this scenario, the concept of the so-called offensive security–sometimes called “ethical hacking” is increasingly being used by cybersecurity firms as a way to combat the problem.
“Ethical hacking is now commonplace—it’s even possible to become what is known as a Certified Ethical Hacker. The practice is also known as white hat hacking, and it involves using the same techniques that cybercriminals use in order to find security flaws that exist within a company’s people, technologies and processes so that they can work to fix these vulnerabilities before a criminal can use it to their advantage,” Doromal said.
“IBM has an entire team of elite hackers known X-Force Red, which are hired to find and test vulnerabilities, exploits and security capabilities who hire them. The findings of these professional engagements are reported directly to the client to enable them to fix any holes and strengthen their overall security posture.”
He said ethical hackers have a wide range of expertise similar to criminal hackers—from password cracking, to social engineering and even physical security testing. At IBM Security, Doromal said it has a team focused on penetration testing web and mobile applications. Doromal said offensive hackers help businesses discover vulnerabilities in their computer networks, hardware, and software applications before cybercriminals do.
He also said businesses must not forget to focus on the broader cybersecurity risk facing them in order to reduce the impact of cyberattacks. “On average, data breaches now cost organizations nearly $4 million per breach with healthcare being the most heavily hit industry, according to the latest 2020 Cost of a Data Breach Report from IBM Security and the Ponemon Institute. Breaches include malicious attack, data breaches caused by system glitches and human error,” he said.
The study includes breaches from advanced and emerging economies across the globe including Asean. According to the study, Southeast Asia has the highest percentage of data breaches caused by human error. On average, Doromal said the cost of a breach in Asean (including the Philippines) is $2.71 million in 2020, an increase of $ 0.09 million from last year.
The financial sector has the highest average cost industry is the industry. Only 55 percent of organizations in Asean have security automation deployed. “And it takes average time of 287 days for companies in this region to identify and contain the breach,” he said.