Description of the Problem
Following the integration of technology such as the hybrid-cloud system, artificial intelligence, augmented reality, API platforms, blockchain, and robotic process automation into company operations, the organization’s susceptibility to cybersecurity threats, particularly cyberattacks, has increased significantly. Significant gaps exist in intelligence or knowledge related to the aforementioned risks and accuracy in ascertaining the threats. Therefore, this underscores the need for implementing a current innovative approach that aims to facilitate the analysis of crucial vulnerabilities by offering trustworthy and up-to-date information and actionable feedback. Cyberattack relates to the deliberate or intentional manipulation of networks, computer systems, and technology-dependent businesses (Thompson & Dawson, 2018). It involves using malicious or pernicious codes to permute computer data, logic, or code; this act results in disruptive impacts that could compromise information and trigger cybercrimes, including identity and information theft.
The incidence of cyberattacks continues to increase rapidly in both ferocity and numbers in the U.S. and globally. According to Fruhlinger (2020), a hack attack is usually initiated every thirty-nine seconds, and forty-three percent of these cases target small organizations. The average costs associated with data contraventions globally amount to 3.9 billion USD across small and midsize businesses (SMBs). The U.S. FBI disclosed a three-hundred percent surge in reported cybercrimes since the outbreak of COVID-19 (Milkovich, 2020). Some of the stakeholders likely to be affected by this issue include the firm’s consumers, the community at large, employees, suppliers, and the management unit.
From the above statistics, it is evident that cyberattack is a crucial issue that needs to be addressed. Therefore, to safeguard vital information, including the company and consumers’ data, reputation, and ensure compliance, the organization should employ a cybersecurity approach, for instance, IBM QRadar Advisor and Watson. This technology is capable of automating regular SOC tasks and uncovering commonalities during investigations and offering practicable or applicable feedback to IT analysts, thereby improving efficiency.
Description of the Proposed Innovation and How it Addresses the Issue
As indicated earlier, there has been a significant surge in the incidence of cyberattacks and their associated threats. According to Aboelfotoh and Hikal (2018), security analysts typically feel the pressure of deficient cybersecurity expertise and work-related fatigue. They are usually incapable of managing extensive volumes of insights daily. This consequently leaves enterprises susceptible to unaddressed security risks. Cyberattacks have the potential to damage or disrupt a firm’s financial success, business operations, as well as its reputation (Boehm et al., 2020). To resolve this issue effectively, organizations require applicable and current data from their security infrastructure and external sources. Companies also need to complement their decision-making with other IT firms to acquire greater confidence in evaluating security-related incidents. Furthermore, IT teams should improve their cybersecurity risks’ responsiveness.
IBM QRadar Advisor and Watson is a platform delivered by the International Business Machine (IBM) Cooperation, which integrates cognitive (A.I) technologies into the SOC (security operations center). This invention fosters security analysts’ capacities to fill intelligence gaps and execute functions with accuracy and speed. It also plays a crucial role in expanding specialists’ cognizance of criminal deportments and provides a platform for them to increase their knowledge of security response operations within a company (“Built with AI,” n.d.). This hi-tech security approach facilitates the automation of regular SOC functions and the discovery of commonalities during investigations and offers practicable feedback to security experts. This, in turn, enhances their ability to focus on the crucial elements of a probe and fosters their efficiency during practice.
How the Innovation Will Meet the needs of the Organization
The proposed innovation will address the needs of the company by improving the cybersecurity analysis and reinforcement process through the following strategies:
- Aligning attacks or threats to the MITRE ATT&CK sequence: This approach involves the utilization of every attack advancement’s confidence level (“Built with AI,” n.d.). It would enhance the analysts’ capacity to justify the risk, envision the methodology involved in the attack’s occurrence and progression, and reveal the tactics that could further enhance this incidence.
- Providing Watson response by utilizing feeds from external risk intel. Here, the technology applies cognitive judgment to distinguish the probable threat and link the identified risk entities connected to the initial incident, including dubious I.P. addresses and malefic files to establish a correlation among them. The company’s specialists will be required to exploit Watson for Cyber Security to administer or implement unorganized external information such as forums, websites, and risk intelligence feeds.
- Facilitating the process of generating the priority listing of probes with significant threats: The innovation facilitates the identification of inquiries with substantial risks, performing several inspections simultaneously, and the filtering and sorting of data to comprehend the focus of the mitigation effort promptly.
- Providing an educational loop for analysts to enhance a more conclusive escalation procedure: The innovation typically evaluates the consumer’s local surroundings and offers recommendations regarding the new probes that must be increased rapidly to help the specialists with navigating decisive and swift escalations.
- Conducting cross-inspection analytics: The technology facilitates the automatic linkage of probes through interrelated cases, minimizing effort replication and widening the inquiry beyond the recently discovered alert and incident.
- Adjusting the workplace environment proactively for improved security. This technology allows the organization to ascertain the need for modifying the security unit further in instances where duplicate probes are caused by similar events.
- Enhancing cloud security and privacy: Through the use of IBM Cloud provisions, the organization will be able to scale and adjust to the evolving business needs rapidly without compromising risk, confidentiality, and security levels.
Stakeholders Involved
- The stakeholders involved in this innovation strategy include.
- Risk manager.
- Board of directors and the chief executive officer.
- Chief information security officer.
- Chief financial officer (CFO).
- Compliance officer.
- Employees.
- Suppliers and consumers.
The Contributions of Innovations to the Competitive Advantage of the Company
Firstly, the proposed cybersecurity approach will be effective in minimizing the fines and risks associated with compliance. Statutes such as PIPEDA, GDPR, and the HIPAA typically impact how organizations execute their business activities, and their associated fines can be significant (Maddison, 2019). Given that our business has expanded to both Canada and the U.K, the penalties associated which non-adherence to the aforementioned legislations are applicable. Furthermore, both EU and Canadian citizens are safeguarded by these regulations even when outside these nations.
Secondly, it will be instrumental in reducing non-essential costs related to cybercrimes. According to Maddison (2019), the average expense of a single data violation amounts to approximately $3.6 million. Investing in the appropriate technology can help decrease these costs and enhance its competitiveness in the marketplace. Thirdly, venturing into cybersecurity will play a crucial role in safeguarding the firm’s brand. Allowing malefic hackers or entities to gain access to an enterprise’s data can impact customer loyalty and the brand’s reputation negatively. This approach will be crucial in minimizing security risks and increasing the client’s loyalty to the brand as well as the firm’s image (“Cybersecurity for small business,” n.d.). Lastly, this innovation will be crucial in delivering the value proposition to the company’s clients. Although consumers may be incapable of keeping pace with the ever-changing cybersecurity world, they expect this concept to be a built-in element of a firm’s operations. This proactive security measure will help streamline consumer experiences and deliver actual value to them.
Implementation Plan
- Identify the need for innovation and align it with the goals of the business. This phase will incorporate distinguishing resources, and personnel deemed crucial in facilitating the process and overseeing the upgrade process.
- Present the proposed technology to the relevant stakeholders, including the upper management, who will direct and fund the procedure, champions of the change, and employees to ensure a high “buy-in” level.
- Develop an effective schedule for the change implementation process in the organization. The primary activities under this phase include 1. Prioritizing the company’s data assets and procedures. 2. Distinguishing and prioritizing risks. 3. Apply essential security measures and controls related to IBM QRadar Advisor and Watson across the firm’s major assets. 4. Develop a roadmap for security improvement and monitoring.
- Establish an appropriate communication approach that incorporates a timeline for the change procedure, channels of communication, key messages, and the mediums used to converse with all stakeholders.
- Provide proper training to the workforce, including I.T specialists and security analysts. The organization will adopt a blended coaching strategy that incorporates on-the-job mentoring and training, vis-à-vis coaching sessions.
- Create a support structure to help employees adjust to the modification practically and emotionally and develop technical proficiencies and behaviors needed to attain the desired outcome.
- Implement the proposed change, evaluate, and monitor its progress regularly.
Resistance and inadvertent obstacles are typical occurrences during the change management process. To effectively address these issues, the company will distinguish its primary trigger, involve the top management during the entire procedure, and ensure the effective dissemination of information. Furthermore, the organization will leverage the appropriate technologies in the implementation, communication, and training process and promote teamwork and collaboration by involving all workers in the process.
Measurement Approach
To effectively measure the impact of the proposed cybersecurity approach, IBM QRadar Advisor and Watson will adopt key performance indicators (KPIs). The company will define or elucidate its technology security requirements, agree on the most appropriate technical measures or KPIs associated with the probable risks, and compute the innovation’s efficacy against the established KPIs. Metrics deemed essential in determining the technology’s efficiency include defects uncovered, interfaces, data transference, response time, and updates and patching (“How to measure the effectiveness,” 2017). The selected measurement strategy is significant and relevant because it will enhance the firm’s capacity to monitor its security health, quantify progress through time, implement the necessary adjustments, and evaluate patterns over time.
Recommendations
First, the organization should ensure the routine training of its security and IT specialists. According to Thompson and Dawson (2018), ongoing employee coaching is a crucial element that fosters the efficacy of cybersecurity. The firm should develop clear policies that address the gaps and drawbacks discovered during the evaluation process. Second, the enterprise should regularly update its systems; this involves automatically upgrading software regularly, developing a new firewall, or ameliorating hardware security. The continuous updating and monitoring of the adopted technology will aid in improving cybersecurity efficiency. Third, continual assessment of elements such as employee education, specialists’ responses to online scams, the accuracy, and the period spent on these responses should be initiated regularly. Analysts should evaluate and record recovery times following the occurrence of an incident and compute cybersecurity efficiency by determining the period spent between risk detection and threat mitigation. They should also discover an objective methodology for quantifying recovery time.
References
Aboelfotoh, S. F., & Hikal, N. A. (2019). A review of cyber-security measuring and assessment methods for modern enterprises. International Journal of Informatics Visualization, 3(2), 157–176. Web.
Boehm, J., Kaplan, J. M., Merrath, P., Poppensieker, T., & Stahle, T. (2020). Enhanced cyberrisk reporting: Opening doors to risk-based cybersecurity. McKinsey & Company. Web.
Built with AI for the front-line security analyst (n.d.) IBM. Web.
Cybersecurity for small business (n.d.). Federal Communications Commission. Web.
Fruhlinger, J. (2020). Top cybersecurity facts, figures and statistics for 2020. CSO. Web.
How to measure the effectiveness of your cybersecurity program (2017). Iden Hous. Web.
Maddison, M., (2019). Four cybersecurity strategies to score competitive advantages. Cyber Security Executive. Web.
Milkovich, D., (2020). 15 alarming cyber security facts and stats. Cybint. Web.
Thompson, R., & Dawson, J. (2018). The future cybersecurity workforce: Going beyond technical skills for successful cyber performance. Frontiers in Psychology, 9, 744. Web.