Pass your P2170-749 exam in just 24 hours with killexams.

You require valid and upward up to right now P2170-749 examcollection with Cheatsheet to complete IBM P2170-749 Exam. Practice these types of P2170-749 cram to enhance your own knowledge and complete your examination along with High Marks. All of us ensure your achievement in P2170-749 examination along with good marks, in case you remember these Latest Topics and Real Exam Questions along with examcollection.

Exam Code: P2170-749 Practice exam 2022 by Killexams.com team
IBM i2 Intelligence Technical Mastery Test v2
IBM Intelligence test
Killexams : IBM Intelligence test - BingNews https://killexams.com/pass4sure/exam-detail/P2170-749 Search results Killexams : IBM Intelligence test - BingNews https://killexams.com/pass4sure/exam-detail/P2170-749 https://killexams.com/exam_list/IBM Killexams : Why IBM Is More Than Just a Dividend Stock No result found, try new keyword!The iconic tech giant pays a hefty dividend, but its latest business transformation is also a big boon for investors. Mon, 08 Aug 2022 22:51:00 -0500 en-us text/html https://www.msn.com/en-us/money/topstocks/why-ibm-is-more-than-just-a-dividend-stock/ar-AA10tcLZ Killexams : Cybersecurity - what’s the real cost? Ask IBM
(Pixabay)

Cybersecurity has always been a concern for every type of organization. Even in normal times, a major breach is more than just the data economy’s equivalent of a ram-raid on Fort Knox; it has knock-on effects on trust, reputation, confidence, and the viability of some technologies. This is what IBM calls the “haunting effect”.

A successful attack breeds more, of course, both on the same organization again, and on others in similar businesses, or in those that use the same compromised systems. The unspoken effect of this is rising costs for everyone, as all enterprises are forced to spend money and time on checking if they have been affected too.

But in our new world of COVID-19, disrupted economies, climate change, remote working, soaring inflation, and looming recession, all such effects are all amplified. Throw in a war that’s hammering on Europe’s door (with political echoes across the Middle East and Asia) and it’s a wonder any of us can get out of bed in the morning.

So, what are the real costs of a successful cyberattack – not just hacks, viruses, and Trojans, but also phishing, ransomware, and concerted campaigns against supply chains and code repositories?

According to IBM’s latest annual survey, breach costs have risen by an unlucky 13% over the past two years, as attackers, which include hostile states, have probed the systemic and operational weaknesses exposed by the pandemic.

The global average cost of a data breach has reached an all-time high of $4.35 million – at least, among the 550 organizations surveyed by the Ponemon Institute for IBM Security (over a year from March 2021). Indeed, IBM goes so far as to claim that breaches may be contributing to the rising costs of goods and services. The survey states:

Sixty percent of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

Incidents are also “haunting” organizations, says the company, with 83% having experienced more than one data breach, and with 50% of costs occurring more than a year after the successful attack.

Cloud maturity is a key factor, adds the report:

Forty-three percent of studied organizations are in the early stages [of cloud adoption] or have not started applying security practices across their cloud environments, observing over $660,000 in higher breach costs, on average, than studied organizations with mature security across their cloud environments.

Forty-five percent of respondents run a hybrid cloud infrastructure. This leads to lower average breach costs than among those operating a public- or private-cloud model: $3.8 million versus $5.02 million (public) and $4.24 million (private).

That said, those are still significant costs, and may suggest that complexity is what deters attackers, rather than having a single target to hit. Nonetheless, hybrid cloud adopters are able to identify and contain data breaches 15 days faster on average, says the report.

However, with 277 days being the average time lag – an extraordinary figure – the real lesson may be that today’s enterprise systems are adept at hiding security breaches, which may appear as normal network traffic. Forty-five percent of breaches occurred in the cloud, says the report, so it is clearly imperative to get on top of security in that domain.

IBM then makes the following bold claim :

Participating organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.

Whether this finding will stand for long as attackers explore new ways to breach automated and/or AI-based systems – and perhaps automate attacks of their own invisibly – remains to be seen. Compromised digital employee, anyone?

Global systems at risk

But perhaps the most telling finding is that cybersecurity has a political dimension – beyond the obvious one of Russian, Chinese, North Korean, or Iranian state incursions, of course.

Concerns over critical infrastructure and global supply chains are rising, with threat actors seeking to disrupt global systems that include financial services, industrial, transportation, and healthcare companies, among others.

A year ago in the US, the Biden administration issued an Executive Order on cybersecurity that focused on the urgent need for zero-trust systems. Despite this, only 21% of critical infrastructure organizations have so far adopted a zero-trust security model, according to the report. It states:

Almost 80% of the critical infrastructure organizations studied don’t adopt zero-trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28% of breaches among these organizations were ransomware or destructive attacks.

Add to that, 17% of breaches at critical infrastructure organizations were caused due to a business partner being initially compromised, highlighting the security risks that over-trusting environments pose.

That aside, one of the big stories over the past couple of years has been the rise of ransomware: malicious code that locks up data, enterprise systems, or individual computers, forcing users to pay a ransom to (they hope) retrieve their systems or data.

But according to IBM, there are no obvious winners or losers in this insidious practice. The report adds:

Businesses that paid threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay – not including the ransom amount paid.

However, when accounting for the average ransom payment – which according to Sophos reached $812,000 in 2021 – businesses that opt to pay the ransom could net higher total costs, all while inadvertently funding future ransomware attacks.”

The persistence of ransomware is fuelled by what IBM calls the “industrialization of cybercrime”.

The risk profile is also changing. Ransomware attack times show a massive drop of 94% over the past three years, from over two months to just under four days. Good news? Not at all, says the report, as the attacks may be higher impact, with more immediate consequences (such as destroyed data, or private data being made public on hacker forums).

My take

The key lesson in cybersecurity today is that all of us are both upstream and downstream from partners, suppliers, and customers in today’s extended enterprises. We are also at the mercy of reused but compromised code from trusted repositories, and even sometimes from hardware that has been compromised at source.

So, what is the answer? Businesses should ensure that their incident responses are tested rigorously and frequently in advance – along with using red-, blue-, or purple-team approaches (thinking like a hacker, a defender, or both).

Regrettably, IBM says that 37% of organizations that have IR plans in place fail to test them regularly. To paraphrase Spinal Tap, you can’t code for stupid.

Wed, 27 Jul 2022 12:00:00 -0500 BRAINSUM en text/html https://diginomica.com/cybersecurity-whats-real-cost-ask-ibm
Killexams : IBM, MIT AI tool generates questions to help clinicians using EHRs

IBM and Massachusetts Institute of Technology data scientists teamed up to create an artificial intelligence tool that generates questions to help healthcare professionals use EHRs more effectively and efficiently, according to their paper published June 6.

Working with 10 medical experts and using more than 100 patient discharge summaries, researchers at IBM and MIT compiled more than 2,000 questions and 1,000 triggers of questions that physicians may ask when looking at a patient's EHR. They categorized each question or trigger written by the medical experts into groups such as symptom/sign, demographics and test results, making it easier for physicians to navigate through the questions. 

The team then trained a data model to do this organically. For instance, if an EHR notes that a patient had a mass in their neck, one question generated may be about its size or color, in the category of symptoms. 

They found that their model produced a high-quality question 62.5 percent of the time in response to a prompt, but only if given more context. Without the context, the question generation quality declined. 

"Our results demonstrate that existing machine learning systems, including large-scale neural networks, struggle with the tasks we propose. We encourage the community to Improve on our baseline models," the researchers wrote. They also opened their machine learning tool to the public for continued work.

Wed, 20 Jul 2022 09:48:00 -0500 en-gb text/html https://www.beckershospitalreview.com/ehrs/ibm-mit-ai-tool-generates-questions-to-help-clinicians-using-ehrs.html
Killexams : All the Virtual Friends We Made Along the Way

Gizmodo is 20 years old! To celebrate the anniversary, we’re looking back at some of the most significant ways our lives have been thrown for a loop by our digital tools.

Virtual friends have been with us for a long time. They started as punch card chatbots in the 1960s and have evolved into platforms that control our smart homes. I don’t turn off a lightbulb without first barking an order to a digital assistant. It’s the kind of interaction we used to idealize in science fiction. Now that I’m living with it day-to-day, I realise that this lifestyle has been subtly imprinted on me since I started using computers.

Inventions like Eliza and IBM’s Shoebox back during America’s so-called “golden era” were merely the foundation of the digital friends in our inner circles today. We started normalizing daily interaction with this technology in the mid-’90s when we gave credence to the existence of things like caring for a digital pet and relying on chatbots to help us fish information. In honour of Gizmodo’s 20th anniversary, here’s a look at some of the ways we made “friends” with the digital world over the last couple of decades and what might be coming for us now with the advent of Web3.

It began with Clippy

“It looks like you’re doing something that requires me to pop up on the screen and distract you from the task at hand.” That was the basic gist of Microsoft’s Clippy, often referred to as the world’s most hated virtual assistant (ouch). I wouldn’t go as far as to say I hated Clippy, though it definitely had a habit of popping up at the most unnecessary time. Microsoft introduced Clippy in 1996 to try and help users with its new at-the-time Office software. But the minute you’d start typing out something, the animated little paper clip would pop up and ask how it could help, assuming you needed aid starting your draft.

Microsoft eventually sunsetted Clippy within its Office suite in 2007. Clippy has since been memorialised in the form of various fan-made Chrome extensions. Microsoft even made an official Clippy emoji in Windows 11.

SmarterChild: The first bot I ever insulted

SmarterChild is a chatbot near and dear to my heart. Although it’s not the original one to surface, it was the first I had an interaction with that freaked out my teenage brain to the extent that I remember asking myself, “Is this real?”

SmarterChild was a bot developed to work with the instant messaging programs at the time, including AOL Instant Messenger (AIM), Yahoo! Messenger, and what was previously known as MSN Messenger. The company behind SmarterChild, called ActiveBuddy, launched the chatbot in 2000. I vividly recall wasting time at the family computer, engaging in a going-nowhere conversation with SmarterChild, and saving screenshots (that I wish I’d backed up) of some gnarly replies.

I also remember getting emotional with it. This article from Vice describes interacting with SmarterChild almost perfectly:

I used SmarterChild as a practice wall for cursing and insults. I used the bot as a verbal punching bag, sending offensive queries and statements — sometimes in the company of my friends, but many times alone.

SmarterChild was meant to be a helper bot within your preferred messaging client that you could ping to look up information or play text-based games. In some ways, its existence was a foreshadowing predecessor to the bots we interact with now within chat clients like Slack and Discord. Although, I’m much nicer to those bots than I was to SmarterChild back in the day.

Neko on your screen

Remember desktop pets? They were nothing like real pets or even virtual pets of the time, but they were neat little applications for ornamenting the desktop with something cute and distracting. My favourite was Neko, a little pixelated cat that chased the mouse cursor as you moved around. There are still downloads circulating if anyone is fiending for some old-school computer companionship. I found a Chrome OS-compatible one, too.

Tamagotchi: the virtual pet still going strong

When we think of virtual friends, it’s hard not to bring up Bandai’s Tamagotchi digital pets. Tamagotchi was introduced in 1996 in Japan and then a year later to the U.S. The toy sold exponentially worldwide and has since spawned a hearty community of devoted collectors who have kept the toy thriving–yes, I count myself among these folks, though I only recently came into the community after I realised how much fun it is freaking out over the constant care of a virtual pet.

However, Tamagotchi did just more than spawn a lineup of toys. It introduced the concept of the “Tamagotchi effect,” essentially referring to the spike of dopamine one gets when checking in with their virtual pet and the emotional connections that develop as a result. Over the decades, there have been countless stories about the intense relationships people have had with Tamagotchi. Some caretakers have even gone as far as physically burying them after death.

Neopets: the Millennial’s first foray into the Metaverse

Devices like the Tamagotchi gave way to sites like Neopets. Neopets started as a virtual pet website where you could buy and own virtual pets and items using virtual currency. It’s been interesting to see how it chugged along through the years since its debut in 1999.

At its height, Neopets had about 20 million users. Nickelodeon bought it out in 2005 and then sold it again in 2014 to a company called JumpStart Games. The site is still accessible 20 years later, though it has fewer active users than when it first launched.

It is fun to read the initial coverage of Neopets and see parents complaining about the same things kids are still encountering online today. “The whole purpose of this site at this point is to keep kids in front of products,” Susan Linn, an author and psychologist, told CBS News in 2005. As if the Web3-obsessed internet of today isn’t already headed for the same fate. Have we learned nothing, people?

Sony’s Aibo reminds us robot dogs are real

The robot dog has seen many iterations through the past two decades, but none are as iconic as Sony’s Aibo, which launched in 1999. The name stands for Artificial Intelligence Robot, and it was programmed to learn as it goes, helping contribute to its lifelike interactivity. Despite the $US2,000 ($2,776) initial price tag, Sony managed to sell well over 150,000 units by 2015, when we reported on the funerals the owners of out-of-commission Aibo were having overseas.

Over the years, it became a blueprint for how a gadget company could manufacture a somewhat successful artificial companion–it certainly seems like a success on the outside, even if virtual pets could never fully replace the real things. The New York Times documentary, called Robotica, perfectly encapsulates the kind of bond people had with their Aibo dogs, which might have been why the company decided to resurrect it in 2017.

Welcome to the bizarre world of Seaman

I didn’t have a Sega Dreamcast, but I still had nightmares about Seaman. What started as a joke became one of the console’s best-selling titles. Dreamcast’s Seaman was a voice-activated game and one of the few that came with the detachable microphone accessory for the console. It also required a VMU that docked within the Dreamcast controller so that you could take Seaman on the go.

Seaman was not cute and cuddly like other digital pets and characters. He was often described as a “grouch,” though it was also one of the ways the game endeared itself to people. The microphone allowed you to talk to Seaman about your life, job, family, or whatever else you had on your mind. Seaman could remember your conversations, and Leonard Nimoy, the game’s narrator, might bring up related tidbits later, which added to the interactivity of this bizarre Dreamcast title.

The advent of the customer service bot

Listen, I’m not proud of it, but my interactions with SmarterChild in my teens gave way to the frustrating conversations I’ve had with digital customer service bots. You know the ones I’m talking about: they pop up when you’re on the shop’s page in the bottom corner and, like Clippy of yore, ask if you need help. Then, you reply to that bot asking if you can have help with an exchange, and it spirals from there.

There have been a plethora of customer service bots floating around the industry since the ‘90s, and they’re certainly not going anywhere. It also means that the new ones have passed the Turing Test enough to replace a job that’s one of the most gruelling and psychologically affecting.

IBM’s Watson beats Jeopardy’s human champions

IBM’s supercomputer, Watson, won Jeopardy in 2011 against two of its highest-ranking players of the time. It was a real-time showcase of how “human smart” computers could be during a period when it was one of the most advanced AI systems on Earth.

According to Wired, researchers had scanned about 200 million content pages into IBM’s Watson, including books, movie scripts, and encyclopedias. The system could browse through nearly 2 million pages of content in three seconds, which is why it seemed prime to compete against humans in a game that tested general knowledge.

Watson soon became problematic, which is what happens when you feed AI a bunch of information and don’t account for it. Watson had access to the user-submitted Urban Dictionary, which in turn made it into a “hot mess.” A few years later, it started recommending cancer treatments deemed “unsafe and incorrect,” which became exemplary of what happens when you feed the algorithm the wrong information.

Apple introduces Siri, which freaks everyone out

The human panic for artificial intelligence took off with the introduction of Apple’s Siri, launched in 2011 as the company’s “personal assistant” for the iPhone 4S. Folks were reacting as if Skynet’s cautionary tale had come true and the robots were finally going to take over because their phones could make a phone call with a mere voice command. The horror!

What Siri actually did was normalize everyday interactions with a digital entity. Siri also helped light the fire under Google and the rest of its competition to hurry along with their own voice-activated assistants. And on a softer side of the internet, there were stories of parasocial relationships forming between the digital assistants and neurodivergent humans seeking connection.

Google and Amazon make us simp for digital assistants

I walk into my house every day and feel like the leader of my domain because everything I do requires shouting a command. Whether turning on the lights, adjusting the thermostat, or ensuring that the people downstairs can hear my requests from upstairs, I am constantly pinging the Google Assistant and Amazon’s Alexa to make something happen in my smart home.

Google and Amazon’s respective digital assistants have come a long way since they stormed onto the scene. The Google Assistant started as a simple weather checker and command-taker on Android, while Amazon’s Alexa resulted from an acquisition. They’ve since become platforms that have introduced helpful hands-free features, which we can’t bring up without bringing up digital surveillance concerns.

There is an eeriness to living with a virtual assistant that’s always listening for your command. I was one of the first users to adopt the Google Home with the Assistant and get it programmed. In the past six years, I can count a handful of times off the top of my head where it’s responded to something I said when I hadn’t even queried it. The maintenance for these assistants can be a headache, too. When something’s not working right or integration is improperly set up, it can bring down the mood enough that you start pondering why you gave up your peace for the convenience of hands-free lights.

These digital assistants aren’t going anywhere. Right now, the smart home industry is gearing up for more parity between platforms, hopefully removing some of the headaches that we’ve invited bringing these things into our homes. But it’s a wonder how much more uncanny the assistants themselves will become in the coming years — especially now that Amazon is entertaining the idea of piping through your dead relative’s voice.

Stop taking your emotions out on Twitter bots

I’ve another confession: I’ve gotten into it with a Twitter bot before realising it was a fake person! Twitter bots were once a very annoying part of using the platform. I mean, they still are. Folks are either getting duped out of love or bots attempt to sway politics and fandom in a certain way.

Bots are still an issue on the social network, though Twitter seems to have gotten better at weeding them out. Apparently, they’re still a big issue for Elon Musk, too.

Microsoft’s Tay had absolutely no chill whatsoever

Microsoft’s Tay caused quite a stir when it showed up in 2016. The bot was the brainchild of the company’s Technology and Research and the Bing team. It had created the bot in an attempt to research conversational understanding. Instead, it showed us how awful people could be when they’re interacting with artificial intelligence.

Tay’s name was based on an acronym that spelled out “thinking about you,” which perhaps set the stage for why no one was taking this bot seriously. It was also built to mine public data, which is why things took a turn for the worse so quickly. As we reported back then:

While things started off innocently enough, Godwin’s Law — an internet rule dictating that an online discussion will inevitably devolve into fights over Adolf Hitler and the Nazis if left for long enough — eventually took hold. Tay quickly began to spout off racist and xenophobic epithets, largely in response to the people who were tweeting at it — the chatbot, after all, takes its conversational cues from the world wide web. Given that the internet is often a massive garbage fire of the worst parts of humanity, it should come as no surprise that Tay began to take on those characteristics.

Once Tay was available for the public to interact with, people were able to exploit the bot enough that it started posting racist and misogynist messages in response to people’s queries. It’s similar to what happened to IBM’s Watson.

Tay was eventually taken off the internet the same year it made its debut after being suspended for reprogramming. We haven’t heard from the bot since then.

The men who fall in love with their robot girlfriends

This is becoming increasingly common, at least in the tabloids: men who claim to have fallen in love with chatbots. Although it’s not a new sensation — we’ve reported on this phenomenon as far back as 2008 — it’s a wonder if it’ll become commonplace now that AI is more sophisticated.

Sometimes it’s hard to snark when you see folks using artificial intelligence as a way to hold on to life. Last year, the SF Chronicle published a story about how one man managed to digitally immortalise his late fiancée with the help of an off-the-shelf AI program called Project December.

“Sentient AI”?

Google has spent the better half of the last couple of years selling us on its new machine learning models and what’s to come. And while most demonstrations come off as a confusing cacophony of computers talking to one another, the smarts exhibited have also inspired conversations about its true capabilities.

Most recently, the latest case involves software engineer Blake Lemoine, who was working with Google’s LaMDA system in a research capacity. Lemoine claimed that LaMDA carried an air of sentience in its responses, unlike other artificial intelligence. It’s since sparked a massive debate on the validity of the AI sentience.

However, Google didn’t immediately fire him; it took a little over a month for him to get the boot. In June 2022, Lemoine was placed on administrative leave for breaching a confidentiality agreement after roping in government members and hiring a lawyer. That’s a big no-no from Google, which is trying to remain under the radar with all that anti-trust business! The company maintained that it reviewed Lemoine’s claims and concluded they were “wholly unfounded.” Indeed, other AI experts spoke up in the weeks following the news about the lack of viability in claiming that the LaMDA chatbot had thoughts and feelings. Lemoine has since said that Google’s chatbot is racist, an assertion that will likely be less controversial with the AI community.

A chatbot for the Metaverse

There’s already a chatbot for the Metaverse! It’s called Kuki AI, and it’s an offshoot of the Mitsuku chatbot, which has been in development since 2005 and won a handful of Turing Tests.

Kuki claims to be an 18-year-old female. She already has a virtual, physical body. You can chat with her through her online portal or on sites like Facebook, Twitch, Discord, and Kik Messenger. She can also be seen making cameos inside Roblox.

Kuki encourages you to think of her “as kind of like Siri or Alexa, but more fun.” Currently, Kuki is a virtual model and has even graced the catwalk at Crypto Fashion Week.

I can’t help but notice the similarities between how we commodify women’s bodies in the real and virtual worlds. Unfortunately, that dynamic is following us into the “Metaverse.” Some things change, and some things stay the same.

Mon, 01 Aug 2022 17:00:00 -0500 en-AU text/html https://www.gizmodo.com.au/2022/08/all-the-virtual-friends-we-made-along-the-way/
Killexams : IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High

60% of breached businesses raised product prices post-breach; vast majority of critical infrastructure lagging in zero trust adoption; $550,000 in extra costs for insufficiently staffed businesses

CAMBRIDGE, Mass., July 27, 2022 /PRNewswire/ -- IBM (NYSE: IBM) Security today released the annual Cost of a Data Breach Report,1 revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations. With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

The perpetuality of cyberattacks is also shedding light on the "haunting effect" data breaches are having on businesses, with the IBM report finding 83% of studied organizations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.

The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.

Some of the key findings in the 2022 IBM report include:

  • Critical Infrastructure Lags in Zero Trust - Almost 80% of critical infrastructure organizations studied don't adopt zero trust strategies, seeing average breach costs rise to $5.4 million - a $1.17 million increase compared to those that do. All while 28% of breaches amongst these organizations were ransomware or destructive attacks.
  • It Doesn't Pay to Pay - Ransomware victims in the study that opted to pay threat actors' ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay - not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.
  • Security Immaturity in Clouds - Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments.
  • Security AI and Automation Leads as Multi-Million Dollar Cost Saver- Participating organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology - the biggest cost saver observed in the study.

"Businesses need to put their security defenses on the offense and beat attackers to the punch. It's time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases." said Charles Henderson, Global Head of IBM Security X-Force. "This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked."

Over-trusting Critical Infrastructure Organizations
Concerns over critical infrastructure targeting appear to be increasing globally over the past year, with many governments' cybersecurity agencies urging vigilance against disruptive attacks. In fact, IBM's report reveals that ransomware and destructive attacks represented 28% of breaches amongst critical infrastructure organizations studied, highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations. This includes financial services, industrial, transportation and healthcare companies amongst others.

Despite the call for caution, and a year after the Biden Administration issued a cybersecurity executive order that centers around the importance of adopting a zero trust approach to strengthen the nation's cybersecurity, only 21% of critical infrastructure organizations studied adopt a zero trust security model, according to the report. Add to that, 17% of breaches at critical infrastructure organizations were caused due to a business partner being initially compromised, highlighting the security risks that over-trusting environments pose.

Businesses that Pay the Ransom Aren't Getting a "Bargain"
According to the 2022 IBM report, businesses that paid threat actors' ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay - not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs - all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts and looking at potential federal offenses.

The persistence of ransomware, despite significant global efforts to impede it, is fueled by the industrialization of cybercrime. IBM Security X-Force discovered the duration of studied enterprise ransomware attacks shows a drop of 94% over the past three years - from over two months to just under four days. These exponentially shorter attack lifecycles can prompt higher impact attacks, as cybersecurity incident responders are left with very short windows of opportunity to detect and contain attacks. With "time to ransom" dropping to a matter of hours, it's essential that businesses prioritize rigorous testing of incident response (IR) playbooks ahead of time. But the report states that as many as 37% of organizations studied that have incident response plans don't test them regularly.

Hybrid Cloud Advantage
The report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organizations studied. Averaging $3.8 million in breach costs, businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average respectively. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.

The report highlights that 45% of studied breaches occurred in the cloud, emphasizing the importance of cloud security. However, a significant 43% of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs2. Businesses studied that did not implement security practices across their cloud environments required an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains.

Additional findings in the 2022 IBM report include:

  • Phishing Becomes Costliest Breach Cause - While compromised credentials continued to reign as the most common cause of a breach (19%), phishing was the second (16%) and the costliest cause, leading to $4.91 million in average breach costs for responding organizations.
  • Healthcare Breach Costs Hit Double Digits for First Time Ever- For the 12th year in a row, healthcare participants saw the costliest breaches amongst industries with average breach costs in healthcare increasing by nearly $1 million to reach a record high of $10.1 million.
  • Insufficient Security Staffing - Sixty-two percent of studied organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed.

Additional Sources

  • To download a copy of the 2022 Cost of a Data Breach Report, please visit: https://www.ibm.com/security/data-breach.
  • Read more about the report's top findings in this IBM Security Intelligence blog.
  • Sign up for the 2022 IBM Security Cost of a Data Breach webinar on Wednesday, August 3, 2022, at 11:00 a.m. EThere.
  • Connect with the IBM Security X-Force team for a personalized review of the findings: https://ibm.biz/book-a-consult.

About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development, and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check?www.ibm.com/security, follow?@IBMSecurity?on Twitter or visit the?IBM Security Intelligence?blog.

Press Contact:

IBM Security Communications
Georgia Prassinos
gprassinos@ibm.com

1Cost of a Data Breach Report 2022, conducted by Ponemon Institute, sponsored, and analyzed by IBM
2 Average cost of $4.53M, compared to average cost $3.87 million at participating organizations with mature-stage cloud security practices

Photo - https://mma.prnewswire.com/media/1865847/IBM_CODB.jpg

Logo - https://mma.prnewswire.com/media/95470/ibm_logo.jpg

Tue, 26 Jul 2022 18:03:00 -0500 de text/html https://www.finanznachrichten.de/nachrichten-2022-07/56648776-ibm-report-consumers-pay-the-price-as-data-breach-costs-reach-all-time-high-008.htm
Killexams : Emulating The IBM PC On An ESP32

The IBM PC spawned the basic architecture that grew into the dominant Wintel platform we know today. Once heavy, cumbersome and power thirsty, it’s a machine that you can now emulate on a single board with a cheap commodity microcontroller. That’s thanks to work from [Fabrizio Di Vittorio], who has shared a how-to on Youtube. 

The full playlist is quite something to watch, showing off a huge number of old-school PC applications and games running on the platform. There’s QBASIC, FreeDOS, Windows 3.0, and yes, of course, Flight Simulator. The latter game was actually considered somewhat of a de facto standard for PC compatibility in the 1980s, so the fact that the ESP32 can run it with [Fabrizio’s] code suggests he’s done well.

It’s amazingly complete, with the ESP32 handling everything from audio and video to sound output and keyboard and mouse inputs. It’s a testament to the capability of modern microcontrollers that this is such a simple feat in 2021.

We’ve seen the ESP32 emulate 8-bit gaming systems before, too. If you remember [Fabrizio’s] name, it’s probably from his excellent FabGL library. Videos after the break.

Fri, 05 Aug 2022 12:00:00 -0500 Lewin Day en-US text/html https://hackaday.com/2021/07/28/emulating-the-ibm-pc-on-an-esp32/
Killexams : Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST

A month after the National Institute of Standards and Technology (NIST) revealed the first quantum-safe algorithms, Amazon Web Services (AWS) and IBM have swiftly moved forward. Google was also quick to outline an aggressive implementation plan for its cloud service that it started a decade ago.

It helps that IBM researchers contributed to three of the four algorithms, while AWS had a hand in one. Google is also among those who contributed to SPHINCS+.

A long process that started in 2016 with 69 original candidates ends with the selection of four algorithms that will become NIST standards, which will play a critical role in protecting encrypted data from the vast power of quantum computers.

NIST's four choices include CRYSTALS-Kyber, a public-private key-encapsulation mechanism (KEM) for general asymmetric encryption, such as when connecting websites. For digital signatures, NIST selected CRYSTALS-Dilithium, FALCON, and SPHINCS+. NIST will add a few more algorithms to the mix in two years.

Vadim Lyubashevsky, a cryptographer who works in IBM's Zurich Research Laboratories, contributed to the development of CRYSTALS-Kyber, CRYSTALS-Dilithium, and Falcon. Lyubashevsky was predictably pleased by the algorithms selected, but he had only anticipated NIST would pick two digital signature candidates rather than three.

Ideally, NIST would have chosen a second key establishment algorithm, according to Lyubashevsky. "They could have chosen one more right away just to be safe," he told Dark Reading. "I think some people expected McEliece to be chosen, but maybe NIST decided to hold off for two years to see what the backup should be to Kyber."

IBM's New Mainframe Supports NIST-Selected Algorithms

After NIST identified the algorithms, IBM moved forward by specifying them into its recently launched z16 mainframe. IBM introduced the z16 in April, calling it the "first quantum-safe system," enabled by its new Crypto Express 8S card and APIs that provide access to the NIST APIs.

IBM was championing three of the algorithms that NIST selected, so IBM had already included them in the z16. Since IBM had unveiled the z16 before the NIST decision, the company implemented the algorithms into the new system. IBM last week made it official that the z16 supports the algorithms.

Anne Dames, an IBM distinguished engineer who works on the company's z Systems team, explained that the Crypto Express 8S card could implement various cryptographic algorithms. Nevertheless, IBM was betting on CRYSTAL-Kyber and Dilithium, according to Dames.

"We are very fortunate in that it went in the direction we hoped it would go," she told Dark Reading. "And because we chose to implement CRYSTALS-Kyber and CRYSTALS-Dilithium in the hardware security module, which allows clients to get access to it, the firmware in that hardware security module can be updated. So, if other algorithms were selected, then we would add them to our roadmap for inclusion of those algorithms for the future."

A software library on the system allows application and infrastructure developers to incorporate APIs so that clients can generate quantum-safe digital signatures for both classic computing systems and quantum computers.

"We also have a CRYSTALS-Kyber interface in place so that we can generate a key and provide it wrapped by a Kyber key so that could be used in a potential key exchange scheme," Dames said. "And we've also incorporated some APIs that allow clients to have a key exchange scheme between two parties."

Dames noted that clients might use Dilithium to generate digital signatures on documents. "Think about code signing servers, things like that, or documents signing services, where people would like to actually use the digital signature capability to ensure the authenticity of the document or of the code that's being used," she said.

AWS Engineers Algorithms Into Services

During Amazon's AWS re:Inforce security conference last week in Boston, the cloud provider emphasized its post-quantum cryptography (PQC) efforts. According to Margaret Salter, director of applied cryptography at AWS, Amazon is already engineering the NIST standards into its services.

During a breakout session on AWS' cryptography efforts at the conference, Salter said AWS had implemented an open source, hybrid post-quantum key exchange based on a specification called s2n-tls, which implements the Transport Layer Security (TLS) protocol across different AWS services. AWS has contributed it as a draft standard to the Internet Engineering Task Force (IETF).

Salter explained that the hybrid key exchange brings together its traditional key exchanges while enabling post-quantum security. "We have regular key exchanges that we've been using for years and years to protect data," she said. "We don't want to get rid of those; we're just going to enhance them by adding a public key exchange on top of it. And using both of those, you have traditional security, plus post quantum security."

Last week, Amazon announced that it deployed s2n-tls, the hybrid post-quantum TLS with CRYSTALS-Kyber, which connects to the AWS Key Management Service (AWS KMS) and AWS Certificate Manager (ACM). In an update this week, Amazon documented its stated support for AWS Secrets Manager, a service for managing, rotating, and retrieving database credentials and API keys.

Google's Decade-Long PQC Migration

While Google didn't make implementation announcements like AWS in the immediate aftermath of NIST's selection, VP and CISO Phil Venables said Google has been focused on PQC algorithms "beyond theoretical implementations" for over a decade. Venables was among several prominent researchers who co-authored a technical paper outlining the urgency of adopting PQC strategies. The peer-reviewed paper was published in May by Nature, a respected journal for the science and technology communities.

"At Google, we're well into a multi-year effort to migrate to post-quantum cryptography that is designed to address both immediate and long-term risks to protect sensitive information," Venables wrote in a blog post published following the NIST announcement. "We have one goal: ensure that Google is PQC ready."

Venables recalled an experiment in 2016 with Chrome where a minimal number of connections from the Web browser to Google servers used a post-quantum key-exchange algorithm alongside the existing elliptic-curve key-exchange algorithm. "By adding a post-quantum algorithm in a hybrid mode with the existing key exchange, we were able to test its implementation without affecting user security," Venables noted.

Google and Cloudflare announced a "wide-scale post-quantum experiment" in 2019 implementing two post-quantum key exchanges, "integrated into Cloudflare's TLS stack, and deployed the implementation on edge servers and in Chrome Canary clients." The experiment helped Google understand the implications of deploying two post-quantum key agreements with TLS.

Venables noted that last year Google tested post-quantum confidentiality in TLS and found that various network products were not compatible with post-quantum TLS. "We were able to work with the vendor so that the issue was fixed in future firmware updates," he said. "By experimenting early, we resolved this issue for future deployments."

Other Standards Efforts

The four algorithms NIST announced are an important milestone in advancing PQC, but there's other work to be done besides quantum-safe encryption. The AWS TLS submission to the IETF is one example; others include such efforts as Hybrid PQ VPN.

"What you will see happening is those organizations that work on TLS protocols, or SSH, or VPN type protocols, will now come together and put together proposals which they will evaluate in their communities to determine what's best and which protocols should be updated, how the certificates should be defined, and things like things like that," IBM's Dames said.

Dustin Moody, a mathematician at NIST who leads its PQC project, shared a similar view during a panel discussion at the RSA Conference in June. "There's been a lot of global cooperation with our NIST process, rather than fracturing of the effort and coming up with a lot of different algorithms," Moody said. "We've seen most countries and standards organizations waiting to see what comes out of our nice progress on this process, as well as participating in that. And we see that as a very good sign."

Thu, 04 Aug 2022 10:39:00 -0500 en text/html https://www.darkreading.com/dr-tech/amazon-ibm-move-swiftly-on-post-quantum-cryptographic-algorithms-selected-by-nist
Killexams : Artificial Intelligence is getting ‘scary good’ – four things AI programs can beat humans at

ARTIFICIAL intelligence systems have mastered some of mankind's best creations and natural intuitions.

These AI systems notched some of the first wins for the machines.

Major tech companies are investing billions in AI development

5

Major tech companies are investing billions in AI development

Down goes the chessmaster

Chess champion Garry Kasparov and the machine he faced played by regulation match rules

5

Chess champion Garry Kasparov and the machine he faced played by regulation match rulesCredit: AFP - Getty

Artificial intelligence and table games make a good pair because humans have been trying to develop perfect tactics for strategy games for decades or even centuries.

Chess is "known as a game that requires strategy, foresight, logic—all sorts of qualities that make up human intelligence," IBM researcher Murray Campbell told Scientific American.

Campbell and a team developed Deep Blue, a six-foot supercomputer that defeated chess grandmaster Garry Kasparov in a six-game series in 1997.

During the pivotal final game, Deep Blue made a move that Kasparov thought only a human could rationalize - Kasparov insisted the IBM team cheated, which they denied.

Deep Blue would make 100million calculations a second to select its attacks but an early move that splintered Kasparov's confidence was actually the result of a bug that caused the computer to choose a move at random.

Data journalist Nate Silver's book on analytical forecasting says that Kasparov's over-analysis of a "last-resort fail-safe" move may have cost him the tournament.

PokerBot

Poker's top players faced off against a poker-playing AI in head-to-head and later multiplayer games

5

Poker's top players faced off against a poker-playing AI in head-to-head and later multiplayer gamesCredit: Carnegie Mellon University

In chess, both players have access to all of the activity unfolding in the game - a player could mislead another into making a mistake, but both players can see and assess the whole of the board.

Texas Hold 'em is a card game with random draws, hidden information, and deception, making it an ideal playground for sophisticated artificial intelligence modeling.

The New York Times reported that even a simplified, two-player version of Texas Hold 'em with fixed bet amounts has 316,000,000,000,0000,0000 different potential outcomes.

Researchers at Carnegie Mellon University built Libratus, which defeated four of poker's best in head-to-head matchups over the course of 120,000 hands.

In 2019, engineers leveled up with Pluribus, their next iteration of self-improving poker-playing AI - Forbes reported that Pluribus can reflect on previous moves and act on the data.

Pluribus cleaned up five other human players at one table, marking the first time an AI program had beaten multiple players at the game.

Human professionals will try to replicate the AI-powered strategy by studying a model's calculations and the poker-playing community has to keep up with banning players using AI in games hosted online.

The robot that taught itself to walk

Researchers have built a robotic dog named Morti that taught itself to walk just an hour after coming online

5

Researchers have built a robotic dog named Morti that taught itself to walk just an hour after coming onlineCredit: Felix Ruppert /Dynamic Locomotion Group

Morti is a AI robot dog that learned to walk quicker than a human.

“Our robot is practically ‘born’ knowing nothing about its leg anatomy or how they work," Felix Ruppert study co-author, told The Independent.

As people and animals learn to become independent, the Central Pattern Generator (CPG) in the spinal cord communicates with the limbs and muscles to move.

Ruppert and study co-author Alexander Badri-Sprowitz built their "walking intelligence" system in a computer to model a naturally occurring CPG.

To learn how to walk, Morti's "virtual spinal cord" would check the pressure of a step against the CPG's predictions.

If Morti fell, the computer's algorithm would adjust the pendulum swing of its legs or the speed or time spent contacting the ground.

Human babies take about a year to learn how to walk because humans are less far along in developing their intellect at birth.

Morti differs from game-playing bots because the robotic dog is a demonstration of an artificial intelligence program powering movement, potentially resolving robots' history of clumsiness.

Reading comprehension

Microsoft Research Asia HQ is in Beijing

5

Microsoft Research Asia HQ is in BeijingCredit: AP:Associated Press

Evaluating studying comprehension is a staple in the American education system.

Reading is nearly twice as efficient as listening and it could be argued there is no single more important trait in learning than understanding what we read and being able to recall it.

In 2018, engineers at Microsoft Research Asia in Beijing built an AI bot that could read and understand just as well as a human.

The Microsoft model was tested against the Stanford Question Answering Dataset, a studying comprehension test made of questions based on Wikipedia articles.

Machine studying can be unsettling because while not everyone plays chess or poker, humans are biologically programmed to try to interpret letters and numbers, according to a study published in ScienceDaily.

Microsoft's machine studying model is available for public use on their site - plug in your own text and ask it questions to test the model's understanding.

Each of these systems represents a type of Artificial Narrow Intelligence - an AI system that's programmed to do one thing exceptionally well.

The next stage, artificial general intelligence, would be a computer that can do anything as well as a person, including reason, deception, and other more abstract human abilities that are not purely computational.

Sun, 24 Jul 2022 16:22:00 -0500 Tyler Baum en-gb text/html https://www.thesun.co.uk/tech/19304649/artificial-intelligence-robots-beat-humans/
Killexams : IBM report: Middle Eastern consumers pay the price as regional data breach costs reach all-time high

Riyadh, Saudi Arabia: IBM, the leading global technology company, has published a study highlighting the importance of cybersecurity in an increasingly digital age. According to IBM Security’s annual Cost of a Data Breach Report,  the Middle East has incurred losses of SAR 28 million from data breaches  in 2022 alone — this figure already exceeding the total amount of losses accrued in each of the last eight years. 

The latest edition of the Cost of a Data Breach Report — now in its 17th year — reveals costlier and higher-impact data breaches than ever before. As outlined by the study, the global average cost of a data breach has reached an all-time high of $4.35 million for surveyed organizations. With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

Notably, the report ranks the Middle East2 among the top five countries and regions for the highest average cost of a data breach. As per the study, the average total cost of a data breach in the Middle East amounted to SAR 28 million in 2022, the region being second only to the United States on the list. The report also spotlights the industries across the Middle East that have suffered the highest per-record costs in millions; the financial (SAR 1,039), health (SAR 991) and energy (SAR 950) sectors taking first, second and third spot, respectively.    

Fahad Alanazi, IBM Saudi General Manager, said: “Today, more so than ever, in an increasingly connected and digital age, cybersecurity is of the utmost importance. It is essential to safeguard businesses and privacy. As the digital economy continues to evolve, enhanced security will be the marker of a modern, world class digital ecosystem.” 

He continued: “At IBM, we take great pride in enabling the people, businesses and communities we serve to fulfil their potential by empowering them with state-of-the-art services and support. Our findings reiterate just how important it is for us, as a technology leader, to continue pioneering solutions that will help the Kingdom distinguish itself as the tech capital of the region.”

The perpetuality of cyberattacks is also shedding light on the “haunting effect” data breaches are having on businesses, with the IBM report finding 83% of studied organizations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.

The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.

Some of the key global findings in the 2022 IBM report include:

  • Critical Infrastructure Lags in Zero Trust – Almost 80% of critical infrastructure organizations studied don’t adopt zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28% breaches amongst these organizations were ransomware or destructive attacks.
  • It Doesn’t Pay to Pay – Ransomware victims in the study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.
  • Security Immaturity in Clouds – Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments. 
  • Security AI and Automation Leads as Multi-Million Dollar Cost Saver – Participating organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.

“Businesses need to put their security defenses on the offense and beat attackers to the punch. It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.” said Charles Henderson, Global Head of IBM Security X-Force. “This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked.”

Over-trusting Critical Infrastructure Organizations 

Concerns over critical infrastructure targeting appear to be increasing globally over the past year, with many governments’ cybersecurity agencies urging vigilance against disruptive attacks. In fact, IBM’s report reveals that ransomware and destructive attacks represented 28% of breaches amongst critical infrastructure organizations studied, highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations. This includes financial services, industrial, transportation and healthcare companies amongst others.

Despite the call for caution, and a year after the Biden Administration issued a cybersecurity executive order that centers around the importance of adopting a zero trust approach to strengthen the nation’s cybersecurity, only 21% of critical infrastructure organizations studied adopt a zero trust security model, according to the report. Add to that, 17% of breaches at critical infrastructure organizations were caused due to a business partner being initially compromised, highlighting the security risks that over-trusting environments pose.

Businesses that Pay the Ransom Aren’t Getting a “Bargain” 

According to the 2022 IBM report, businesses that paid threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay – not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs - all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts and looking at potential federal offenses.

The persistence of ransomware, despite significant global efforts to impede it, is fueled by the industrialization of cybercrime. IBM Security X-Force discovered the duration of studied enterprise ransomware attacks shows a drop of 94% over the past three years – from over two months to just under four days. These exponentially shorter attack lifecycles can prompt higher impact attacks, as cybersecurity incident responders are left with very short windows of opportunity to detect and contain attacks. With “time to ransom” dropping to a matter of hours, it's essential that businesses prioritize rigorous testing of incident response (IR) playbooks ahead of time. But the report states that as many as 37% of organizations studied that have incident response plans don’t test them regularly.

Hybrid Cloud Advantage

The report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organizations studied. Averaging $3.8 million in breach costs, businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average respectively. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.

The report highlights that 45% of studied breaches occurred in the cloud, emphasizing the importance of cloud security. However, a significant 43% of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs3 . Businesses studied that did not implement security practices across their cloud environments required an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains. 

Additional findings in the 2022 IBM report include:

  • Phishing Becomes Costliest Breach Cause – While compromised credentials continued to reign as the most common cause of a breach (19%), phishing was the second (16%) and the costliest cause, leading to $4.91 million in average breach costs for responding organizations.
  • Healthcare Breach Costs Hit Double Digits for First Time Ever– For the 12th year in a row, healthcare participants saw the costliest breaches amongst industries with average breach costs in healthcare increasing by nearly $1 million to reach a record high of $10.1 million.
  • Insufficient Security Staffing – Sixty-two percent of studied organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed.

Additional Sources

  • To download a copy of the 2022 Cost of a Data Breach Report, please visit: https://www.ibm.com/security/data-breach. 
  • Read more about the report’s top findings in this IBM Security Intelligence blog.
  • Sign up for the 2022 IBM Security Cost of a Data Breach webinar on Wednesday, August 3, 2022, at 11:00 a.m. ET here.
  • Connect with the IBM Security X-Force team for a personalized review of the findings: https://ibm.biz/book-a-consult.

-Ends-

About IBM Security

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development, and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

Wed, 27 Jul 2022 22:20:00 -0500 en text/html https://www.zawya.com/en/press-release/research-and-studies/ibm-report-middle-eastern-consumers-pay-the-price-as-regional-data-breach-costs-reach-all-time-high-q1wbuec0
Killexams : IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High

60% of breached businesses raised product prices post-breach; vast majority of critical infrastructure lagging in zero trust adoption; $550,000 in extra costs for insufficiently staffed businesses

CAMBRIDGE, Mass., July 27, 2022 /PRNewswire/ -- IBM (NYSE: IBM) Security today released the annual Cost of a Data Breach Report,1 revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations. With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

60% of breached businesses studied stated they increased the price of their products or services due to the data breach

The perpetuality of cyberattacks is also shedding light on the "haunting effect" data breaches are having on businesses, with the IBM report finding 83% of studied organizations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.

The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.

Some of the key findings in the 2022 IBM report include:

  • Critical Infrastructure Lags in Zero Trust – Almost 80% of critical infrastructure organizations studied don't adopt zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28% of breaches amongst these organizations were ransomware or destructive attacks.

  • It Doesn't Pay to Pay – Ransomware victims in the study that opted to pay threat actors' ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.

  • Security Immaturity in Clouds – Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments.

  • Security AI and Automation Leads as Multi-Million Dollar Cost Saver – Participating organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.

"Businesses need to put their security defenses on the offense and beat attackers to the punch. It's time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases." said Charles Henderson, Global Head of IBM Security X-Force. "This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked."

Over-trusting Critical Infrastructure Organizations
Concerns over critical infrastructure targeting appear to be increasing globally over the past year, with many governments' cybersecurity agencies urging vigilance against disruptive attacks. In fact, IBM's report reveals that ransomware and destructive attacks represented 28% of breaches amongst critical infrastructure organizations studied, highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations. This includes financial services, industrial, transportation and healthcare companies amongst others.

Despite the call for caution, and a year after the Biden Administration issued a cybersecurity executive order that centers around the importance of adopting a zero trust approach to strengthen the nation's cybersecurity, only 21% of critical infrastructure organizations studied adopt a zero trust security model, according to the report. Add to that, 17% of breaches at critical infrastructure organizations were caused due to a business partner being initially compromised, highlighting the security risks that over-trusting environments pose.

Businesses that Pay the Ransom Aren't Getting a "Bargain"
According to the 2022 IBM report, businesses that paid threat actors' ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay – not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs - all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts and looking at potential federal offenses.

The persistence of ransomware, despite significant global efforts to impede it, is fueled by the industrialization of cybercrime. IBM Security X-Force discovered the duration of studied enterprise ransomware attacks shows a drop of 94% over the past three years – from over two months to just under four days. These exponentially shorter attack lifecycles can prompt higher impact attacks, as cybersecurity incident responders are left with very short windows of opportunity to detect and contain attacks. With "time to ransom" dropping to a matter of hours, it's essential that businesses prioritize rigorous testing of incident response (IR) playbooks ahead of time. But the report states that as many as 37% of organizations studied that have incident response plans don't test them regularly.

Hybrid Cloud Advantage
The report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organizations studied. Averaging $3.8 million in breach costs, businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average respectively. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.

The report highlights that 45% of studied breaches occurred in the cloud, emphasizing the importance of cloud security. However, a significant 43% of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs2. Businesses studied that did not implement security practices across their cloud environments required an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains.

Additional findings in the 2022 IBM report include:

  • Phishing Becomes Costliest Breach Cause – While compromised credentials continued to reign as the most common cause of a breach (19%), phishing was the second (16%) and the costliest cause, leading to $4.91 million in average breach costs for responding organizations.

  • Healthcare Breach Costs Hit Double Digits for First Time Ever– For the 12th year in a row, healthcare participants saw the costliest breaches amongst industries with average breach costs in healthcare increasing by nearly $1 million to reach a record high of $10.1 million.

  • Insufficient Security Staffing – Sixty-two percent of studied organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed.

Additional Sources

  • To download a copy of the 2022 Cost of a Data Breach Report, please visit: https://www.ibm.com/security/data-breach.

  • Read more about the report's top findings in this IBM Security Intelligence blog.

  • Sign up for the 2022 IBM Security Cost of a Data Breach webinar on Wednesday, August 3, 2022, at 11:00 a.m. ET here.

  • Connect with the IBM Security X-Force team for a personalized review of the findings: https://ibm.biz/book-a-consult.

About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development, and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

Press Contact:

IBM Security Communications
Georgia Prassinos
gprassinos@ibm.com

1 Cost of a Data Breach Report 2022, conducted by Ponemon Institute, sponsored, and analyzed by IBM
2 Average cost of $4.53M, compared to average cost $3.87 million at participating organizations with mature-stage cloud security practices

IBM Corporation logo. (PRNewsfoto/IBM)

Cision

View original content to download multimedia:https://www.prnewswire.com/news-releases/ibm-report-consumers-pay-the-price-as-data-breach-costs-reach-all-time-high-301592749.html

SOURCE IBM

Tue, 26 Jul 2022 20:36:00 -0500 en-US text/html https://finance.yahoo.com/news/ibm-report-consumers-pay-price-040100294.html
P2170-749 exam dump and training guide direct download
Training Exams List