Earlier this week I was at TEISS hosting a round table session titled “Artificial Intelligence – Fancy maths or a pragmatic answer to cyber security gaps and challenges?”
We explored human, threat, and technical dimensions to the current drivers and role of AI in cybersecurity. Here's a summary of our group's discussion.
The cybersecurity skills shortage
Consensus was quickly found that the security skills and talent gap is alive and well. There was a geographic element highlighted too as we heard that organisations experienced a much smaller talent pool outside of the London and south east UK region. One participant explained that they often see IT generalists applying for security specific roles. Multiple participants shared how they look to hire less experienced candidates who show potential. They then nurture and develop these staff through training and mentoring, with the result of gaining high commitment levels that support staff retention levels. We also heard that it’s tough to find cloud security or network security candidates. One CISO observed that they had found that candidates experienced with securing outsourced multi-tenant datacentres often have adaptable skills for cloud security roles. Want to know more? Read “InfoSec skills shortage: The No. 1 threat to Internet security"
Diversifying threat landscape, rapidly growing attack surface
Whilst the roundtable recognised that cybersecurity is a never-ending task, a common theme emerged around executive and board stakeholder expectations being challenging to manage. The reality that security isn’t a bounded IT problem isn’t always an easy message for security leaders to deliver to their executive body who often expect a one-time fix. Security leaders need to act as trusted advisors and honest brokers as they help executive bodies take a risk based approach to identify a security strategy and investments that blend appropriate people, training, process, and of course technologies. The discussion briefly covered the continued rise in encrypted communications between applications, local or hosted in the cloud. Encryption is a double edge sword – it protects our data but also provides attackers a place to hide. Taking a behavioural approach to threat detection enables us to find threats hidden inside encrypted traffic. Read DPI goes blind as encryption adoption increases to drill down more into this topic. We recognised that the historical norm of having a significantly defensive centric approach to security simply doesn’t work. No defence if perfect, organisations need to accept that a breach of some degree is inevitable, and that they require a more adaptive security architecture that enables rapid detection and response before an active attack becomes a serious breach. To learn more read "What’s an adaptive security architecture and why do you need it?"
We closed the session by examining how automation could help in a world of growing threat complexity and diversity, and lacking in human resource. AI is already capable of reducing the load on overburdened security analysts fighting a tsunami of alerts, trying to figure out which are salient and require intervention. AI, with its relentless focus and ability to process at scale and speed doesn’t replace humans, it augments their capabilities. In the context of cybersecurity, we heard how less experienced staff are now able to perform tier one security operations analyst functions when supported by AI systems that have already detected, scored, prioritised and provided context for attacks. Incident response time, and effectiveness are significantly improved, whilst economic and efficiency gains are realised for human analysts resources. Read "Security automation isn't AI security" to get beyond the hyperbole and understand how AI and Security automation can come together to create real security value.
Thank you to all of our roundtable's participants. The session's talking points can be downloaded here.