We constantly hear about skills shortages in cyber security. This trend is problematic given the rise in cyber crime activity, and the number of threat actors who are using sophisticated techniques to gain access to even the most secure businesses and government institutions.
When you look at the current state of play, the bad guys seem to winning far more than we are, says Jayson O'Reilly, general manager at Atvance Intellect Cybersecurity.
This scenario demands that we start looking to technology and exploring the role of technologies such as artificial intelligence (AI) and machine learning (ML) can play in identifying vulnerabilities and detecting anomalies.
Speaking during an afternoon slot at the Cape Town leg of ITWeb’s annual Security Summit, O'Reilly highlighted that businesses need to think about embedding advanced technologies into their cyber defence to augment and assist their cyber security teams.
“While people are an important piece of the cyber security puzzle, they can’t do this alone. Especially in situations where a company might not have an extensive team of cyber security experts at their disposal.”
If it quacks like a duck
It’s about recognising anomalies, continued O'Reilly. “We’re looking for that needle in the haystack and, without the right technology to help us, finding this needle can be very, very difficult.”
He did, however, stress that identifying these anomalies and making sense of them only happens when you understand the context.
This, said O’Reilly, can be achieved via a supervised approach, which utilises advanced technologies but brings people into the equation to provide the right context and to deliver a more accurate picture of what is actually happening on the ground. What does this mean?
Well, explained O'Reilly, the analogy they often use is: if it walks like a duck and quacks like a duck, it’s a duck. But if it walks like a duck and barks like a dog, it’s definitely not a duck.
This approach works most of the time but the more technology we bring into our businesses, the more noise we make. In fact, we are producing more noise than ever before and this can hinder anomaly detection and prevent us from separating the ducks from the dogs.
Gaining resilience
If we want to become more resilient than we are today, and if we are to defend our businesses against threats, we need to start bringing some level of machine capability into our businesses, outlined O'Reilly.
“Humans can’t operate at machine speeds. And I mean no disrespect in saying this but you need to know this because your adversaries know this and they’re taking advantage of it. This is why they are winning.”
O'Reilly sat down with ITWeb after his presentation to stress that simply throwing technology at a problem isn’t the answer.
If you deploy technology, it’ll only do what it’s programmed to do. For example, if the infrastructure that sits underneath the technology isn’t built correctly, it’s inevitable that you’re going to hit problems down the line.
“Throwing great technology at a problem will help but it will only take you 60% of the way.” Changing business culture, improving institutional behaviour and giving the chief information security officer (CISO) a seat at the table are essential complements to technology.
People provide context
According to O'Reilly, there will always be people involved. Not only do they provide the context needed for accurate incident detection, they also showcase to the board what the landscape looks like, where the threats lie and what cyber teams are doing to safeguard the business against some very real risks.
“Most organisations want someone to paint a picture of what is happening in their specific field; showcasing how all of this is affecting businesses that look and operate like them,” he concluded, adding that this is where the human touch comes in.
“It’s the people who will help business understand how bad things are in their world. With business context, the threats feel more real and this drives us to apply the relevant mechanisms to prevent an attack.”
Share