IBM BISO John Wheeler: Achieving Secure Network Resilience Under Crisis Conditions

The rapid onset of the COVID-19 pandemic has been a stress test of IT readiness and resilience for business enterprises everywhere. Within days, workforces quickly moved out of the office and into their homes, en masse. At IBM, more than 95 percent of its 350,000 worldwide employees were suddenly home-based.

As businesses have scrambled to shift their business models to accommodate many more remote workers than ever anticipated, IT and management teams need to ensure that the transition is safe and secure. “It’s our job to instill focus and calm while maintaining business continuity and staying ahead of the rapidly evolving cyber threat,” John Wheeler, Business Information Security Officer for IBM, said during an April 2  presentation that was part of IBM's Think Leadership live stream series on how companies are responding to the COVID-19 crisis.

As one indicator of the increased cyber threat, Wheeler noted that since February, the world has seen a 4,300% increase in email spam related to the coronavirus. “It’s very easy for attackers to pivot to this situation,” Wheeler said.

Watch a replay of John Wheeler's webinar

At IBM, Wheeler oversees programs for cyber threat detection, incident response, compliance and business continuity. Wheeler has extensive experience working with businesses, governments and institutions around the world designing, deploying and managing their cybersecurity and cyber risk management programs. But it’s safe to say he’s seen nothing like the global IT challenge wrought by the past few weeks.

In conversations with hundreds of clients and network security professionals in recent weeks, as well as queries during his recent livestream, Wheeler has responded to a recurring set of questions.

With all that is going on, what are your top priorities?

Securing the remote workforce across the company is critical. We had to build out capacity in a very short period of time. We can now handle 450,000 remote concurrent connections. At the same time, we have to maintain an extra level of 24/7 security, so that means increased employee awareness and vigilance.

All of the remote users in IBM's environment are required to have registered systems that operate a deployment of IBM technology and security technology. We must ensure that we've got everything covered, whether that’s in the data centers or across cloud providers and services. And we have to be able to shift and support resources as needed. In the event of a security incident, we need remote response and remote forensics, so we can quickly understand and respond.

As we get a few weeks into this, have you noticed any changes in threats?

We’ve seen a pretty significant increase in attacks coming through spam, using interest in COVID- 19 news as a way to cloak those operations and take advantage of individual users working from home. There's just so much info coming at us through news and media, so it’s very easy for a home user to inadvertently click on COVID-19-related email subject that is loaded with malware or may lead them back to a place that will compromise their system.

We’ve also seen increased attacks on remote sharing and collaboration tools. It’s important to make sure that you’re making full use of the native security that is built into those tools, in addition to any systemwide security measures you might implement.

How important is the use of the cloud to ramp up security demands?

Cloud is the way to go right now. We've heavily used the cloud to be able to spin up added capacity. It allows you the flexibility to add capacity without having to worry about the physical logistics and the receipt of technology—all the hard work that goes into the technology to implement it, rack and stack it.

What should we be thinking about organizationally?

We must really focus on bringing together the right cross-functional leaders in the business to make decisions. A COVID-19 command center needs to have representation from all critical operations—sales, client account management, product services, support operations. It needs representatives that can speak to the supply chain and the business-critical applications as well as marketing, communications, HR, legal, finance. All the key parts of the business. They’re needed to jointly make decisions that might need to be made rapidly in real time.

Do you think some industries are better prepared than others right now?

The financial services industry can withstand this because they continually focus on business continuity planning. They’re also more heavily regulated in terms of their disaster recovery and are prepared to absorb the loss of locations or functions.

But a challenge is really coming across healthcare organizations, which are already under a lot of stress. And they are certainly susceptible to ransomware attacks. Governmental IT departments, both at the local and state level, will also have a lot of strain there because so many more people are filing for unemployment. So, you have an increase of demand against those infrastructures and they may have to be ready to withstand increased attack activity.

Educational infrastructures—and that can be everything from K-12 up to universities—may have it rough because of the rapid pivot of going from a mix of people online and in classrooms to everyone online and remote.

How do you see the security landscape changing for the long-term?

This crisis is going to push us to ensure that we have a diversified portfolio of solutions to an extreme situation. We need solutions like cloud and SaaS ready to go, so they can be deployed virtually. We’ll also need to look at the best ways to secure a remote workforce as well, which includes remote command centers, succession planning and dealing with reduced manpower. Planning for resiliency is key. 

→ Visit the IBM News Room's complete coverage of IBM's response to the coronavirus pandemic.

→ See the full lineup of the IBM Think Leadership Livestream series.