IBM's DC Facility Prepares Teams for Cyber Threats

By Greg Tavarez, TMCnet Editor  |  March 22, 2024

A report by IBM Security reveals a concerning trend - the global average cost of a data breach has reached a staggering $4.45 million in 2023, a 15% increase over the past three years. 

The study also highlights a troubling regional disparity, with the U.S. leading the pack in terms of breach costs. While specific figures for the U.S. are not provided, the report suggests that American organizations face a steeper financial burden compared to other parts of the world when data breaches occur.

However, the report also offers a beacon of hope. Organizations that had established an incident response team and actively tested their IR plan fared better. These proactive measures led to swifter containment of breaches and lower overall costs. The study found that robust IR planning and testing saved organizations an average of nearly $1.5 million and reduced the data breach lifecycle by 54 days.

This translates to real-world benefits. Faster response times mean less time for attackers to exploit compromised systems and steal sensitive data. Additionally, quicker containment minimizes the potential damage and reduces the need for costly remediation efforts.

So, in a recent move to help everyone from legal and mission-critical leaders to the C-Suite and technical security leaders prepare for a real-world cyber incident, IBM (News - Alert) opened the new IBM X-Force Cyber Range in Washington, D.C. The range includes new custom training exercises specifically designed to help U.S. federal agencies, their suppliers and critical infrastructure organizations more effectively respond to persistent and disruptive cyber attacks and threats posed by AI.

The training environment allows participants to confront real-world challenges they might encounter during a cyber attack, including communication breakdowns between teams, resource limitations, and navigating new U.S. Securities and Exchange Commission incident reporting requirements.

Beyond government agencies and critical infrastructure providers, businesses from all sectors can participate in the training. Simulated exercises include Mission: Crisis Response, Business Response Challenge, Cyber Wargame and Inside the Mind of a Hacker.

Mission: Crisis Response, tailored for federal agencies, tests and refines response plans by exposing vulnerabilities in a safe environment. Participants learn best practices based on industry standards and real-world cases. The exercise is aligned with the CISA Cybersecurity Incident and Vulnerability Response Playbook, developed in accordance with Executive Order 14028.

Business Response Challenge, a private-sector version of the Crisis Response scenario, is customized to specific industries and security concerns faced by participating companies.

In Cyber Wargame, participants confront a simulated cyber attack led by a fictional criminal organization. This hands-on exercise tests an organization's incident response process, communication and problem-solving skills. Technical and business teams work together to address the simulated crisis and ensure their IR plans and processes remain effective against evolving threats.

Inside the Mind of a Hacker provides participants with a glimpse into the tactics and tools employed by modern cybercriminals. Utilizing insights gleaned from X-Force threat intelligence, the training helps participants stay informed and adapt to the latest cyber threats.

"Cyber attacks on government and critical infrastructure can have ramifications that go far beyond the balance sheet," said Alice Fakir, Partner, Lead of Cybersecurity Services, U.S. Federal Market for IBM Consulting. "The elite and highly customizable cyber response training we provide at our new D.C. range helps organizations and federal agencies better defend against existing and emerging threats and also addresses federal mandates like those in the Biden Administration's Executive Order 14028 focused on improving the nation's cybersecurity."

By participating in the training, organizations gain more knowledge and expertise into how to identify and address vulnerabilities in their cyber response plans, which improves their preparedness and resilience against real-world cyber attacks.

Get stories like this delivered straight to your inbox. [Free eNews Subscription]