By SEJUTI DAS
Cyberattacks on the likes of several tech giants have brought to the fore the challenge of bridging the skills gap in the cybersecurity space in India. And, artificial intelligence being the latest buzzword of the tech industry, is being touted as one of the key solutions to the cybersecurity skills gap.
According to a report, it is estimated that there will be 3.5 million unfilled cybersecurity jobs globally by the year 2021. And therefore, companies are struggling to find adequate qualified people to assist in creating an intelligent cybersecurity framework. The challenge has become apparent in the last five to ten years with a sharp increase in cyberattacks, all the way from ransomware to zero-day malware to now sneaky crypto-mining attacks.
So, do you think artificial intelligence can be the cure to all our cybersecurity problems, or will it make the skills gap even worse with the changing landscape?
Will AI Solve Cybersecurity Ailments?
During a threat landscape, businesses need to be on their best security game. Therefore, an effective way to improve the security operation of a business is to harness the power of artificial intelligence for streamlining the identification, analysis, investigation, and prioritisation of security alerts.
In addition to streamlining crucial aspects of the cybersecurity process, AI can also help organisations by being the key tool for security professionals, which can then be applied directly to the application process. Through the use of AI and analytics techniques, businesses can create supervised learning, graph analytics, and reasoning processes, along with leveraging the power of AI to automate the data-mining process. AI-based tools can also reduce the number of manual error and identify threat actors, along with benefits such as the constant monitoring of an organisation’s network, which significantly reduces the risk of silent attacks such as cryptojacking.
Furthermore, the inclusion of AI within an organisation’s cybersecurity infrastructure is the perfect way to encourage employees and business leaders to take a more proactive approach, rather than the more traditional reactionary approach, where a security staff works on detecting and mediating threats before they escalate.
As companies are struggling with the growing array of cyber threats, be it internal or external, artificial intelligence and machine learning are believed to be playing significant roles in bridging the workforce gap. But, the main question will always remain to what extent machines can support as well as enhance the cybersecurity department of an organisation? And, if it is successful, then will it negate the need for human intervention?
According to a report, the impact of cyber attacks on businesses could reach $6 trillion by 2021. Apart from the financial loss, high profile data breaches can also create a privacy concern; in some cases, people’s lives and reputations are also at risk.
So, to fill the skills gap, businesses can involve artificial intelligence in their workforce, which will not supplant people, instead will offer employees with a combination of man and machine, in order to enhance their performance. The beauty of AI is that it takes up tasks, which are minimal and requires repetition, which in turn will leave the employees to focus on the bigger picture.
In this article, we are going to talk about a few ways where artificial intelligence can help.
Bridging Cybersecurity Technology Gaps In The Organisation
Businesses, nowadays, are constantly looking at adopting modern technologies that enable growth. However, the fact is, these modern technologies don’t have basic inbuilt security features, and therefore can create problems during early adoption. Artificial intelligence can provide contextualised security, which enhances the built-in security in niche products of the organisation. The cybersecurity team can leverage artificial intelligence to build adequate monitoring capabilities using the context of the solution deployed.
Artificial intelligence can also help in creating multiple real-time monitoring and reporting capabilities, where the technology will be integrated with the enterprise ecosystem to provide real-time alerts when data is uploaded or downloaded from cloud storage, or for that matter when any action has been taken using a different environment. It will also help the organisation to keep a real-time check on its employees accessing business data.
Build Next-Gen Security Teams
Due to the huge volume and variety of data and intelligence, producing actionable insights becomes a humongous effort for security analysts. AI technology, on the other hand, can assist employees with their menial tasks such as gathering data, performing initial impact assessment of the intelligence by factoring in the enterprise landscape and then mapping the intelligence for action. AI plays the first and second responder roles and helps the security analysts with the required information for decision-making.
Establish A Security Culture
According to a report, 43% of cyber attacks begin with a social engineering attack, which proves that employees are the weakest link in the security chain. To resolve this issue, enterprises confront this challenge by raising awareness amongst employees via emails, posters and mandatory training.
A successfully defended security threat by using the right technology can be a huge success for the security team. Attackers will try to attack them again with enhanced customised attacks to circumvent the controls, which, in turn, puts employees as the last line of defence to detect the threat. AI, on the other hand, can deliver continuous lessons for enterprise users. It will enable customised cybersecurity learning experience, which will be focused on the user based on their behaviour, contextualised to the user, enabling insights into attack type and the focus of the attack.
AI has the inbuilt capability to learn and provide custom training to users. It sensitises employees on security by visualising the security posture of the systems used by employees via scoring.
Handle Repetitive Tasks
As anywhere, anytime and any device access increases, the attack surface also grows exponentially. This generates additional security events, forcing the enterprise to deploy additional resources for triaging, analysis, reporting and mitigation. A large volume of events at the Security Operations Center is commodity malware infections.
AI technology can identify the class of malware and its criticality. Based on the infection observed, AI can intelligently build contextualised remediation steps for the user as self-help. This way, a sizable chunk of the manual process is hyper-automated using AI.
Bridge Human & Machine Context Gap in Cybersecurity
Today, the problem is complex and involves human actions and the surrounding environment (location, device, user privilege and role). A properly designed and deployed AI can observe, learn and add the required context to the event, providing accurate information for analysis. This would ensure the incident is escalated for further analysis if the AI added context raises a red flag.
For instance: A laptop loss is reported stolen, the security and IT team are notified — this could be a regular incident in many organisations. AI can contextualise this event with information: does it belong to a senior executive, sales, or an R&D employee? Is the laptop HDD encrypted? Another instance: A large firewall denies the event, the security team is notified: a typical analysis will lead to the identification of the end system trying to connect. AI can contextualise the event with malicious traffic, malware infection history, and server sensitivity.
Continuous Monitoring & Reporting
Data and privacy regulations have become high priority action areas for management. Enterprises are mandated to define, implement and continuously monitor the effectiveness of the controls, and report compliance to the competent authorities. Companies have dedicated in-house staff or have outsourced compliance management, leading to a significant increase in the cost of security.
AI is an efficient and cost-effective way to achieve compliance. AI can continuously monitor all the deployed controls and alert compliance in case of irregularities. After attaining a mature stage, AI can be trained for auto-remediation, so that the control status is automatically reinstated.
A set of AI-based bots can provide a comprehensive security framework for the enterprise, which is believed to be sufficient to counter advanced cyber-attacks and enhance the overall security position of the enterprise.