July 2021 – Windy Haven Ltd

IBM Report: Cost of a Data Breach Hits Record High During Pandemic

– Data breaches cost surveyed companies $4.24 million per incident on average; highest in 17-year report history

– Adoption of AI, hybrid cloud, and zero trust approach lowered data breach costs

CAMBRIDGE, Mass., July 28, 2021 — IBM Security today announced the results of a global study which found that data breaches now cost surveyed companies $4.24 million per incident on average – the highest cost in the 17-year history of the report. Based on in-depth analysis of real-world data breaches experienced by over 500 organizations, the study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year.

Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organizations moving further into cloud-based activities during the pandemic.¹ The new findings released today suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.

The annual Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analyzed by IBM Security, identified the following trends amongst the organizations studied:

Remote work impact: The rapid shift to remote operations during the pandemic appears to have led to more expensive data breaches. Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.)²

Healthcare breach costs surged: Industries that faced huge operational changes during the pandemic (healthcare, retail, hospitality, and consumer manufacturing/distribution) also experienced a substantial increase in data breach costs year over year. Healthcare breaches cost the most by far, at $9.23 million per incident – a $2 million increase over the previous year.

Compromised credentials led to compromised data: Stolen user credentials were the most common root cause of breaches in the study. At the same time, customer personal data (such as name, email, password) was the most common type of information exposed in data breaches – with 44% of breaches including this type of data. The combination of these factors could cause a spiral effect, with breaches of username/passwords providing attackers with leverage for additional future data breaches.

Modern approaches reduced costs: The adoption of AI, security analytics, and encryption were the top three mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those who did not have significant usage of these tools. For cloud-based data breaches studied, organizations that had implemented a hybrid cloud approach had lower data breach costs ($3.61m) than those who had a primarily public cloud ($4.80m) or primarily private cloud approach ($4.55m).

“Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic,” said Chris McCurdy, Vice President and General Manager, IBM Security. “While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach – which may pay off in reducing the cost of these incidents further down the line.”

Impact of Remote Work and Shift to Cloud on Data Breaches
With society leaning more heavily on digital interactions during the pandemic, companies embraced remote work and cloud as they shifted to accommodate this increasingly online world. The report found that these factors had a significant impact on data breach response. Nearly 20% of organizations studied reported that remote work was a factor in the data breach, and these breaches ended up costing companies $4.96 million (nearly 15% more than the average breach).

Companies in the study that experienced a breach during a cloud migration project had 18.8% higher cost than average. However, the study also found that those who were further along in their overall cloud modernization strategy (“mature” stage) were able to detect and respond to incidents more effectively – 77 days faster on average than those who were in early-stage adoption. Additionally, for cloud-based data breaches studied, companies that had implemented a hybrid cloud approach had lower data breach costs ($3.61m) than those who had a primarily public cloud ($4.80m) or primarily private cloud approach ($4.55m).

Compromised Credentials a Growing Risk
The report also shed light on a growing problem in which consumer data (including credentials) is being compromised in data breaches, which can then be used to propagate further attacks. With 82% of individuals surveyed admitting they reuse passwords across accounts, compromised credentials represent both a leading cause and effect of data breaches, creating a compounding risk for businesses.

Personal Data Exposed: Nearly half (44%) of the breaches analyzed exposed customer personal data, such as name, email, password, or even healthcare data – representing the most common type of breached record in the report.
Customer PII Most Costly: The loss of customer personal identifiable information (PII) was also the most expensive compared to other types of data ($180 per lost or stolen record vs $161 for overall per record average).
Most Common Attack Method: Compromised user credentials were the most common method used as an entry point by attackers, representing 20% of breaches studied.
Longer to Detect & Contain: Breaches resulting from compromised credentials took the longest to detect – taking an average of 250 days to identify (vs. 212 for the average breach.)

Businesses That Modernized Had Lower Breach Costs
While certain IT shifts during the pandemic increased data breach costs, organizations who said they did not implement any digital transformation projects in order to modernize their business operations during the pandemic actually incurred higher data breach costs. The cost of a breach was $750,000 higher than average at organizations that had not undergone any digital transformation due to COVID-19 (16.6% higher than the average).

Companies studied that adopted a zero trust security approach were better positioned to deal with data breaches. This approach operates on the assumption that user identities or the network itself may already be compromised, and instead relies on AI and analytics to continuously validate connections between users, data and resources. Organizations with a mature zero trust strategy had an average data breach cost of $3.28 million – which was $1.76 million lower than those who had not deployed this approach at all.

The report also found that more companies were deploying security automation compared to prior years, leading to significant cost savings. Around 65% of companies surveyed reported they were partially or fully deploying automation within their security environments, compared to 52% two years ago. Those organizations with a “fully deployed” security automation strategy had an average breach cost of $2.90 million – whereas those with no automation experienced more than double that cost at $6.71 million.

Investments in incident response teams and plans also reduced data breach costs amongst those studied. Companies with an incident response team that also tested their incident response plan had an average breach cost of $3.25 million, while those that had neither in place experienced an average cost of $5.71 million (representing a 54.9% difference.)

Additional findings from the 2021 report include:

Time to respond: The average time to detect and contain a data breach was 287 days (212 to detect, 75 to contain) – which is one week longer than the prior year report.
Mega breaches: Average cost of a mega breach was $401 million, for breaches between 50 million and 65 million records.³This is nearly 100x more expensive than the majority of breaches studied in the report (which ranged from 1,000-100,000 records.)
By industry: Data breaches in healthcare were most expensive by industry ($9.23m), followed by the financial sector ($5.72m) and pharmaceuticals ($5.04m). While lower in overall costs, retail, media, hospitality and public sector experienced a large increase in costs vs. the prior year.
By country/region: The US had the most expensive data breaches at $9.05 million per incident, followed by Middle East ($6.93m) and Canada ($5.4m).

Methodology and Additional Data Breach Statistics
The 2021 Cost of a Data Breach Report from IBM Security and Ponemon Institute is based on in-depth analysis of real-world data breaches of 100,000 records or less, experienced by over 500 organizations worldwide between May 2020 and March 2021. The report takes into account hundreds of cost factors involved in data breach incidents, from legal, regulatory and technical activities to loss of brand equity, customers, and employee productivity.

IBM and the University of Tokyo Unveil Japan’s Most Powerful Quantum Computer

An IBM Quantum System One will serve Japan’s growing quantum community in industrial and scientific research

IBM leads the development of a global quantum ecosystem with IBM Quantum System One systems on three continents

TOKYO, July 26, 2021 — IBM and the University of Tokyo today unveiled Japan’s most powerful quantum computer as part of their ongoing collaboration to advance Japan’s exploration of quantum science, business and education.

The IBM Quantum System One is now operational for researchers at both scientific institutions and businesses in Japan, with access administered by the University of Tokyo. The IBM Quantum System One offers users access to repeatable and predictable performance from high-quality qubits and high precision control electronics, with quantum resources tightly coupled with classical processing so that users can securely run algorithms requiring repetition of quantum circuits on the cloud. For more details on the latest advances in IBM’s quantum computation, please go to https://research.ibm.com/blog/120x-quantum-speedup

In 2020, IBM and the University of Tokyo launched the Quantum Innovation Initiative Consortium, with the goal of strategically accelerating quantum computing research and development activities in Japan by bringing together academic talent from across the country’s universities and prominent research associations and large-scale industry. Besides IBM and the University of Tokyo, members include DIC, Hitachi, JSR, Keio University, Mitsubishi Chemical, Mizuho, MUFG, Sony, Sumitomo Mitsui Trust Bank, Toshiba, Toyota, and Yokogawa. The QIIC followed the formation of the Japan-IBM Quantum Partnership by IBM and the University of Tokyo in 2019.

It is the second system to be built outside the United States, following the recent unveiling of an IBM Quantum System One in Germany, administered by Fraunhofer Geselleschaft, Germany’s premier scientific research institution.

“IBM is committed to the growth of the global quantum ecosystem and fostering collaboration between different research communities,” said Dr. Dario Gil, Senior Vice President and Director of IBM Research. “As part of this global effort, I am proud to be unveiling Japan’s most powerful quantum computer and excited to see the contributions to research that will be made by Japan’s world-class academic, private sector and government institutions. Together, we can take major steps to accelerate scientific progress in a variety of fields.”

“In the rapidly changing field of quantum technology, it is extremely important not only to develop quantum technology-related elements and systems, but also to foster the next generation of human resources in order to achieve advanced social implementation on a global scale,” said Teruo Fujii, President of the University of Tokyo. “Our university has a broad base of research talents and has been always promoting high-level quantum education from the undergraduate level. Now, we will further refine the development of the next generation of quantum native skillsets by utilizing IBM Quantum System One.”

In addition to the installation of the IBM Quantum System One devices in Germany and Japan, in the last year IBM has announced recent partnerships with the Cleveland Clinic, the UK’s Science and Technologies Facilities Council and the University of Illinois Urbana-Champaign, all of which include a focus on quantum information science and technology.

IBM is a leader in the business and research and development of quantum computing. Through scientific research, geographic expansion and partnerships with academic, government and private sector players, IBM Quantum is helping advance the industry and develop a skilled quantum workforce worldwide. To learn more about IBM Quantum, visit https://www.ibm.com/quantum-computing/.

Bangalore International Airport Limited Partners with IBM for Digital and IT Transformation

– 10-Year agreement to create an “Airport in a Box” platform, which transforms technology, operations and customer experience

– IBM Hybrid Cloud capabilities, Red Hat Automation and Kyndryl managed infrastructure services to help BIAL improve productivity, automate IT and reduce costs

ARMONK, N.Y. and BENGALURU, India, July 21, 2021 — IBM and Bangalore International Airport Limited — operator of Kempegowda International Airport Bengaluru — today announced a ten-year agreement under which IBM and Kyndryl will provide best of breed IT solutions to create a new “Airport in a Box” platform that will support transforming the end-to-end travel experience for passengers at BLR Airport.

As one of the fastest-growing airports in the world, BLR Airport needed a nimble, scalable and cost-competitive technology and operations environment that can increase its agility and operational flexibility to handle future growth in passenger traffic. To achieve this goal, BIAL has selected IBM Global Business Services, IBM hybrid cloud capabilities and Kyndryl, the new, independent company that will be created following the separation of IBM’s Managed Infrastructure Services business, to design and implement a next generation architecture with robust and dynamic delivery model. One that is highly efficient, secure, and will enable a seamless travel experience for its passengers. The new platform will also enable BIAL to improve employee productivity, better utilization of IT assets, reduce costs through streamlined inventory control and improved incident management.

The state-of-the-art platform IBM is developing to support BIAL’s business growth will be enabled by a comprehensive set of IBM technology and services, enabled by an open hybrid cloud approach from IBM and supported Red Hat Ansible Automation. The platform also will generate AI-powered insights from IBM Maximo enterprise asset management technology to optimize inventory management and total cost of ownership.

IBM and BIAL will work to ensure that the platform supports BIAL’s commitment to sustainability and the community at large. BIAL recently achieved its goal of net energy neutral status in the financial year 2020-21, consuming energy from renewable sources.

Once the platform is fully operational and enhancing the travel experience for millions of airport passengers, IBM and BIAL plan to explore opportunities to advance the “Airport in a Box” platform as a cornerstone of innovation and transformation for the global travel and transportation industry.

“We are excited to partner with IBM as part of our vision to make BLR Airport the Smart Airport– a digitalized, seamlessly connected, intuitive airport,” said Mr. Hari Marar, MD & CEO, BIAL. “BLR Airport is a pioneer and leader of change in the Indian aviation industry. Our aim is to introduce more digitally advanced, innovative services and products at BIAL to ensure that the passengers and partners have the advantage of future forward technologies, in a seamless operating environment,” Mr. Marar added.

“This long-term project capitalizes on our proven ability to deliver a combination of advanced technologies and services that enable the world’s leading travel and transportation companies to innovate and transform their businesses,” said Mark Foster, Senior Vice President, IBM Services and IBM Global Business Services. “IBM Global Business Services and Kyndryl will apply our expertise in hybrid cloud and building business platforms to help BIAL innovate, improve its operational efficiency and deliver exceptional experiences to its growing passenger base.”

IBM works with more than 150 airports globally and has a long history of helping airports, airlines and the aviation industry worldwide to innovate and transform and was named the World’s Leading Airport Travel Technology Provider 2020.

IBM to Acquire Premier Hybrid Cloud Consulting Firm

BoxBoat Boosts Container and Kubernetes Strategy and Implementation Services Capability

ARMONK, N.Y., July 8, 2021 — IBM today announced plans to acquire BoxBoat Technologies, a premier DevOps consultancy and enterprise Kubernetes certified service provider. BoxBoat will extend IBM’s container strategy and implementation services portfolio to further advance IBM’s hybrid cloud strategy and accelerate Red Hat OpenShift adoption globally.

“Our clients require a cloud architecture that allows them to operate across a traditional IT environment, private cloud and public clouds. That’s at the heart of our hybrid cloud approach,” said John Granger, Senior Vice President, Hybrid Cloud Services at IBM. “No cloud modernization project can succeed without a containerization strategy, and BoxBoat is at the forefront of container services innovation.”

Founded in 2016 and headquartered in Bethesda, Maryland, BoxBoat helps clients establish containers and Kubernetes as core enablers for cloud solutions. Its track record of delivering complex cloud consulting projects includes advising many Fortune 100 and government clients on industry best practices, modernizing existing DevOps solutions, and containerizing mission critical workloads.

Reflecting IBM’s strong commitment to clients’ successful journey to cloud, BoxBoat builds on IBM’s ongoing investment in hybrid cloud services and driving growth within the $200 billion cloud professional services market.¹ This news follows IBM’s acquisition of leading cloud services firms – Nordcloud and Taos – which closed in the first quarter of 2021 and significantly expanded IBM’s multicloud transformation, management expertise and capabilities.

Kubernetes and Containers Are Leading Drivers of Digital Transformation
Containers and Kubernetes are two of the leading drivers of enterprise digital transformation. Software application containerization makes life easier for developers by further abstracting computing infrastructure, and adoption of enterprise container platforms is on the rise. By 2025, more than 85 percent of global organizations will be running containerized applications in production, which is a significant increase from fewer than 35 percent in 2019.² At the same time, Kubernetes — open source software for deploying and managing those containers — is rapidly becoming the preferred way to build digital services at scale and across clouds. The StackRox “State of Container and Kubernetes Security” Fall 2020 report found that 91 percent of organizations are leveraging Kubernetes to orchestrate containers, and 75 percent of organizations are actively using Kubernetes in production.

BoxBoat will join IBM Global Business Services’ fast-growing Hybrid Cloud Services business, enhancing IBM’s capacity to meet rising client demand for container strategy and the critical people and process components of the cloud transformation journey. BoxBoat delivers a full suite of services that include customized strategies for Kubernetes and Enterprise Container Platform adoption, application containerization, DevSecOps, training and enablement. BoxBoat guides enterprises on the right tooling, business strategy, workflows and processes to meet their DevOps goals.

“We founded BoxBoat on the idea that containers and DevOps would become an industry standard with the potential to transform enterprise IT with lightning fast application deployment workflows,” said Tim Hohman, CEO and Co-Founder of BoxBoat. “Joining IBM will allow us to realize a shared vision of helping clients innovate by successfully deploying container-based applications on-premise and to the cloud.”

BoxBoat’s team is comprised of highly skilled engineers with an average of nine years of industry experience, active open source contributors, Kubernetes Admins, Kubernetes Application Developers, and automation experts. Their highly skilled workforce holds extensive cloud ecosystem certifications in Amazon Web Services, Docker, GitLab, Google Cloud Platform, Hashicorp, Kubernetes, and Microsoft Azure technologies.

The company also holds partnerships with Amazon Web Services, Microsoft Azure and Google Cloud Platform. BoxBoat was also the first GitLab Certified Professional Services Partner.

The transaction is subject to customary closing conditions. It is expected to close this quarter.

Monthly Archives: July 2021