Marc van Zadelhoff, General Manager, IBM Security has more than 20 years of experience in venture capital, cyber securityand IT. In his current role, he has to face a new challenge almost every day with the advent of severe cyber attacks across the world. Speaking exclusively to ET, Zadelhoff talks about IoT security issues, enterprise security trends, use of AI to tackle security and Watson’s role in the analysing future attacks.
You recently said, “Lying is one of the best cyber security measures.” What is the rationale behind that?
Personally, people are sharing data about themselves that can never be changed. The place you are born, your parents’ name, social security number, your birthday etc. So, maybe it is time to lie, to invest in new name of your mother and say that my mother is maiden name is Smith instead the real one because that way, you do not provide the critical data. Once you provide the data, it cannot be changed. So, that was the basic idea behind the ‘lying’ comment.
Is artificial intelligence the only way to defend networks against unknown attacks?
It is not just artificial intelligence but about the hygiene of security. Therefore, we look at the recent breaches, there needs to be patch management. We need to scan codes for vulnerabilities. Many of these basic vulnerability and penetration hygiene elements are important. The second is- layering in analytics so that you can detect what is actually happening. It is same as the video camera. You cannot prevent someone from entering every room but you can at least monitor the intrusion. We can do analytics and predictive behavioral analysis to prevent such attacks.
So, how does IBM use Watson to find intelligence from millions of intrusions?
We train Watson to read and understand security. So, it has read over two million articles and terra bytes of intelligence that we have given it. It knows where the latest hacks happening. It is reading every blog out there, every new feature that comes out. It understands the patterns and then, on top of analytics we are able to draw a conclusion about what type of attack might happen with a customer
What about skills shortage in cyber security?
By 2020 we will have a million jobs in cyber security. We have hired over a thousand people over the last 12 months at IBM’s security. 20% of those employees, we call new collar. Our new-collar jobs are where people graduate with technical high school proficiency and bring them to IBM security and train them to become expert at cyber security. We now have 8000 people in IBM security. I think there is a lot we can do to bring people with less than a bachelor’s degree, bringing in a lot of women who are underrepresented in cyber security. Only 10% of cyber security experts in the world are females.
How do you tackle IoT threats?
One of the biggest challenges with securing IoT devices is that fact that software security degrades over time and will need to be patched eventually – even if no known vulnerabilities exist at first release, new avenues for attack are likely to be discovered. Manufacturers need a way to get IoT sensors and devices patched in very distributed environments throughout the lifecycle of the device.
Another problem is that default credentials for IoT devices can become security issues as they becoming public over time.
What are the key threats for enterprises in 2017?
While cybersecurity threats have been steadily growing for years, 2017 stands out as a year when ransomware took center stage and huge data breaches had potentially the most widespread and devastating impact we’ve seen to date.
Organizations cannot ignore the growing risk of destructive, fast-spreading malware like WannaCry and NotPetya — which spread like wildfire and without discrimination, impacting organizations of all types and sizes. We know that dedicated and sophisticated groups of hackers now have many tools at their disposal to wreak havoc, from DDoS to ransomware.. Examining many of the major security events of 2017, we see that many could have been prevented or with simple security hygiene and using AI to stay on top of the basics.