The introduction of cloud, IoT and digital transformation is increasing the attack vector. Security professionals need to expand the security coverage to protect hybrid cloud, SaaS and now Microservices and Function as a Service. The attackers are getting empowered by advancement in technologies like Artificial Intelligence and machine learning to automate the repetitive task like scanning targets and keep them free to plan subtle targeted attacks which are more successful or designing attacks that can impact at a large scale, we witnessed the WannaCry attack in 2017
The cybersecurity skilled resources gap is getting increased every year, as per (ISC)2 by 2022 the resource gap will be 1.8 million. To reduce the skill gap, technology companies are automating the repetitive process with the help of Artificial Intelligence and Machine Learning.
The automation is going to take away most of the repetitive jobs, the jobs which we call Level 1 and to some extent level, 2 jobs and I think this will be the opportunity for the security professionals to upgrade their skill to the higher level.
When I read or listen to the conversations about Automation, especially from the IT folks they say Automation is going to be out of control, and this reminds me the Gary Kasparov, after losing the game with computer he made a statement saying that I am not amazed by the power of computer rather I am more pleased with the people who trained the computer.
As we all know security is not one fit for all, it needs to be crafted as per organization specific requirements, the tools enabled with AI and Machine learning needs to train. The trainers who will be training these tools, this new category of jobs will be available for the security professionals. Security professional needs to be get trained themselves on these latest technologies.
CISOs should not wholly rely on the automation to mitigate the high business inpact security breach.
Let me tell you the story of a paper pin factory, this is the year 2050, ABC paper pin manufacturing organizations board meeting is going on and as a result of this meeting, they decided to increase the productivity of the factory. This factory is fully automatic and run by the robots. The instructions to the robot in charge were given to increase the productivity. The robot asked for the authority and permission to make its own decisions to increase productivity. Permission was granted. What are the results …. The robot very soon utilized all the resources in factory, town and started impacting the country … the owners of the factory were not able to stop the process as the factory is working on increased productivity. Soon entire earth was full of paper pins and robots were getting raw material from other planets… of course this exaggerated story … So, what went wrong?
The human brain has the capability to understand instructions which are not explicit, they know what is mean by the increase in productivity and where to stop. The machine needs very specific instructions like 10% increase in current production.
The Security decision makers need to validate the action plan before it will be executed by automation. This process will be much more efficient than current process as the machines will be able to create the integrated view of incident across all the areas that will be impacted directly or indirectly, these inputs will be utilized for the faster containment, mitigation and recovery.
The technology vendors will need resources with security analytics background to provides inputs to write the algorithms. Hence security resources need to learn these new technologies either to train the algorithms and test these tools for the flaws.
Assessments, Auditing and Validation of the security automation tools is going to be the most important step. The way the Artificial Intelligence and machine learning will be available to security resources so it will be available to hackers. Instead of hacking directly into the organization data hackers will compromise the automated security protections for the data breach. And this why it will rather more important to perform these tools assessments form the effectiveness and integrity point of view
The security resources will be playing the bigger role in risk assessment and mitigation validation, resources need to upgrade themselves to understand business priorities and impact.
The message to security professionals is “ride the tide of Artificial Intelligence and Machine Learning”
The way entire security landscape is changing, regulatory requirements are becoming stringent with a penalty attached to noncompliance, the roles like Compliance Officer will emerge. GDPR is already mandating to have Data Protection Officer (DPO). Because of the digital transformation and priority given to the cyber risk new roles like Digital Risk Officer (DRO) and chief digital security officer (CDSO) will be emerging and these roles will report to the CSO or CISO who will have broader mission of security including the engineering protection of IoT, OT, physical security etc.