AI will not replace human reasoning and decision making, however it can augment the skills of security analysts, allowing them to do their jobs faster, more accurately and efficiently, says Vaidyanathan Iyer, Security Software Leader, IBM India South/Asia.
Where does India stand in terms of AI adoption in security; and where do you see the momentum catching up?
Cybercrime is 21st century’s organised crime. Eighty per cent of cyberattacks are driven by highly organised crime rings in which data, tools and expertise are widely shared. It is estimated that cybercrime will cost the global economy more than $2 trillion by 2021 and represents what could be the greatest threat to every company in the world. The recently released IBM-Ponemon Institute study reveals that nearly 79 per cent of Indian firms do not have a computer security incident response plan (CSIRP) in place that is applied consistently across operations. The threat scenario shows a significant rise in both number and sophistication of breaches in this year’s report, which is alarming as it continues to rise in India.
Moreover, according to a Nasscom, DSCI & PwC Report, the cyber security market has been projected to be $35 billion by 2025; adding a million jobs and a 1,000 start-ups in place. Therefore, there is a massive addressable market for us in India. Today, the implications of a breach span the C-Suite, impacting financials, brand, client loyalty, employee privacy, legal/regulatory issues, etc. Security is now part of active board level issue and discussion.
We believe the adoption of AI within security space is still at a nascent stage, however continues to be an important strategy. IBM is leading the journey towards AI and Intelligent Automation in Cybersecurity. We foresee both being a key priority for not just CISOs but the entire C-Suite in 2019. Enterprises are looking at driving service agility and resilience in their digital business along with data driven security intelligence which can help them be prepared for any unforeseen threats.
How do you look at the concept of digital transformation and where does security piece fits into it?
Companies embrace the digital economy because it allows them to connect with more customers, devices and data than ever before. From a business perspective, this means making decisions quickly based on market opportunity and customer experience, as well as collaboration through the free flow of information. In this new economy, the imperative is to continuously deliver new applications and tighter customer relationships to drive growth — and to do so safely.
The inability to secure the digital transformation process and environment is a deterrent to achieving a successful digital transformation process, which prevents the free flow of information. Other barriers are the lack of in-house expertise and the inability to overcome turf and silo issues, inability to collaborate with supply chain partners, lack of skilled resources and budgets.
Following are the characteristics of organizations that are successful in transitioning to the digital economy.
High-performing organizations have a more mature cybersecurity program and digital transformation process. The higher level of maturity in these organizations indicates the ability to deploy many or most digital transformation activities with the support of a more mature cyber-security program.
Senior management has a greater appreciation for the importance of the role of IT security in the digital transformation process. These organizations have leaders that recognize the inability to secure digital assets reduces trust with customers and consumers.
Information security is more influential in these organizations’ digital transformation strategy. Moreover, these organizations are more likely to have achieved full alignment between Information security and lines of business with respect to achieving security during the digital transformation process.
High-performing organizations are more likely to understand the importance of a strategy that includes protecting, data assets, reducing third-party risk and maintaining customer and consumer trust
How challenges related to the adoption of AI in security such as data complexity, security ethics, and shortage of skills be addressed?
At IBM, we strongly believe that safety, security, and trust in AI systems are critical for driving widespread use of this technology for real business applications. AI is the necessary evolution of the cybersecurity industry to keep up with increasingly sophisticated threats and demands on security analysts. Machines and AI excel at different types of tasks that humans are not well suited for; AI will not replace human reasoning and decision making, however it can augment the skills of human security analysts allowing them to do their jobs faster, more accurately and more efficiently.
IBM advocates for several approaches to help deal with these challenges, including:
Collaborate: As hackers are collaborating on the dark web, the good guys (security professionals spanning both private and public sector) must also improve our methods for collaborating and sharing information on threats (and how to stop them) before they become widely spread.
Utilize Cognitive Security Tools: “Cognitive” security tools which incorporate next-gen, intelligent technologies can help resource strapped security workers stay ahead of threats. For example, Watson for Security has been trained on the language of security. Watson has “read” 2 million cybersecurity documents and can help security analysts parse thousands of natural (human) language research reports that have never before been accessible to modern security tools.
Focus on Response: A slow response to security incidents has a huge impact on the cost and severity of breaches. The industry should begin to place additional focus on “incident response”–having the right team and plans in place to act quickly after being hit by an attack.
Further, we believe, AI can help alleviate some of the effects of the current skills gap facing security teams by making junior analysts more effective. Developing both AI and cybersecurity skillsets will be important for the next generation of security workforce. IBM’s Institute for Business value recently conducted a survey which found that adoption of cognitive security solutions is currently at 7% but is expected to grow three-fold (to 21 per cent) within the next 2-3 years.
Often, it is said, enterprises are failing to follow the standard security hygiene like people awareness, strong passwords, regular patch management, reporting of security breaches, etc. Would you like to add more to the list as a consequence of rapid digitisation?
Today, security is a key strategic discussion during board meetings, and hence the key security trends that are emerging from what the C-suites are discussing with their CISOs or how the regulatory environment is evolving with rapid digitization. Leaders today are focused on understanding if their organization is equipped well to manage any unforeseen risks. Firstly, the CISOs are entrusted responsibilities to constantly evaluate the relative ‘maturity’ of the organizations security controls and also evaluating the progress they are making regularly without waiting for any formal ‘audits’. CISOs understand that this is a journey and are adopting industry standard frameworks as the threat environment evolves so should the risk posture of an organization.
As a part of making gains on this ‘maturity model’, eg, we are seeing not just protecting against or identifying a breach, but effectively and quickly ‘responding’ to it as a big priority in 2019. Hence, the second trend will be on ‘Threat Modeling’ and ‘Threat Hunting’ which are going to be key as CISOs aim to prepare their organizations against emerging security threats.
While technology will have a big role here and so does AI, important will be to collaborate with their peer groups globally, preparing their organisation (especially business and functional executives) in case of a breach. IBM’s Cyber Range has been a big hit here, in helping with these simulated trainings. Also, data privacy and security will be among top trends as we see CISOs look to prepare their organizations for anticipated regulation, especially after GDPR. The third trend will be on skills and talent availability and the increasing focus on certifications and accreditation for employees.
How emerging technologies can be leveraged in security, especially AI?
In the world of cybersecurity, we can all agree on one thing: Change is constant. We must continuously review what we did yesterday and identify ways to improve. As cyberattacks grow in volume and complexity, artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats. There are three ways in which AI helps:
Learn: AI is trained by consuming billions of data artifacts from both structured and unstructured sources, such as blogs and news stories. Through machine learning and deep learning techniques, the AI improves its knowledge to “understand” cybersecurity threats and cyber risk.
Reason: AI gathers insights and uses reasoning to identify the relationships between threats, such as malicious files, suspicious IP addresses or insiders. This analysis takes seconds or minutes, allowing security analysts to respond to threats up to 60 times faster.
Augment: AI eliminates time-consuming research tasks and provides curated analysis of risks, reducing the amount of time security analysts take to make the critical decisions and launch an orchestrated response to remediate the threat.
Hence, to keep up with the persistent adversaries, organizations must constantly try new technologies like AI in an attempt to find better ways to defend or proactively prevent an attack. They must assess their policies and enhance their methodologies daily.
As enterprise environments get more and more digitised, how is it changing the security dynamics? Can you share what were the dynamics before and how is the scenario now?
Digital transformation has to be driven along with security transformation. While in earlier situations, the attack surface was limited, cloud and digitization open out new security challenges. This requires revamp of existing infrastructure (with minimum disruption). Technologies that augment existing infrastructure will be the need of the hour.