The 3Cs and the Journey of Cyber Security

infect­ing, just like the immune system.

The next is the cognitive era, which is knocking on our doors. The cognitive era would expand beyond predictive capabilities to include the capability of dis­covery—it would enable discovery of things that could have never been attached together, since the relation be­tween them was never recognizable.

The 3Cs or Paradigms of Cyber Security

There are three paradigms within the cyber security space, and I stress on the first, which is collaboration. Based on the survey I mentioned earlier, about 50 per­cent of CEOs believe that to combat cyber threat they should collaborate individually. But, in reality only 30 percent are actually will­ing to do so.

Again, I find the similarities be­tween healthcare and the technology industry very interesting. A company needs its own security perimeter just like an individual body requires an immune system. But, what the world of cyber security and information sharing needs is similar to how, in the past the world developed epidemi­ology and organizations such as the World Health Organi­zation. The reason is—hospitals and countries could care for diseased individuals, but they needed to have a network in place through which they could share information and contain an outbreak, if any. A similar capability is needed for the cyber security space and that’s why collaboration is so important.

Based on this need, we have moved ahead with two different initiatives. First is the X-Force Exchange, a threat intelligence sharing platform, which to­day is worth 700 terabytes of real-time threat data with over 10,000 users. Next is App Exchange which was opened with APIs so that different players can develop different kinds of integrated cy­ber defense capabilities.

In the future, governments are likely to decide on how to protect organiza­tions against cyber attacks. IBM feels the best way ahead is a risk-based ap­proach; the sharing must be real-time; it has to be a private-public partnership. To achieve this, not just the U.S., but others too, need a healthy, transparent, and open dialogue regarding the bal­ance between privacy and security; the Cyber Information Sharing Act is a suc­cess in that way.

The second “C” is the cloud which would actually strengthen a company’s security posture, not weaken it. The rea­son is architecturally driven. A good cloud has a common architecture; one way to access data, one way to verify identities, and one way to do encryption. Contrary to the moat cas­tle analogy, this makes a big differ­ence. Cloud can arm a company with standardization, and can avail secu­rity tools which are contemporary, current and up-to-date.

The final paradigm is cognitive security and I think it’s time has come. This is explained by the truth that even though the traditional sys­tems can accommodate unstructured data, these systems don’t understand that data, unless tagged. But, cogni­tive systems can.

A major portion of the securi­ty data available is dark data—ap­proximately 10,000 research papers, 800,000 security blogs, and 200,000 detailed security news articles—of which, companies can scrape off a miniscule 8 percent. And, here be­gins the journey of cognitive securi­ty, which can understand those data, reason with and learn from them. Cognitive and security have a perfect fit—the strong suit of discovery of things, which one would have never known were related. With this I con­clude and leave the audience with the thought of three Cs that are three important steps in this journey of cyber security.

Based in Bangkok, Thailand and founded in 1911, IBM (NYSE: IBM) is an American technology and innovation company with more than 375,000 employees serving clients in 170 countries.