Building cyber resilience needs skills, AI

By Tracy Burrows, ITWeb contributor.
Johannesburg, 06 Jun 2023
Wayne Olsen, managing executive, cyber security at BCX.
Wayne Olsen, managing executive, cyber security at BCX.

Artificial intelligence and a more cohesive effort to close the cyber security skills gap could help organisations build cyber resilience in the face of growing cyber risk.

This is according to speakers addressing day one of the ITWeb Security Summit 2023 in Sandton today.

Wayne Olsen, managing executive, cyber security at BCX, noted: “Security is the cornerstone of business resilience and agility. However, the human firewall is failing.”

Olsen said employees should not be punished for failures, but should instead be educated and supported to improve the human firewall. He highlighted a skills gap of up to 800 000 cyber security professionals in Africa, urging the sector to do more to upskill and train young cyber security specialists.

However, even with renewed efforts to close the skills gap, cyber security professionals are under pressure, he said. “Because of the lack of skills, we are relying heavily on AI. Our Security Operations Centre at BCX processes billions of attacks daily, and without the use of AI, we wouldn’t have the ability to interpret that data. It’s becoming more and more relevant.”

Time is of the essence

Haider Pasha, chief security officer, EMEA and LATAM at Palo Alto Networks, said some of the top challenges in terms of business risk in South Africa are critical infrastructure failing, followed closely by cyber incidents and business disruption.

“In terms of the general cyber security landscape, the number of cyber security vendors will continue to increase.”

He said thousands of start-ups had entered the sector with niche solutions for CISOs to consider.

“We are finding that the average number of cyber security tools in use continues to increase. We’re finding an average of 32 in organisations today.

“What’s worrying, and the reason we need to think about cyber resilience more, is that cyber resilience is defined by how quickly you can detect when you are under attack, and how quickly you can recover and adapt.

“Numbers like four days to investigate and 200 days of dwell time don’t bode well for any of us.”

Pasha said organisations need a proper cyber security strategy, dedicated policies, appropriate processes and a mature security culture as their first steps towards cyber resilience, with technology coming last.

“When it comes to AI technology, a lot of what we see now is artificial narrow intelligence (ANI) designed to focus on a particular task. This is generally where ChatGPT comes in and why AI becomes sexy all of a sudden.

“We are not there yet when it comes to artificial general intelligence, or anywhere close to artificial super intelligence – when the machine behaves and feels like a proper human being. Machine learning becomes a subset of ANI.

“We are building tools that use machine learning and ANI to reason, and support decisions on further action. But to be successful, ANI needs unbiased, good quality data.

“In my opinion, AI is no longer optional.” He added that AI supported security operations in areas such as allowing SOC analysts to go through thousands of records.

“AI also enables rapid incident response and forensic analysis, helps organisations in areas such as understanding user behaviour to identify risks, and helps consolidate vendors to reduce the number of tools in use.”

Pasha noted Palo Alto Networks had been successfully using AI for some years. “AI is important in areas such as preventing threats inline, using deep learning and machine learning models for real-time detection of evasive and unknown threats.

“This is important because we’re finding that it is becoming more and more difficult to detect malware in certain areas. For example, smart malware is aware that it’s inside a sandbox, so it won’t execute while it’s there, and remains hidden. In our own firewalls, we switch on advanced WildFire inline with machine learning inside our firewalls.”

WildFire analyses and detects malicious files in real-time and inline with the traffic. “We’re seeing such great data from this – on average around 750 million new and unique events, detecting around 1.5 million Zero Day attacks and blocking roughly 8.6 billion attacks on a daily basis just on the endpoint security side alone.”