100% valid and up to date M9510-747 brain dumps questions

Memorizing and practicing M9510-747 Study Guide from killexams.com is adequate to guarantee your 100 percent achievement in genuine M9510-747 test. Simply visit killexams.com and download 100 percent free bootcamp to try before you finally register for full M9510-747 Study Guide. That will provide you smartest move to pass M9510-747 exam. Your download section will have the latest M9510-747 exam files with VCE exam simulator. Just read PDF and Practice with the exam simulator.

Exam Code: M9510-747 Practice test 2022 by Killexams.com team
IBM Application Infrastructure Sales Mastery Test v1
IBM Infrastructure approach
Killexams : IBM Infrastructure approach - BingNews https://killexams.com/pass4sure/exam-detail/M9510-747 Search results Killexams : IBM Infrastructure approach - BingNews https://killexams.com/pass4sure/exam-detail/M9510-747 https://killexams.com/exam_list/IBM Killexams : IBM Report: Data Breach Costs Reach All-Time High

For the twelfth year in a row, healthcare saw the costliest breaches among all industries with the average cost reaching $10.1 million per breach.

CAMBRIDGE, Mass. — IBM (NYSE: IBM) Security released the annual Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations. With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

The perpetuality of cyberattacks is also shedding light on the “haunting effect” data breaches are having on businesses, with the IBM report finding 83% of studied organizations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.

The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.

Some of the key findings in the 2022 IBM report include:

  • Critical Infrastructure Lags in Zero Trust – Almost 80% of critical infrastructure organizations studied don’t adopt zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28% of breaches amongst these organizations were ransomware or destructive attacks.
  • It Doesn’t Pay to Pay – Ransomware victims in the study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.
  • Security Immaturity in Clouds – Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments.
  • Security AI and Automation Leads as Multi-Million Dollar Cost Saver – Participating organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.

“Businesses need to put their security defenses on the offense and beat attackers to the punch. It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.” said Charles Henderson, Global Head of IBM Security X-Force. “This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked.”

Over-trusting Critical Infrastructure Organizations

Concerns over critical infrastructure targeting appear to be increasing globally over the past year, with many governments’ cybersecurity agencies urging vigilance against disruptive attacks. In fact, IBM’s report reveals that ransomware and destructive attacks represented 28% of breaches amongst critical infrastructure organizations studied, highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations. This includes financial services, industrial, transportation and healthcare companies amongst others.

Despite the call for caution, and a year after the Biden Administration issued a cybersecurity executive order that centers around the importance of adopting a zero trust approach to strengthen the nation’s cybersecurity, only 21% of critical infrastructure organizations studied adopt a zero trust security model, according to the report. Add to that, 17% of breaches at critical infrastructure organizations were caused due to a business partner being initially compromised, highlighting the security risks that over-trusting environments pose.

Businesses that Pay the Ransom Aren’t Getting a “Bargain”

According to the 2022 IBM report, businesses that paid threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay – not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs – all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts and looking at potential federal offenses.

The persistence of ransomware, despite significant global efforts to impede it, is fueled by the industrialization of cybercrime. IBM Security X-Force discovered the duration of studied enterprise ransomware attacks shows a drop of 94% over the past three years – from over two months to just under four days. These exponentially shorter attack lifecycles can prompt higher impact attacks, as cybersecurity incident responders are left with very short windows of opportunity to detect and contain attacks. With “time to ransom” dropping to a matter of hours, it’s essential that businesses prioritize rigorous testing of incident response (IR) playbooks ahead of time. But the report states that as many as 37% of organizations studied that have incident response plans don’t test them regularly.

Hybrid Cloud Advantage

The report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organizations studied. Averaging $3.8 million in breach costs, businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average respectively. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.

The report highlights that 45% of studied breaches occurred in the cloud, emphasizing the importance of cloud security. However, a significant 43% of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs2. Businesses studied that did not implement security practices across their cloud environments required an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains.

Additional findings in the 2022 IBM report include:

  • Phishing Becomes Costliest Breach Cause – While compromised credentials continued to reign as the most common cause of a breach (19%), phishing was the second (16%) and the costliest cause, leading to $4.91 million in average breach costs for responding organizations.
  • Healthcare Breach Costs Hit Double Digits for First Time Ever– For the 12th year in a row, healthcare participants saw the costliest breaches amongst industries with average breach costs in healthcare increasing by nearly $1 million to reach a record high of $10.1 million.
  • Insufficient Security Staffing – Sixty-two percent of studied organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed.

To download a copy of the 2022 Cost of a Data Breach Report, visit https://www.ibm.com/security/data-breach.

Fri, 29 Jul 2022 02:15:00 -0500 CS Staff en text/html https://www.campussafetymagazine.com/research/ibm-report-data-breach-costs-reach-all-time-high/
Killexams : IBM Report Reveals Economic Impact of Data Breaches

IBM published a report today that suggested data breaches are starting to have a material impact on the cost of goods and services.

An IBM analysis of data breaches that occurred in 550 organizations found the average cost of a data breach has now reached an all-time high of $4.35 million for the organizations IBM studied, a 13% increase since the last time IBM published a similar report two years ago.

A total of 60% of respondents reported they have raised prices on their products or services as a direct consequence.

Limor Kessem, executive security advisor for IBM, said organizations can’t absorb the cost of data breaches without passing them along to customers in some form or another. In effect, data breaches are now a digital ‘tax’ that is being added to the cost of goods and services, she added.

In fact, the smaller the company the less financially able they are to absorb the cost of a data breach, Kessem noted. The expectation is that data breaches are now a cost of doing business. Investors in these organizations expect data breach costs will be covered by the revenue that organizations generate without negatively impacting profits, she said.

Overall, the IBM report found that 83% of respondents experienced at least one breach, with 50% of those costs occurring more than a year after the breach was initially discovered.

The IBM report also made it clear that most organizations still have a lot of work to do in terms of improving their security posture. The report found that 80% of the organizations that need to protect critical infrastructure have yet to implement a zero-trust approach to IT. The IBM report found that data breaches within organizations that don’t have a zero-trust strategy cost, on average, $5.4 million compared to $1.17 million for those that have adopted zero-trust.

A total of 43% of the organizations studied have not or are still in the early stages of applying security practices across cloud environments. As a result, they have incurred $660,000 in higher breach costs on average than organizations with mature cloud security practices, according to the report.

The report also found organizations that have fully deployed security AI and automation incurred, on average, $3.05 million less in data breach costs than those that have not.

Finally, the report noted that ransomware victims that caved into demands only saw $610,000 less in average breach costs compared to those that chose not to pay, exclusive of the cost of the ransom itself.

It’s not clear how severely cyberattacks are sapping the global economy, but it’s clear that far too few organizations are doing enough to thwart these attacks. Despite all available evidence to the contrary, many business leaders are likely hoping law enforcement agencies will make the problem go away. However, as most cybersecurity professionals well know, the odds of that happening are slim to none.

Recent Articles By Author
Wed, 27 Jul 2022 00:41:00 -0500 by Michael Vizard on July 27, 2022 en-US text/html https://securityboulevard.com/2022/07/ibm-report-reveals-economic-impact-of-data-breaches/
Killexams : Astadia Publishes Mainframe to Cloud Reference Architecture Series

The guides leverage Astadia’s 25+ years of expertise in partnering with organizations to reduce costs, risks and timeframes when migrating their IBM mainframe applications to cloud platforms

BOSTON, August 03, 2022--(BUSINESS WIRE)--Astadia is pleased to announce the release of a new series of Mainframe-to-Cloud reference architecture guides. The documents cover how to refactor IBM mainframes applications to Microsoft Azure, Amazon Web Services (AWS), Google Cloud, and Oracle Cloud Infrastructure (OCI). The documents offer a deep dive into the migration process to all major target cloud platforms using Astadia’s FastTrack software platform and methodology.

As enterprises and government agencies are under pressure to modernize their IT environments and make them more agile, scalable and cost-efficient, refactoring mainframe applications in the cloud is recognized as one of the most efficient and fastest modernization solutions. By making the guides available, Astadia equips business and IT professionals with a step-by-step approach on how to refactor mission-critical business systems and benefit from highly automated code transformation, data conversion and testing to reduce costs, risks and timeframes in mainframe migration projects.

"Understanding all aspects of legacy application modernization and having access to the most performant solutions is crucial to accelerating digital transformation," said Scott G. Silk, Chairman and CEO. "More and more organizations are choosing to refactor mainframe applications to the cloud. These guides are meant to assist their teams in transitioning fast and safely by benefiting from Astadia’s expertise, software tools, partnerships, and technology coverage in mainframe-to-cloud migrations," said Mr. Silk.

The new guides are part of Astadia’s free Mainframe-to-Cloud Modernization series, an ample collection of guides covering various mainframe migration options, technologies, and cloud platforms. The series covers IBM (NYSE:IBM) Mainframes.

In addition to the reference architecture diagrams, these comprehensive guides include various techniques and methodologies that may be used in forming a complete and effective Legacy Modernization plan. The documents analyze the important role of the mainframe platform, and how to preserve previous investments in information systems when transitioning to the cloud.

In each of the IBM Mainframe Reference Architecture white papers, readers will explore:

  • Benefits, approaches, and challenges of mainframe modernization

  • Understanding typical IBM Mainframe Architecture

  • An overview of Azure/AWS/Google Cloud/Oracle Cloud

  • Detailed diagrams of IBM mappings to Azure/AWS/ Google Cloud/Oracle Cloud

  • How to ensure project success in mainframe modernization

The guides are available for download here:

To access more mainframe modernization resources, visit the Astadia learning center on www.astadia.com.

About Astadia

Astadia is the market-leading software-enabled mainframe migration company, specializing in moving IBM and Unisys mainframe applications and databases to distributed and cloud platforms in unprecedented timeframes. With more than 30 years of experience, and over 300 mainframe migrations completed, enterprises and government organizations choose Astadia for its deep expertise, range of technologies, and the ability to automate complex migrations, as well as testing at scale. Learn more on www.astadia.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20220803005031/en/

Contacts

Wilson Rains, Chief Revenue Officer
Wilson.Rains@astadia.com
+1.877.727.8234

Wed, 03 Aug 2022 02:00:00 -0500 en-US text/html https://finance.yahoo.com/news/astadia-publishes-mainframe-cloud-reference-140000599.html
Killexams : CIOReview Names Cobalt Iron Among 10 Most Promising IBM Solution Providers 2022

LAWRENCE, Kan.--(BUSINESS WIRE)--Jul 28, 2022--

Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced that the company has been deemed one of the 10 Most Promising IBM Solution Providers 2022 by CIOReview Magazine. The annual list of companies is selected by a panel of experts and members of CIOReview Magazine’s editorial board to recognize and promote innovation and entrepreneurship. A technology partner for IBM, Cobalt Iron earned the distinction based on its Compass ® enterprise SaaS backup platform for monitoring, managing, provisioning, and securing the entire enterprise backup landscape.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220728005043/en/

Cobalt Iron Compass® is a SaaS-based data protection platform leveraging strong IBM technologies for delivering a secure, modernized approach to data protection. (Graphic: Business Wire)

According to CIOReview, “Cobalt Iron has built a patented cyber-resilience technology in a SaaS model to alleviate the complexities of managing large, multivendor setups, providing an effectual humanless backup experience. This SaaS-based data protection platform, called Compass, leverages strong IBM technologies. For example, IBM Spectrum Protect is embedded into the platform from a data backup and recovery perspective. ... By combining IBM’s technologies and the intellectual property built by Cobalt Iron, the company delivers a secure, modernized approach to data protection, providing a ‘true’ software as a service.”

Through proprietary technology, the Compass data protection platform integrates with, automates, and optimizes best-of-breed technologies, including IBM Spectrum Protect, IBM FlashSystem, IBM Red Hat Linux, IBM Cloud, and IBM Cloud Object Storage. Compass enhances and extends IBM technologies by automating more than 80% of backup infrastructure operations, optimizing the backup landscape through analytics, and securing backup data, making it a valuable addition to IBM’s data protection offerings.

CIOReview also praised Compass for its simple and intuitive interface to display a consolidated view of data backups across an entire organization without logging in to every backup product instance to extract data. The machine learning-enabled platform also automates backup processes and infrastructure, and it uses open APIs to connect with ticket management systems to generate tickets automatically about any backups that need immediate attention.

To ensure the security of data backups, Cobalt Iron has developed an architecture and security feature set called Cyber Shield for 24/7 threat protection, detection, and analysis that improves ransomware responsiveness. Compass is also being enhanced to use several patented techniques that are specific to analytics and ransomware. For example, analytics-based cloud brokering of data protection operations helps enterprises make secure, efficient, and cost-effective use of their cloud infrastructures. Another patented technique — dynamic IT infrastructure optimization in response to cyberthreats — offers unique ransomware analytics and automated optimization that will enable Compass to reconfigure IT infrastructure automatically when it detects cyberthreats, such as a ransomware attack, and dynamically adjust access to backup infrastructure and data to reduce exposure.

Compass is part of IBM’s product portfolio through the IBM Passport Advantage program. Through Passport Advantage, IBM sellers, partners, and distributors around the world can sell Compass under IBM part numbers to any organizations, particularly complex enterprises, that greatly benefit from the automated data protection and anti-ransomware solutions Compass delivers.

CIOReview’s report concludes, “With such innovations, all eyes will be on Cobalt Iron for further advancements in humanless, secure data backup solutions. Cobalt Iron currently focuses on IP protection and continuous R&D to bring about additional cybersecurity-related innovations, promising a more secure future for an enterprise’s data.”

About Cobalt Iron

Cobalt Iron was founded in 2013 to bring about fundamental changes in the world’s approach to secure data protection, and today the company’s Compass ® is the world’s leading SaaS-based enterprise data protection system. Through analytics and automation, Compass enables enterprises to transform and optimize legacy backup solutions into a simple cloud-based architecture with built-in cybersecurity. Processing more than 8 million jobs a month for customers in 44 countries, Compass delivers modern data protection for enterprise customers around the world. www.cobaltiron.com

Product or service names mentioned herein are the trademarks of their respective owners.

Link to Word Doc:www.wallstcom.com/CobaltIron/220728-Cobalt_Iron-CIOReview_Top_IBM_Provider_2022.docx

Photo Link:www.wallstcom.com/CobaltIron/Cobalt_Iron_CIO_Review_Top_IBM_Solution_Provider_Award_Logo.pdf

Photo Caption: Cobalt Iron Compass ® is a SaaS-based data protection platform leveraging strong IBM technologies for delivering a secure, modernized approach to data protection.

Follow Cobalt Iron

https://twitter.com/cobaltiron

https://www.linkedin.com/company/cobalt-iron/

https://www.youtube.com/user/CobaltIronLLC

View source version on businesswire.com:https://www.businesswire.com/news/home/20220728005043/en/

CONTACT: Agency Contact:

Sunny Branson

Wall Street Communications

Tel: +1 801 326 9946

Email:sunny@wallstcom.com

Web:www.wallstcom.comCobalt Iron Contact:

Mary Spurlock

VP of Marketing

Tel: +1 785 979 9461

Email:maspurlock@cobaltiron.com

Web:www.cobaltiron.com

KEYWORD: EUROPE UNITED STATES NORTH AMERICA KANSAS

INDUSTRY KEYWORD: DATA MANAGEMENT SECURITY TECHNOLOGY SOFTWARE NETWORKS INTERNET

SOURCE: Cobalt Iron

Copyright Business Wire 2022.

PUB: 07/28/2022 09:00 AM/DISC: 07/28/2022 09:03 AM

http://www.businesswire.com/news/home/20220728005043/en

Thu, 28 Jul 2022 01:03:00 -0500 en text/html https://www.eagletribune.com/region/cioreview-names-cobalt-iron-among-10-most-promising-ibm-solution-providers-2022/article_56f7dda7-cbd5-586a-9d5f-f882022100da.html
Killexams : One in five data breaches due to software supply chain compromise, IBM report warns
Emma Woollacott 27 July 2022 at 15:04 UTC
Updated: 28 July 2022 at 07:55 UTC

Attack vector cost businesses 2.5% more in one year

Supply chain attacks on the rise, costing businesses more year on year

Supply chain attacks on the rise, costing businesses more year on year as organizations failing to implement zero trust strategies.

This is according to IBM’s new Cost of a Data Breach report, which found that one in five breaches occurred because of a compromise at a business partner, with a supply chain breach taking on average 26 days longer to identify and contain than the global average.

The total cost of a supply chain compromise was $4.46 million – 2.5% higher than average.

The report also found that the global average cost of a data breach has hit an all-time high of $4.35 million – up nearly 13% over the last two years.

“Seventeen per cent of breaches in critical infrastructure organizations occurred due to a business partner being initially compromised – this shows us that organizations need to put more focus on the security controls that govern third party access,” John Hendley, head of strategy at IBM Security X-Force told The Daily Swig.

Zero trust, zero problems?

Critical infrastructure organizations such as financial services, industrial, transportation, and healthcare companies are a growing target for these attacks, says IBM, and zero trust is the best way to guard against attack.

“Organizations need to be more vigilant than ever and closely scrutinize these external points of access into their environment, whether that’s through direct network access, applications, or even physical access,” says Hendly.

“Supply chain attacks are of great concern, both because of how insidious they are and how extreme their impacts can be. We saw this play out with SolarWinds, and we’ll surely see more of these attacks in the future.”

Read more of the latest news about software supply chain attacks

Those organizations that had implemented a zero trust security approach saw breaches cost them less, with an average cost saving of $1.5 million.

However, critical infrastructure organizations in particular are failing to do this, with only one in five having adopted a zero trust model, compared with an overall global average of 41%.

Javvad Malik, lead security awareness advocate at KnowBe4, says that greater transparency is needed across the supply chain, along with greater technical assurance that all components are adequately secured.

“We’ve seen many organizations breached, not for the organization itself, but because it will provide a way into another. Popular examples of these include Target, RSA, and more recently SolarWinds,” he told The Daily Swig.

“While many organisations try to mitigate risks by sending out lengthy questionnaires to third parties it deals with to determine the level of security they employ, it is often not sufficient to cover the entire supply chain, and even if it was, it doesn’t provide technical assurance.”

YOU MAY ALSO LIKE ‘We’re still fighting last decade’s battle’ – Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain

Wed, 27 Jul 2022 19:55:00 -0500 en text/html https://portswigger.net/daily-swig/one-in-five-data-breaches-due-to-software-supply-chain-compromise-ibm-report-warns
Killexams : IBM Annual Cost of Data Breach Report 2022: Record Costs Usually Passed On to Consumers, “Long Breach” Expenses Make Up Half of Total Damage

IBM’s annual Cost of Data Breach Report for 2022 is packed with revelations, and as usual none of them are good news. Headlining the report is the record-setting cost of data breaches, with the global average now at $4.35 million. The report also reveals that much of that expense comes with the data breach version of “long Covid,” expenses that are realized more than a year after the attack.

Most organizations (60%) are passing these added costs on to consumers in the form of higher prices. And while 83% of organizations now report experiencing at least one data breach, only a small minority are adopting zero trust strategies.

Security AI and automation greatly reduces expected damage

The IBM report draws on input from 550 global organizations surveyed about the period between March 2021 and March 2022, in partnership with the Ponemon Institute.

Though the average cost of a data breach is up, it is only by about 2.6%; the average in 2021 was $4.24 million. This represents a total climb of 13% since 2020, however, reflecting the general spike in cyber crime seen during the pandemic years.

Organizations are also increasingly not opting to absorb the cost of data breaches, with the majority (60%) compensating by raising consumer prices separate from any other recent increases due to inflation or supply chain issues. The report indicates that this may be an underreported upward influence on prices of consumer goods, as 83% of organizations now say that they have been breached at least once.

Brad Hong, Customer Success Manager for Horizon3.ai, sees a potential consumer backlash on the horizon once public awareness of this practice grows: “It’s already a breach of confidence to lose the confidential data of customers, and sure there’s bound to be an organization across those surveyed who genuinely did put in the effort to protect against and curb attacks, but for those who did nothing, those who, instead of creating a disaster recovery plan, just bought cyber insurance to cover the org’s operational losses, and those who simply didn’t care enough to heed the warnings, it’s the coup de grâce to then pass the cost of breaches to the same customers who are now the victims of a data breach. I’d be curious to know what percent of the 60% of organizations who increased the price of their products and services are using the extra revenue for a war chest or to actually reinforce their security—realistically, it’s most likely just being used to fill a gap in lost revenue for shareholders’ sake post-breach. Without government regulations outlining restrictions on passing cost of breach to consumer, at the least, not without the honest & measurable efforts of a corporation as their custodian, what accountability do we all have against that one executive who didn’t want to change his/her password?”

Breach costs also have an increasingly long tail, as nearly half now come over a year after the date of the attack. The largest of these are generally fines that are levied after an investigation, and decisions or settlements in class action lawsuits. While the popular new “double extortion” approach of ransomware attacks can drive long-term costs in this way, the study finds that companies paying ransom demands to settle the problem quickly aren’t necessarily seeing a large amount of overall savings: their average breach cost drops by just $610,000.

Sanjay Raja, VP of Product with Gurucul, expands on how knock-on data breach damage can continue for years: “The follow-up attack effect, as described, is a significant problem as the playbooks and solutions provided to security operations teams are overly broad and lack the necessary context and response actions for proper remediation. For example, shutting down a user or application or adding a firewall block rule or quarantining a network segment to negate an attack is not a sustainable remediation step to protect an organization on an ongoing basis. It starts with a proper threat detection, investigation and response solution. Current SIEMs and XDR solutions lack the variety of data, telemetry and combined analytics to not only identify an attack campaign and even detect variants on previously successful attacks, but also provide the necessary context, accuracy and validation of the attack to build both a precise and complete response that can be trusted. This is an even greater challenge when current solutions cannot handle complex hybrid multi-cloud architectures leading to significant blind spots and false positives at the very start of the security analyst journey.”

Rising cost of data breach not necessarily prompting dramatic security action

In spite of over four out of five organizations now having experienced some sort of data breach, only slightly over 20% of critical infrastructure companies have moved to zero trust strategies to secure their networks. Cloud security is also lagging as well, with a little under half (43%) of all respondents saying that their security practices in this area are either “early stage” or do not yet exist.

Those that have onboarded security automation and AI elements are the only group seeing massive savings: their average cost of data breach is $3.05 million lower. This particular study does not track average ransom demands, but refers to Sophos research that puts the most recent number at $812,000 globally.

The study also notes serious problems with incident response plans, especially troubling in an environment in which the average ransomware attack is now carried out in four days or less and the “time to ransom” has dropped to a matter of hours in some cases. 37% of respondents say that they do not test their incident response plans regularly. 62% say that they are understaffed to meet their cybersecurity needs, and these organizations tend to suffer over half a million more dollars in damages when they are breached.

Of course, cost of data breaches is not distributed evenly by geography or by industry type. Some are taking much bigger hits than others, reflecting trends established in prior reports. The health care industry is now absorbing a little over $10 million in damage per breach, with the average cost of data breach rising by $1 million from 2021. And companies in the United States face greater data breach costs than their counterparts around the world, at over $8 million per incident.

Shawn Surber, VP of Solutions Architecture and Strategy with Tanium, provides some insight into the unique struggles that the health care industry faces in implementing effective cybersecurity: “Healthcare continues to suffer the greatest cost of breaches but has among the lowest spend on cybersecurity of any industry, despite being deemed ‘critical infrastructure.’ The increased vulnerability of healthcare organizations to cyber threats can be traced to outdated IT systems, the lack of robust security controls, and insufficient IT staff, while valuable medical and health data— and the need to pay ransoms quickly to maintain access to that data— make healthcare targets popular and relatively easy to breach. Unlike other industries that can migrate data and sunset old systems, limited IT and security budgets at healthcare orgs make migration difficult and potentially expensive, particularly when an older system provides a small but unique function or houses data necessary for compliance or research, but still doesn’t make the cut to transition to a newer system. Hackers know these weaknesses and exploit them. Additionally, healthcare orgs haven’t sufficiently updated their security strategies and the tools that manufacturers, IT software vendors, and the FDA have made haven’t been robust enough to thwart the more sophisticated techniques of threat actors.”

Familiar incident types also lead the list of the causes of data breaches: compromised credentials (19%), followed by phishing (16%). Breaches initiated by these methods also tended to be a little more costly, at an average of $4.91 million per incident.

Global average cost of #databreach is now $4.35M, up 13% since 2020. Much of that are realized more than a year after the attack, and 60% of organizations are passing the costs on to consumers in the form of higher prices. #cybersecurity #respectdataClick to Tweet

Cutting the cost of data breach

Though the numbers are never as neat and clean as averages would indicate, it would appear that the cost of data breaches is cut dramatically for companies that implement solid automated “deep learning” cybersecurity tools, zero trust systems and regularly tested incident response plans. Mature cloud security programs are also a substantial cost saver.

Mon, 01 Aug 2022 10:00:00 -0500 Scott Ikeda en-US text/html https://www.cpomagazine.com/cyber-security/ibm-annual-cost-of-data-breach-report-2022-record-costs-usually-passed-on-to-consumers-long-breach-expenses-make-up-half-of-total-damage/
Killexams : IT industry grapples with issues around complexity and security as Kubernetes adoption grows

The information technology industry has a complexity problem, and it is leading to deeper conversations among thought leaders around how to solve it.

The days of building applications on one server using a monolithic architecture have transformed into developing numerous microservices, packaging them into containers, and orchestrating the entire production using Kubernetes in a distributed cloud.

It’s no wonder that in global survey results released by Pegasystems Inc. barely two months ago, three out of four employee respondents felt job complexity had continued to rise and they were overloaded with information, systems and processes. Nearly half singled out digital transformation as the cause.

Kubernetes has proven a great tool for driving modern IT infrastructure, yet it has also figured prominently in the design of overly complex systems. One of the tech industry’s most prominent thought leaders called attention to this issue in a recent interview during DockerCon 2022, with virtual coverage produced by theCUBE, SiliconANGLE Media’s livestreaming studio.

“The world is going to collapse on its own complexity,” noted development leader Kelsey Hightower said during a conversation with Docker Inc. Chief Executive Scott Johnston. “The number of teams I meet, and I won’t mention any names, say, ‘Kelsey, we’re going to show you our Kubernetes stack.’ Twenty minutes later, they are at piece number 275. Who’s going to maintain all of this? Why are you doing this?”

Move toward common interfaces

Hightower’s anecdote highlights the need for standardized tools within the Kubernetes developer community. As Kubernetes has matured, it has become a platform for building other platforms, and platform-as-a-service offerings such as CloudRun, OpenShift and Knative have enabled a great deal of operational management tasks for developers.

There has also been a move to create common interfaces within Kubernetes to enable adoption without requiring open-source community-wide agreement on implementation. These include Container Networking Interface, Container Runtime Interface and Custom Resource Definitions.

Despite the IT industry’s growing complexity, Hightower sees hope in the Kubernetes community’s ability to centralize around standardized tools.

“These contracts matter, and these standards are going to put complexity where it belongs,” Hightower said. “If you are a developer, yes, the world is complex, but it doesn’t mean that you have to learn all of that complexity. When you standardize you get to level the whole field up and move much faster. It’s got to happen.”

The challenge for many organizations is how to balance the requirements of running a data-driven business with the complexity that brings. While some enterprises have merely dipped their toes into the container deployment waters, others have jumped headfirst into the pool.

A Canonical Ltd. cloud operations report found that Kubernetes users commonly deploy two to five production clusters. The European Organization for Nuclear Research, known as CERN, is the largest particle physics laboratory in the world and runs approximately 210 clusters. Then there is Mercedes-Benz, which has pursued another model entirely. The global automaker gave a presentation at KubeCon Europe in May that described how it uses more than 900 Kubernetes clusters.

The German automaker was an early adopter of Kubernetes. It began experimenting with the container orchestration tool in 2015, only a year after Google LLC open-sourced the technology.

“We started small as a grassroots initiative,” Andrea Berg, manager of corporate communications at Mercedes-Benz North America Corp., said in comments provided to SiliconANGLE. “It was driven in a ‘from developers to developers’ mindset and became more and more successful. We helped change the mindset of our company towards cloud-native and free and open-source software.”

Mercedes-Benz Tech Innovation, the company’s subsidiary for overseeing company-wide technology, has grown its structure to support hundreds of application development teams. As the number of Kubernetes clusters grew, the company realized that it would need a tool to manage them. It turned to Cluster API on OpenStack, a Kubernetes-native way to manage clusters among different cloud providers.

The company also created a culture where developers would soon realize that as applications were completed, there would be no more ticket desks to run them. Automation tools would drive DevOps.

“We realized that a single shared cluster would not fit our needs,” Jens Erat, DevOps engineer at Mercedes-Benz, said during a KubeCon Europe presentation. “We had engineers with in-depth knowledge; we understood the tech and decided to create our own solution instead. You build it, you run it. There’s an API for that.”

Knative eases developer burden

The API path toward an easier approach for deploying Kubernetes in the enterprise received a boost in March when the Cloud Native Computing Foundation announced that it would accept Knative as an incubating project. Originally developed by Google, Knative is an open-source, Kubernetes-based platform for managing serverless and event-driven applications.

The concept behind severless technology is to bundle applications as functions, upload them to a platform, and have them automatically scaled and executed. Developers only have to deploy apps. They don’t have to worry about where they run or how a given network is handling them.

A number of major companies have a vested interest in seeing Knative become more widely used. Red Hat, IBM, VMware and TriggerMesh have worked with Google to Strengthen Knative’s ability to manage serverless and event-driven applications on top of the Kubernetes platform.

“We see a lot of interest,” Roland Huss, senior principal software engineer at Red Hat Inc., said in an interview with SiliconANGLE. “We heard before the move that many contributors were not looking into Knative because of not being part of a mutual foundation. We are still ramping up and really hope for more contributors.”

The road for Knative has been a bumpy one, which has exposed growing pains as the Kubernetes community has expanded. Google took some heat for previously deciding not to donate Knative, before announcing a change of heart in December.

Ahmet Alp Balkan, one of Google’s engineers who worked on different aspects of Knative prior to last year, penned a blog post that expressed concerns around how the serverless solution had been positioned within the developer community. Among Balkan’s concerns was the description of Knative as a building block for Kubernetes itself.

“I think we overestimated how many people on the planet want to build a Heroku-like platform-as-a-service layer on top of Knative,” Balkan wrote. “Our messaging revolved around these ‘platform engineers’ or operators who could take Knative and build their UI/CLI experience on top. This was the target audience for those building blocks Knative had to offer. However, this turned out to be a very small and niche audience.”

Need for greater security

Thought leaders in the Kubernetes community have also become more attuned to security for the container orchestration tool. Feedback from the user base has validated this focus.

In May, Red Hat published the results of a survey that found that 93% of respondents had experienced at least one security incident in their container or Kubernetes environments. More than half of respondents had delayed or slowed application deployment over security concerns. The report’s findings received additional credence in late June. Scanning tools used by the cybersecurity research firm Cyble Inc. uncovered 900,000 Kubernetes instances that were exposed online.

“Real DevSecOps requires breaking down silos between developers, operations and security, including network security teams,” said Kirsten Newcomer, director of cloud and DevSecOps strategy at Red Hat, during a KubeCon Europe interview with SiliconANGLE. “The Kubernetes paradigm requires involvement. It forces involvement of developers in things like network policy for things like the software-defined network layer.”

There is also an expanding list of open-source tools for hardening Kubernetes environments. KubeLinter is a static analysis tool that can identify misconfigurations in Kubernetes deployments. Security-Enhanced Linux, a default security feature implemented in Red Hat OpenShift, provides policy-based access control. And the CNCF project Falco acts as a form of security camera for containers, detecting unusual behavior or configuration changes in real time. Falco has reportedly been downloaded more than 45 million times.

With Kubernetes, it is easy to get caught up in metrics surrounding enterprise adoption, security and application deployments. Yet behind the increased dependence on containers can be found an important element that gets lost in the noise. Whether Kubernetes is complex or not, a lot of people now depend on this technology to work.

Near the end of his dialogue this spring with Docker’s Johnston, Hightower related a story about his previous work for a financial firm that processed shopping transactions for families needing government assistance. At one point, the transaction processor crashed and Hightower joined his colleagues in a “war room” as programmers followed a laborious set of steps to reboot the system and get the platform working.

“We’re just looking at this screen, some things were turning green and some were turning red, and the things turning red were the result of payments being declined,” Hightower recalled. “Each of those items turning red on the dashboard represented someone with their whole family trying to buy groceries. Their only option was to leave all of their groceries there. What we have to do as a community is remind ourselves that it’s people over technology, always.”

Image: distelAPPArath/Pixabay

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Mon, 08 Aug 2022 06:22:00 -0500 en-US text/html https://siliconangle.com/2022/08/08/it-industry-grapples-with-issues-around-complexity-and-security-as-kubernetes-adoption-grows-kubecon/
Killexams : Average Healthcare Data Breach Costs Surpass $10M, IBM Finds

Why do I have to complete a CAPTCHA?

Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.

What can I do to prevent this in the future?

If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.

If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.

Another way to prevent getting this page in the future is to use Privacy Pass. Check out the browser extension in the Chrome Web Store.

Wed, 27 Jul 2022 01:02:00 -0500 en-US text/html https://healthitsecurity.com/news/average-healthcare-data-breach-costs-surpass-10m-ibm-finds
Killexams : How a CIO’s approach to cloud, AI and ML is transforming Nigeria’s Dangote Industries

Prasanna Burri began his career as a mechanical engineer in India but had a secret passion for IT. His endeavour to get into the technology space led him to learn about enterprise application platforms and he eventually started his ERP career at IBM. Later he joined SAP Labs in the US where he was immersed in product management for cloud technology. Since 2013 he’s been overseeing the Dangote Group’s IT operations across Africa.  

In a big group like Dangote, how challenging is it to manage IT in all parts of the company?

It’s a complex organisation with a lot of diversified business lines and regions. We embrace proven technologies like the Microsoft platform for endpoint management servers, active directory, email and endpoint protection. It was a modest start but today we spend almost 10 times more than in 2014 on the Azure Cloud subscriptions. Almost all our applications run in the cloud and I can say about 95% of our operations run in different cloud environments, whether SAP or Microsoft. We continue to expand to implement some near processes and go through continuous improvement cycles, and we’re a certified SAP Center of Excellence. We also have a very strong hybrid cloud infrastructure and a dedicated, in-house talent base that’s open to embracing newer technologies like AI and ML.

Can you describe the importance of cloud technologies across Africa today?

There’s an increasing appetite even though infrastructure scaling is time-consuming in terms of logistics bringing in equipment. A lot of good talent from Africa is migrating to greener pastures, especially in the last few years. With cloud technologies, though, companies can scale despite talent shortages in the region, and support tech talent can also be found anywhere in the world. We ultimately don’t need to suffer from the latency of acquisitions of equipment. It’s a big shot in the arm, especially in the environment we operate in where we can scale fast and where we have more visibility and control over what’s happening due to remote management options and features available with these platforms. It’s also necessary to have a hybrid system set up in case of any large-scale disruption even though they’re rare. Cloud is the way to go but it depends on the industry and the region.

With cloud technologies come the opportunity to implement AI and ML. How is the company taking advantage of this?

We have at least three use cases we’ve been working on: logistics, which is fleet management for our trucks; the master data management and data clean-up, which AI can do a better job; and where we can run optical character recognition (OCR) automatically on vendor invoices using Microsoft cloud Power Platform, along with ML services. We’re also trying to leverage the capabilities of AI and ML in security on the Azure platform, where Microsoft endpoint manager and Intune orchestrate security of servers and endpoints, as well as mobile devices, across the group from the cloud.

What is the state of connectivity that strings all these technologies together?

We don’t see as many disruptions and downtime for business solely due to network connectivity. It’s a lot less nowadays than maybe five years ago. There’s also a continuous growth in bandwidth. A lot of times, there are issues in the last mile. The trunk routes are generally okay, but there’s still always room for growth and optimisation, and there’s reasonable capacity, especially in urban regions with the advent of some newer technologies like Starlink. I expect that in a year or two, we’ll start seeing a greater prevalence of connectivity in the remote parts as well. 

What other challenges do you face when implementing these technologies in the company?

Technology in itself is never a problem. The hardest part is acquiring talent. Sometimes you don’t find engineering talent or the talent you have has matured, which may leave you short because they’ve found better opportunities in the West or Middle East, for instance. Then there’s user adoption and change management in processes and new technologies. Those are the two challenges that revolve around implementing new technologies.

How then do you find talent and screen them for suitability?

Most of the time, we hire people based on their attitude and knowledge, and in some cases also for their experience. We use recruiting tools for job board postings, and online assessment tools to pick qualified people based on the job specification. Then in some cases, they might even receive some additional assignments to ensure that the aptitude is there.

How big is the ICT team at Dangote Group?

We are close to 150 personnel and a good part of our team belongs to endpoint security and last-mile tech support. We have one of the leanest shops from that aspect, but we’re looking to hire more local talent and be more resilient due to the changing pressure of acquiring talent from the marketplace. We also have a constant flurry of training from original equipment manufacturers (OEMs) and subscriptions for LinkedIn Learning for the majority of our information work staff.

What would be your parting shot to other Africa-based enterprises looking to adopt cloud, AI and machine learning?

The primary goal is to sustain and enable businesses to operate efficiently with certain proven innovations. Also, the target is to expand the presence of the organisation in the market, and keep customers happy. IT experts should know the goal of the business before adopting technology. They can think through challenges like how to make sure the dispatch operations run without stopping, ensure there’s adequate disaster resilience, and that end users are being productive with such tools and services. Successful IT leaders have a consultancy and advisory approach. They understand the needs of the business and can conceive solutions and relay them in a way that gets the buy-in from the leadership.

Tue, 26 Jul 2022 22:06:00 -0500 Author: Vincent Matinde en-US text/html https://www.cio.com/article/403815/how-a-cios-approach-to-cloud-ai-and-ml-is-transforming-nigerias-dangote-industries.html
Killexams : IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High

60% of breached businesses raised product prices post-breach; vast majority of critical infrastructure lagging in zero trust adoption; $550,000 in extra costs for insufficiently staffed businesses

CAMBRIDGE, Mass., July 27, 2022 /PRNewswire/ -- IBM (NYSE: IBM) Security today released the annual Cost of a Data Breach Report,1 revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations. With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

The perpetuality of cyberattacks is also shedding light on the "haunting effect" data breaches are having on businesses, with the IBM report finding 83% of studied organizations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.

The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.

Some of the key findings in the 2022 IBM report include:

  • Critical Infrastructure Lags in Zero Trust – Almost 80% of critical infrastructure organizations studied don't adopt zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28% of breaches amongst these organizations were ransomware or destructive attacks.
  • It Doesn't Pay to Pay – Ransomware victims in the study that opted to pay threat actors' ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.
  • Security Immaturity in Clouds – Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments.
  • Security AI and Automation Leads as Multi-Million Dollar Cost Saver – Participating organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.

"Businesses need to put their security defenses on the offense and beat attackers to the punch. It's time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases." said Charles Henderson, Global Head of IBM Security X-Force. "This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked."

Over-trusting Critical Infrastructure Organizations
Concerns over critical infrastructure targeting appear to be increasing globally over the past year, with many governments' cybersecurity agencies urging vigilance against disruptive attacks. In fact, IBM's report reveals that ransomware and destructive attacks represented 28% of breaches amongst critical infrastructure organizations studied, highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations. This includes financial services, industrial, transportation and healthcare companies amongst others.

Despite the call for caution, and a year after the Biden Administration issued a cybersecurity executive order that centers around the importance of adopting a zero trust approach to strengthen the nation's cybersecurity, only 21% of critical infrastructure organizations studied adopt a zero trust security model, according to the report. Add to that, 17% of breaches at critical infrastructure organizations were caused due to a business partner being initially compromised, highlighting the security risks that over-trusting environments pose.

Businesses that Pay the Ransom Aren't Getting a "Bargain"
According to the 2022 IBM report, businesses that paid threat actors' ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay – not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs - all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts and looking at potential federal offenses.

The persistence of ransomware, despite significant global efforts to impede it, is fueled by the industrialization of cybercrime. IBM Security X-Force discovered the duration of studied enterprise ransomware attacks shows a drop of 94% over the past three years – from over two months to just under four days. These exponentially shorter attack lifecycles can prompt higher impact attacks, as cybersecurity incident responders are left with very short windows of opportunity to detect and contain attacks. With "time to ransom" dropping to a matter of hours, it's essential that businesses prioritize rigorous testing of incident response (IR) playbooks ahead of time. But the report states that as many as 37% of organizations studied that have incident response plans don't test them regularly.

Hybrid Cloud Advantage
The report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organizations studied. Averaging $3.8 million in breach costs, businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average respectively. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.

The report highlights that 45% of studied breaches occurred in the cloud, emphasizing the importance of cloud security. However, a significant 43% of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs2. Businesses studied that did not implement security practices across their cloud environments required an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains.

Additional findings in the 2022 IBM report include:

  • Phishing Becomes Costliest Breach Cause – While compromised credentials continued to reign as the most common cause of a breach (19%), phishing was the second (16%) and the costliest cause, leading to $4.91 million in average breach costs for responding organizations.
  • Healthcare Breach Costs Hit Double Digits for First Time Ever– For the 12th year in a row, healthcare participants saw the costliest breaches amongst industries with average breach costs in healthcare increasing by nearly $1 million to reach a record high of $10.1 million.
  • Insufficient Security Staffing – Sixty-two percent of studied organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed.

Additional Sources

  • To download a copy of the 2022 Cost of a Data Breach Report, please visit: https://www.ibm.com/security/data-breach.
  • Read more about the report's top findings in this IBM Security Intelligence blog.
  • Sign up for the 2022 IBM Security Cost of a Data Breach webinar on Wednesday, August 3, 2022, at 11:00 a.m. ET here.
  • Connect with the IBM Security X-Force team for a personalized review of the findings: https://ibm.biz/book-a-consult.

About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development, and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

Press Contact:

IBM Security Communications
Georgia Prassinos
gprassinos@ibm.com

1 Cost of a Data Breach Report 2022, conducted by Ponemon Institute, sponsored, and analyzed by IBM
2 Average cost of $4.53M, compared to average cost $3.87 million at participating organizations with mature-stage cloud security practices

Photo - https://mma.prnewswire.com/media/1865847/IBM_CODB.jpg

Logo - https://mma.prnewswire.com/media/95470/ibm_logo.jpg 

SOURCE IBM

Tue, 26 Jul 2022 16:01:00 -0500 en text/html https://www.prnewswire.co.uk/news-releases/ibm-report-consumers-pay-the-price-as-data-breach-costs-reach-all-time-high-877600169.html
M9510-747 exam dump and training guide direct download
Training Exams List