By Prasad Jayaraman, Principal, Advisory, KPMG

Securing the organization is more important than ever. Three-quarters of CEOs believe a strong cyber strategy must engender trust with key stakeholders. Thus, the role of cyber professionals is transforming from enforcer to influencer. Their primary function is evolving beyond promoting awareness of potential cyberattacks to include keeping senior leaders from becoming complacent by challenging assumptions that the organization will not be the next ransomware target.

Also see:

How to Generate CISO Buy-In For Active Directory Protection

Organizations Will Adopt a Privacy-first Mindset

Historically, cyber security and data privacy were seen as separate disciplines. But several new regulations such as CCPA or GDPR that aim to protect consumer data have renewed focus on data rights, privacy, and security. Effective data privacy practices require a multidisciplinary approach, a cultural shift in which privacy and security are embedded into organizational change, processes, technology, and products.

With so many fast-evolving regulations across the globe, the regulatory landscape is becoming increasingly difficult to navigate. It will lead to more organizations embracing automation to manage privacy risk identification and reporting.

Cyber Professionals Will Focus More on Their Organization’s Full Ecosystems

This pandemic has taught us that collective action is the only way to enact meaningful change. Most organizations are no longer single, monolithic entities but rather deeply operationally dependent on a robust supply chain, and myriad traditional and non-traditional partners that often have direct access to business systems and data.

It is paramount that CISOs enact risk management frameworks that look both inward and outward to more closely monitor and secure any relationships with third parties such as suppliers and vendors. As a result, CISOs will need to move to a more proactive approach that puts continuous monitoring, usage of AI/ML-based solutions, threat intelligence, and zero trust at the heart of their ecosystem security model.

The post Today’s CISOs Wear Multiple Hats; The Role is Evolving appeared first on CISO MAG | Cyber Security Magazine.

By Rakesh Sharma, VP – Cloud and Container Security at Standard Chartered Bank 

Enterprises relied on traditional IT systems before, but the Covid-19 pandemic ushered in an era of intensive digital transformation. Companies can no longer afford to stay behind when it comes to cloud technology adoption. But with an unprecedented move to cloud migration has exposed organizations to increased and new cyber threats. As the complexity of an enterprise grows due to its Cloud infrastructure business owners have to invest in additional hardware, software, power backup tools, and security solutions to ensure optimal business performance and continuity.

Banks, insurance companies, and hospitals rely on cloud computing to provide better services, and increase pace of their digital transformation. A distributed cluster of data centers that minimizes downtime ensures security and compliance and has military grade security infrastructure – this lays the foundation of Cloud computing systems.

How Cloud Computing Is Accelerating Innovation 

Cloud computing is changing the way data-driven management works in industry verticals and revolutionizes several sectors. Companies adopting Cloud are scaling more efficiently, growing in revenue, and experiencing tremendous success while reducing technology risks. Real-time capture of data and its analysis was not possible with traditional models. Still, cloud services can process vast volumes of data in real-time, which defines new opportunities for siloed business initiatives. Investors are seeing promising results with Cloud, and companies are generating up to triple-digit revenues. Snowflake’s IPO shares more than doubled from its initial public offering, and the company made an impressive $3.4 billion on the big day, which is a 112% colossal profit.

New Enterprise Cloud Priorities in 2021

COVID-19 shocked the world with significant disruptions, and as businesses prepared shift to cloud vendors, they failed to address how they’d adapt to future disruptions better than other players.

Cloud has enabled companies to be more Agile and play a significant role in shaping future technology trends in 2021 and beyond. The most relevant enterprise cloud priorities from this year onwards, as described by Gartner, are as follows:

Distributed Cloud Services – Big tech players open new data centers every year in different locations, and enterprises will be sourcing multiple cloud services from them. As we progress to the future, we will see increased adoption in numerous public cloud platforms and move to address critical issues faced regarding data latency, privacy, and security.

Hyper automation- Hyper automation connects multiple enterprises, disparate systems, and processes with the intent to automate all workflows. It improves uptimes and makes it easier to run cloud services faster. Business owners adopt Hyper automation to ensure that their systems comply with international standards, perform accurately, and stay error-free. With hyper-automation, edge computing fosters operational excellence, and UI automation is making it effortless for organizations to collate data, speed up transactions, and improve customer service response times.

Anywhere Services – Enterprises will make significant investments in designing anywhere data infrastructures so that they can access data real-time, anytime, and anywhere. Organizations are slated to lower long-term operational costs this way, become efficient, and improve business productivity as a whole.

AI and the Internet of Things (IoT) – Datapost, DevOps, and MLOps will work together to provide data resilience, scalability, and agility for SMEs and large-scale organizations. Tremendous innovation is being witnessed in application of AI over Hybrid cloud environment, where incident analysis and remediation are the top priorities for forensics analysts. IoT is disrupting various industry domains such as healthcare, manufacturing, supply chain, education, etc., and many industry players are building applications for both the IoT and Cloud. The combination of IoT and Cloud provides increased connectivity for businesses, expanded data storage possibilities, increased processing limits, and better cloud security. AI integrations with cloud platforms alleviate privacy concerns and ensure data is protected against several cyber threats.

Advantages of Adopting Cloud for Enterprises

Business surveys showed that the number of respondents adopting enterprise cloud solutions jumped to 92% in 2018. This figure has continued to grow over time meaning the total number of respondents in the population using public or private clouds is now 96%. Cloud technology is a great way to run business operations because of the various benefits it brings. Below is a list of the top benefits offered through the adoption of cloud platforms.

• Faster deployments and reduced dependencies on on-site hardware
• Seamless software updates, automatic integrations, and quicker service deliveries
• Improved data security, reduced costs, and high-performance scalability
• Unlimited storage capacity and seamless project collaborations
• Excellent disaster recovery, mitigation, and backup planning

Challenges with Cloud Forensics

Cybercrime rates are on the rise, and while the increased adoption of cloud benefits businesses by providing infrastructures that are scalable, agile, and flexible, it also creates new attack surfaces for cybercriminals to take advantage of.

The following is a list of challenges professionals face with cloud forensics.

Vast volumes of data: Data is complex, and businesses are tasked with processing huge volumes when doing forensic analysis. Data can be ingested from multiple sources, and investigators have difficulty identifying, sorting through, and organizing enormous data record values.

Legal Compliance Issues: Legal systems and laws in many countries do not recognize forensic analysis as a legitimate source of cybercrime evidence. There is a lack of stronger data governance or regulations over cybercrime activities in several countries, making it a challenge to acquire justice.

Rise of anti-forensics techniques: Anti-forensics techniques work against forensics investigators and disrupt cyber crime scenes. It helps cyber criminals cover their tracks tracks, tampers evidence, and makes it challenging for professional investigators to uncover traces of the digital crime.

How AI Plays a Major Role in Cloud Forensics

Artificial Intelligence is the field where computer algorithms mimic human cognitive behavior and make intelligent decisions without needing any manual intervention. Machine Learning is a subset of AI and is routinely used in cloud platforms for automating various data management processes. Cloud forensics involves collecting and analyzing evidence needed to detect cybercrimes and make the collected information presentable to the court of law.

AI helps forensics professionals analyze evidence, reconstruct crime scenes, and ensure data integrity by providing no fakes or instances of duplication. Purdue researchers developed a cloud forensics model in 2019, which classified images and videos uploaded to cloud storage services like Google Drive and Dropbox. A StegnoCloud system used deep learning algorithms to report and flag illegal activities and collected evidence for forensics analysis. AI tools integrated with advanced technologies can automate various aspects of cloud forensics analysis and uncover data that is hard to acquire due to sophisticated data hiding techniques employed by cyber criminals. Businesses can now derive insights from their collected data, achieve innovations, and find out where they’re going wrong when it comes to securing the cloud, thanks to these advancements. Data needs to be managed and protected continuously; that means AI will play a vital role in ensuring information doesn’t stay underutilized and instead realizes its full potential. The top pioneer brands in the cloud forensics industry are FireEye, Paraben, Cisco Systems, Digital Detective, and Oxygen Forensics. With the increased demand for cloud computing, the global cloud forensics market is forecasted to grow at a CAGR of 13% from 2020 to 2027.

The market is further segmented according to user categories and forensics approaches such as mobile forensics, network forensics, and cyber forensics as cloud platforms are used by these tools and solutions. Financial institutions are already using digital forensics analysis techniques to study mobile devices, Smartphones, servers, and other endpoint devices to identify the risk of future data breaches. The Asia-Pacific region is growing fastest in this domain, and North America bought the most significant shares in 2020 throughout the world in cloud forensics industry.

Conclusion

Forbes predicted that there would be an 83% increase in cloud workloads by 2020, and it came to life. Modern enterprises have realized the benefits of cloud computing and are adopting it in a hybrid model by moving some workloads to cloud platforms and keeping the rest to their on-premises environment depending on business needs.

In the next few years, we will see some businesses will be born in cloud and others will migrate most of their infrastructure over cloud platforms to process massive volumes of data, which they couldn’t previously.

Cloud-based data mining will evolve due to advances in Artificial Intelligence and Machine Learning, which means customers can expect better insights from their data. As the technology landscape evolves, enterprise cloud computing will enhance security, ensures regulatory compliance, and bring better business outcomes, thus making AI and ML in Cloud Forensics all the more important.

About the Author

Rakesh Sharma is an experienced and excellent talented personnel in the cyber security & Fintech space by the Government and the Industry Bodies. He is a seasoned cyber security professional with comprehensive domain experience with the topmost security

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. 

References:

• https://www.i-scoop.eu/digital-transformation/digital-transformation-present-future-of-the-cloud-in-digital-business/
• https://itsupplychain.com/ai-cyber-forensics-how-does-ai-contribute-to-digital-forensics/
• https://cloudcomputing-news.net/news/2021/feb/03/how-cloud-powered-changes-will-accelerate-innovation-in-2021/
• https://www.sciencedirect.com/science/article/pii/S1742287619301628

The post How AL/ML is Driving Growth and Innovation in Cloud Forensics appeared first on CISO MAG | Cyber Security Magazine.

By Srinivas B, Director and Head of India — Cybersecurity and Blockchain COE 

Investments in Blockchain technology are expected to surpass USD 15.1 billion by 2024, and the technology has been causing massive disruptions throughout different industry verticals. We’ve seen other technology trends making the news, but Blockchain is finally garnering the reputation it deserves.  

According to CoinDesk, over 82% of institutional investors said they would increase spendings on Blockchain and digital assets by 2023. Their reasons for expanding their crypto holdings included the diversification of assets, long-term capital growth, reduced exposure to market volatility, and improved regulatory environments. Blockchain is already being adopted outside the technology industry in healthcare, finance, food safety, and shipping. Supply chain traceability in the gemstone industry is seeing a unique application where the origins of gemstones are uncovered and provide evidence to consumers. Software development companies are making apps for clients, and with the increased use of Blockchain, we can expect the Blockchain market to grow at a CAGR of 69.3% during given forecast periods. 

What is Blockchain? 

Blockchain is a decentralized technology used for doing digital transactions via a distributed ledger. It works as blocks that store financial data about users, with each block being linked in a sequence. In a blockchain model, computational resources are shared among users as nodes connected via a peer-to-peer (P2P) network. As a Distributed Ledger technology, it has various applications and maintains records of cryptocurrency transactions such as Bitcoin, Ethereum, and many others. 

Worldwide Outlook of Blockchain Market 

According to global industry statistics, the blockchain market is forecasted to grow at a CAGR of 79.6% from 2018 to 2023. Industry verticals and players such as large and small SMEs will be the primary adopters of this technology, with Blockchain as a Service (BaaS) driving market growth exponentially in this segment. The rising popularity of blockchain is because of its nature of doing peer-to-peer digital transactions without having intermediaries in between. Data stored in blockchains are reliable, accurate, timely, and readily available. Numerous projects in media and entertainment, healthcare, agriculture, automotive, energy, eCommerce, and retail have benefited from its innovations. 

The COVID-19 pandemic has accelerated digital transformation for many companies, which means there is now an increased interest in digital ledger technology. The global blockchain market can be estimated to be valued at USD 39.7 billion by 2025. At least 25% of the Forbes Global 2000 will be using Blockchain as a foundation technology in their upcoming projects by 2025. 

Future Trends of Blockchain in 2025 

It’s clear that Blockchain will revolutionize all industry verticals and is a technology that can no longer be ignored. By 2025, we can expect to see traditional business models transition entirely to the Cloud and use these distributed ledgers to conduct financial transactions. 

The following is a list of the top future trends of blockchain for 2025 and beyond. 

1. Blockchain as a Service (BaaS)

Blockchain as a service is a new trend that allows businesses to create financial products using distributed ledger technology. BaaS models are cloud-based, and most digital products created using BaaS services do not require any setup, installation, or manual intervention. The introduction of blockchain to social media networking websites will ensure that public data stays secure, giving content creators rightful ownership of their data without letting it fall into the hands of platforms. Microsoft and Amazon are the two leading brands developing BaaS infrastructures and services for businesses. 

BaaS services will foster the creation of decentralized architectures and offer several applications. Cloud vendors are working towards bringing these services within reach of businesses who want to speed up project payments and automatically sign off contracts after their completion. AI and Machine Learning deployments in BaaS models will address bottlenecks faced during the increased adoption of these services. 

2. Interoperability of Blockchain Networks

Blockchain interoperability refers to connecting disparate Blockchains and building an ecosystem where different networks can communicate, sort of like a decentralized exchange center. A use-case of interoperability can transmit data from a Bitcoin block onto another network. 

Interoperable Blockchain blocks and their integration with existing systems will streamline transactions and make it easier to do mass deployments. “Hybrid connectors” is a concept being cited by the industry and is enabling cross-Blockchain communications. Blockchain interoperability is another why cryptocurrency usage is becoming mainstream. Blockchain interoperability benefits include multi-token transactions, improved scalability, data governance, and enhanced connections between various Blockchain networks. 

3. Investments in StableCoins and Logistics 

Blockchain’s reach is expanding by the day and apps are being built using the distributed ledger technology as we speak. Bitcoin is an example of a cryptocurrency that’s volatile by nature in the market. StableCoin is an innovation that’s currently in the works that address this. 2020 is the predicted year when they will experience an all-time high, and we can expect to see an upward trajectory for growth up to 2025 from there.  

The main types of stablecoins in the cryptocurrency market are fiat-backed stablecoins, commodity-backed stablecoins, and crypto-backed stablecoins. Investors will be buying more stablecoins and holding their money for more extended periods as these pose a low risk, offering stable returns on their investments. 

Stablecoins will also serve as the blueprint for real digital currencies meaning buyers won’t have to worry about their values being wiped out overnight, unlike other cryptocurrencies. 

Blockchain is being used to make cryptoasset exchanges and encrypt transactions using public and private keys. Many see Blockchain as a reliable transaction technology for making cryptocurrency transfers and exchanges with other individuals, verify them, and get rewards in the process. 

Blockchain can use its decentralized ledgers to combat the threat of personal identity security leaks and safeguard users. Cybercrime fraud comes in various forms and blocks can be used for encryption critical information such as social security numbers, birth certificates, identity cards, etc. Data silos and a lack of transparency are key challenges faced by the logistics sector and enterprises can leverage Blockchains to solve them by automating processes and validating data sources. 

4. Tokenization

Tokenization is the process of converting a physical asset such as an object, painting, or real estate (anything of value) and representing it as digital coins. Asset tokenization is an emerging trend in the Blockchain world and gaining quite a traction. Converting real-world assets into tokens and helps divide the rights of assets among various owners. Non-fungible tokens will foster digital scarcity and prevent assets from being replicated or copied, which means owners acquire exclusive digital rights to their assets. 

There are many benefits to Blockchain tokenization, such as increased liquidity, lack of third-party involvements, user anonymity, improved immutability, etc. Real-estate tokenization is one of the hottest trends, and many platforms are helping businesses access, exchange, and trade with tokens without compromising on legal compliance. 

5. Revolutionizing Financial Services

The financial industry is one of the early adopters of this technology, and there are many banks, NBFCs, and fintech corps are recognizing its value. Banks are finding that Blockchains help create more secure networks for conducting digital transactions and customers prefer to invest and trade with cryptocurrency. 

A recent report by CB Insights revealed that blockchain-based decentralized ledgers would enable customers to make faster payments, pay lower processing fees, and complete transactions in real-time, a seamless experience. Smart contracts drafted will eliminate third parties and make finances more decentralized in the coming years. Blockchain smart contracts allow parties to execute exchanges when “distributed conditions “are met and streamlines transactions automatically. More than 77% of financial institutions expect to adopt Blockchain technology entirely by 2021, and Gartner predicts that the banking industry will generate up to $1 million through blockchain-based digital transactions during 2021. Digital payments are the future, and there is a possibility that governments will be implementing this technology for effective data governance and management. 

Why Blockchain Trends Are Paving the Way for Companies? 

Immutability is the most significant factor behind increased Blockchain adoption, and since data in chains cannot be corrupted, they are essentially tamper-proof. Supply chain operations are becoming globalized, and that’s another segment where Blockchain trends are emerging. All nodes are linked to a ledger, and when edits are made to a single node, changes done to previous ones get verified and validated. This makes it impossible to alter data without verification, and entities cannot get away with data fraud/theft this way. 

Suppliers, distributors, and clients do not have to interact about every simple transaction, and nodes can update ledgers automatically. The growth of IoT (Internet of Things) is helping the latest Blockchain trends keep up with enterprises and is making data security increasingly sophisticated or complex. The merger of Blockchain and IoT makes machine-to-machine transactions possible, and smart devices can run thanks to their amalgamation autonomously. 

Edge computing is also being combined with Blockchain technology, allowing enterprises to reduce costs, transfer data, and not fall prey to cyber attacks as there are no centralized data repositories. Peer-to-peer Blockchain networks help organizations protect their networks and devices from botnet and DDoS attacks, ensure data privacy & security, and make devices in every network independently secure, which is another driving factor behind the emergence of the latest Blockchain trends.  

Digital companies can take advantage of Blockchain technology and address concerns related to data compliance, privacy, and security by mixing AI and Machine Learning. Blockchain mobile apps are enhancing the P2P transaction experience and verifying cross-border digital payments. Quantum computing is being impacted with the technology as ledgers are used for making data unchangeable and tamper-proof. Complex mathematical equations can be processed instantly for linking public and private keys which makes quantum computers hack-proof and not exploitable. 

The adoption of Blockchain is slowly becoming widespread. In the future, we can expect greater security, more data transparency, and a large volume of financial transactions being processed using this technology. 

References: 

1. https://lnct.ac.in/future-of-blockchain-technology-by-2025/ 
2. https://www.globenewswire.com/news-release/2020/06/18/2050049/0/en/Worldwide-Blockchain-Industry-to-2025-Get-In-depth-Insights-on-Your-Competitor-Performance.html 
3. https://searchcio.techtarget.com/feature/7-must-know-blockchain-trends 
4. https://www.forbes.com/sites/bernardmarr/2021/03/12/the-six-biggest-blockchain-trends-everyone-should-know-about-in-2021/?sh=1cff4ab36631 

About the Author

Mr. Srinivas B is a trained multi-dimensional professional with more than 20 years of experience in several fields such as Technology Consulting & Architecting, Product Development, Practice/Project Management/Pre-Sales in AWS, Azure, Google & Oracle Cloud Computing, Blockchain & IoT, and AI/Data Science Technologies. He has gained knowledge in several domains and holds various certifications titles such as Certified Project Management Professional – PMP, Certified Microsoft Azure Solution Architect, Certified Blockchain Solution Architect – CBSA, Certified Blockchain Expert – Blockchain Council, Certified Corda/R3 Developer, Certified IBM Cloud Solution Architect, etc. 

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post How Blockchain Is Shaping Cyber Security and Causing Technology Disruptions for Global Enterprises appeared first on CISO MAG | Cyber Security Magazine.

By Shankar Karthikason, Averis Group Head of Cyber Security Strategy, Operation & Advisory

The digital era exposed us to various threats. The importance given to cybersecurity has increased tremendously. From a security professional’s perspective, the need for AI and ML is strong; looking for ways to automate the task of detecting threats and flagging malicious behavior, means moving away from manual methods which will free up time and resources to focus on other tasks.

With today’s fast-moving evolution, it’s impossible to deploy effective cybersecurity technology without relying heavily on machine learning and It’s impossible to effectively deploy machine learning without a comprehensive, rich and complete approach to the underlying data.

Cybercriminals have their ways of means to outreach potential targets in this borderless world. Over the last decade, the rise in identity theft, data breach, and money loss raised exponentially. This is where AI/ML tools and techniques are being developed to play a significant role to fight against these cybercrimes.

AI and ML are becoming major players thanks to the very fact that they’ll stop threats in real-time without impacting the day-to-day operations of the business.

Further, these technologies can keep track of data that escape the human eye, including the growing volume of transactions, video, chats, emails, and more.

Investing in AI without a clear, well-established, and mature cybersecurity program is like pouring money down the drain. One may fix one issue but may end up creating more than that or may even overlook critical and urgent issues.

So things you may want to consider firstly:

1. Identify your business needs

It’s important to first identify your business problems AI is presumably to resolve. Assess every paint point and evaluate how AI potentially will help to resolve.

2. Evaluate your companies readiness to adopt and support AI

Discover the main concern and issue surrounding your business and take a step to check if your organization is ready to adopt AI. IT infrastructure plays a fundamental role to manage and analyze the data set of AI. AI requires rich data to perform its task effectively in order for you to obtain the desired result. Start with a small sample and move on from there to see how it performs.

3. Prioritize the main values for your business.

One’s business need has been assessed, understand the business and financial benefits. Make sure to cover all possible AI applications as part of your short and long-term goals.

4. Look for valuable AI services.

Developing an AI system may take lots of time and resources. Still, there are AI service providers with industry expertise to help you understand the data needs of AI and simplify the AI integration for you.

Points to Remember for Convincing Executives to Invest

1. Do not re-invent rather just plug-In

Avoid telling the board that their entire IT investment will be replaced with some advanced product. Look into AI solutions that can be plugged into the existing system rather than redo entirely.

2. Show the numbers

Executives need the numbers such as data and funds saved. AI provides clear advantages here.

“A Deloitte study found 83% of early AI adopters have already achieved moderate to substantial economic benefits.”

3. Think long term

Do not look into the short-term impact of AI on your business but rather think beyond. Showcase the forecast of business impact and consequences of not analyzing and learning from your data.

AI/ML may already be in most organizations’ to-do list but ones should focus on how they may complement existing systems and business plans rather than boosting the hype in order to obtain internal approval. Getting buy-in on something which is new may be challenging but neglecting the growth and adoption of technologies such as AI may cause potential repercussions.

4. AI and job security

Bayt.com Co-founder and CTO Akram Assaf explains that “most risks with AI come from organizations abandoning their responsibilities. You can’t just install a system and expect it to do the job for you. That’s not how it works, and even advanced cybersecurity systems powered by AI need to be regularly maintained and updated.”

Cybersecurity providers tirelessly introduce ways to prevent and remediate threats brought by threat actors but as soon as these measures are developed, cybercriminals develop new threats to overcome this.

To stay ahead of the curve, AI emerged as a crucial tool for cybersecurity providers. AI helps to strengthen the defensive measure and speed up the response time, but it is yet to reach perfection. AI advances cybersecurity in powerful ways but will not replace human intelligence, at least for now for especially in identifying and mitigating threats. It is a common misconception that AI will replace human intelligence. AI provides the mean of improving the accuracy and efficiency of data being analyzed but when it comes to strategizing and problem-solving, the human element still plays a vital role.

Cybersecurity professionals are still required to differentiate between good and bad data and to tell whether the data is reliable. They need to frequently review the data to ensure relevancy and accuracy.  AI will produce bad analyzes if the data is inaccurate, flawed, or even biased.

At least for now, AI has not reached the level of developing complex strategies or thinking critically through complicated scenarios. People may use AI to assist with thinking through problems but ultimately it’s humans who will make the decisions.

AI will undoubtedly change the way businesses operate, creating a safer, more efficient, and data-driven working environment, and this will affect jobs but as technology improves, machines will need to be updated and replaced.

Jobs will always be available for those who understand the core working of AI systems.

5. AI will replace some jobs

AI will not replace all the jobs as the human role is vital to strengthen AI.

But it is inevitable for humans to make mistakes where computers on the other hand not influenced by human error.

Machines react based on a set of instructions that are pre-determined and execute them out such as data entry jobs. AI may potentially take over such jobs which require performing routine and mundane tasks such as typing, copy-pasting, and transcribing.

In fact, AI may compliment on top of job to provide additional pair of eye to verify your work. Aside  AI may assist in dangerous jobs which may put human life at stake such as mining, factory work, and machine assembly.

Conclusion

AI/ML can significantly change the cybersecurity landscape but it can pose both a blessing and a curse to businesses and customers.

On the other hand, AI can be very resource-intensive and may not be practical in all applications. More importantly, it also can serve as a new weapon for hackers who use the same or even better-enhanced technology to improve their cyberattacks. With the growing number of various digital devices, these hackers already have the opportunity and capability to launch rapid and complex attacks. AI then may soon offers the means to either successfully secure or successfully attack.

It may sound cliche but it’s no longer a question of if an organization will be attacked, but when. Being said cybersecurity personnel need to get out in front of this challenge now by leveraging AI/ML-assisted security solutions that provide the right and fast detection and response capabilities in order to keep pace with these advanced cybercriminals.

About the Author

Shankar Karthikason is Averis Group Head of Cyber Security Strategy, Operation & Advisory. He brings together over 12 years of experience in conceiving and implementing key business strategies towards enhancing the trajectory of the overall operations as well as business growth.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post AI/ML Can Be a Benefactor in Cybersecurity appeared first on CISO MAG | Cyber Security Magazine.

By Vats Srivatsan, President and Chief Operating Officer at ColorTokens Inc.

So what roles have AI and ML played in enterprise cybersecurity? On the face of it, cybersecurity seems like a perfect use case for AI and ML techniques. Security threats continue to grow by the day. The amount of security data collected by multiple cybersecurity sensors is growing exponentially, and there is a significant shortage of trained cybersecurity professionals. The industry has a clear need for AI and ML technologies.

Yet AI and ML are not as prominent in cybersecurity as they have been in other fields. But why are their applications in cybersecurity restricted to niche use cases, and how should organizations consider these technologies from their cybersecurity or AI/ML vendors?

What Limits the Effectiveness of AI and ML in Cybersecurity Today?

The answers to those questions are complex and multifaceted but revolve around three key issues.

Lots of data yet very little trainable data: In this environment, security professionals have relied on vendors to provide alerts on any abnormalities, but those alerts add up to several tens of thousands per day. Very few, if any, of these alerts would translate to attacks, often with over 99% false-positive rates.

From a threat-detection perspective, this means that organizations could really apply predictive AI and ML to only 0-1% of transactions. ML models need data to predict accurately, so this limits the ability to train models on actual threats. New threat patterns, which attackers are busy exploring every day, render useless any prediction based on past attacks.

Insufficient business risk context: The cybersecurity industry is fragmented with vendors for each security problem. It is not atypical for a large organization to rely on 50-plus security tools, often from different vendors. Each tool collects data relevant to its use but misses the overall context outside of its intended use.

For example, firewalls are used very widely and collect transactional network flow data, but rarely can they attach that data to the application and user context simultaneously. Similarly, endpoint systems collect lots of information on processes that run or can run on the endpoints but lack the context of how critical an application that the endpoint is trying to access is or the vulnerabilities within it.

The net result is that the basic context needed to apply ML becomes fragmented. A simple business question such as, “Should you allow or block a specific transaction into an application?” becomes difficult to answer at scale. It requires information on the inherent security risk posed by that transaction, estimated business risk from allowing such a compromised transaction, and the level of business disruption that could happen from blocking the transaction. Typically, this information does not exist or is scattered across multiple tools and is not available at the time such a decision needs to be made.

After-the-fact analysis vs. new attack vectors: Companies have addressed their data fragmentation through data-aggregation mechanisms like security information and event management, known as SIEM. While this is better than having no information, after-the-fact analysis of such aggregated data is passive by definition — meaning that it allows you to analyze a past threat and prevent that exact attack pattern if it recurs, but it won’t help prevent threats that don’t follow historical attack patterns.

So How Do You harness AI/ML in Your Cybersecurity Posture?

Some companies have recognized the challenges above and stated to address them in their offerings. Broadly, there are three stages to the application of AI and ML tools in terms of their effectiveness in cybersecurity:

Stage 1: AI/ML to simplify operation – Identify assets or users and detect abnormal behavior

AI can be an effective way to automate routine areas that usually take a lot of manual effort, particularly if those tasks are routine and don’t need broad business context and increased data sources to facilitate better training over time.

Automatic identification, or tagging categorization of assets being secured, is a surprisingly complex problem in large organizations with tens of thousands of assets under management. Here, an AI/ML model can identify but tag the asset based on processes or software running on other assets with which it communicates. This is similar to how photos can be tagged based on visual recognition.

More data from an organization or multiple organizations improve these predictions over time. Similarly, flagging anomalous behavior or deviations from known “good” or “trusted” behavior is a good application area, where just the sheer volume of good transactions makes AI effective and manual analysis difficult at the same time.

Stage 2: AI/ML for security policy definition – With appropriate business risk context

If a cybersecurity tool can embed the context of business risk from a security threat by using knowledge of the request (user and device) and what is being accessed (an application or data) and the medium (a network), then ML would have enough contextual intelligence to be powerful in security policy setting.

To achieve this in practice, cybersecurity vendors must assign “business security risk scores” to transactions, either to one transaction or to a group to which one transaction belongs, all while the transaction is executed. This is like how a bank would assess any online request for a transaction.

Assigning a business security risk score is not always simple. It requires holistic information on whether the user, network, or transaction is known or trusted; how vulnerable the asset being assessed is in terms of exploitability; and how business-critical a compromise of that asset could be in terms of if its breach exposes customer or employee confidential data that could harm the company. A system that can do that will be really powerful in using AI to define and recommend automated policies or dynamic policy updates as risk changes.

See also: “AI and ML will be an enabler for cybersecurity for the foreseeable future”

Stage 3: AI/ML to adapt security posture – Continuously trading off business velocity vs. security risks

Most companies have invested in many security tools, yet CIOs find it difficult to determine whether their security posture is better than before. Zero Trust-based policies and tools address this by allowing nothing except trusted interactions, processes, and users. By definition, they enable organizations to block out new threat vectors and unknown interactions instantly instead of allowing time for such interactions to happen. They then learn over time, as ML models or human analyst models would typically do.

While this enables a higher security posture, narrowly defining trust zones could impact business and prevent or slow down low-risk transactions that enable the business. However, AI/ML can get that tradeoff right. Organizations can start with very small zero-trust zones in critical applications and use ML over time to expand the trust zones based on risk and behavior patterns.

AI and ML have not been utilized to their full potential in cybersecurity yet. However, when used appropriately, AI and ML can play a very effective role in your cybersecurity. Proper applications can assist humans in security analytics and operations, recommend low-security-risk policies, and enable CISOs to maintain the best security posture that allows the business to operate at the necessary velocity.

About the Author

Vats Srivatsan is president and chief operating officer at ColorTokens Inc., a SaaS-based Zero Trust cybersecurity solution. As a member of the ColorTokens leadership team, he uses his extensive knowledge of cloud and cybersecurity across multiple industries to help customers in their Zero-Trust cybersecurity journey. Srivatsan’s previous three decades of experience include executive roles at leading companies including Palo Alto Networks and Google Cloud. At Google, Vats founded and led the Advanced Solutions Lab that helped apply Google’s AI to core business problems for some of the leading enterprise customers.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post Unleashing the Full Power of AI and ML for Your Cybersecurity appeared first on CISO MAG | Cyber Security Magazine.

To discuss this further, Pooja Tikekar, Sub Editor at CISO MAG interviewed Chuck Brooks, President of Brooks Consulting International and Adjunct Faculty at Georgetown University. Chuck is a Technology Evangelist, Corporate Executive, Speaker, Writer, and a Government Relations, Business Development, and Marketing Executive.

With over 74,000 followers on LinkedIn, 16,000 followers on Twitter, and 5,000 followers on Facebook, Chuck has built a sizeable community on social media, where he regularly shares the latest happenings and updates from the cybersecurity industry.

He was named The Top 5 Tech People to Follow on LinkedIn. He’s among the world’s 10 Best Cyber Security and Technology Experts, by Best Rated; in the Top 50 Global Influencer in Risk, Compliance, by Thomson Reuters; the Best of The Word in Security, by CISO Platform, and IFSEC’s #2 Global Cybersecurity Influencer.

Chuck was featured in the 2020 and 2021 Onalytica Who’s Who in Cybersecurity as one of the top Influencers for cybersecurity issues and risk management. He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic; the Top Leader in Cybersecurity and Emerging Technologies by Thinkers360, and Top Global Top 50 Marketer by Oncon in 2019.

Chuck has an MA in International Relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Edited excerpts from the interview follow:

You’ve been named the Top Tech Person to Follow by LinkedIn. Would you like to tell our readers how you joined the cybersecurity industry and what your journey has been like as a leading influencer?

My journey as a cybersecurity expert and an influencer has been concentrated on four pillars: government, industry, media, and academia. In government, my journey in security first began as a senior legislative advisor to the late Senator Arlen Specter on national security, international, tech, and other issues. Next, I joined the Department of Homeland Security (DHS), where I was one of the first people brought on to help form the new agency. In my DHS role in government affairs, I had to keep abreast of policies, programs, budgets, and issues. But I also had to understand technologies to counter chemical, biological, radiation, and explosive threats (CBRNE), and learn about cybersecurity and interoperable communications. Back then, CBRNE was the prevailing concern, but homeland security quickly morphed into understanding cybersecurity threats from being digitally connected. I dove right into learning as much as I could on the subject matter and worked closely with leading experts from both government and industry from the outset.

After I left DHS several years later for the private sector, I kept my government networks active and continued to build my subject matter expertise on cybersecurity, technology, and policy. I served in executive roles relating to security for several major global corporations, including Xerox and General Dynamics Mission Systems.

The world of media has also been a passion for me as cybersecurity and emerging tech evangelist. I serve as a contributor to FORBES and a Cybersecurity Expert Advisor to Yahoo and The Washington Post. I am also the Visiting Editor at Homeland Security Today. In the last couple of years alone, I have written well over 200 articles and have been a featured speaker at dozens of conferences, events, and podcasts on homeland security, cybersecurity, and emerging tech.

In academia, I serve as Adjunct Faculty at Georgetown University’s Graduate Applied Intelligence Program and the Graduate Cybersecurity Risk Management Programs, where I teach courses on risk management, homeland security, and cybersecurity. I was an Adjunct Faculty Member at Johns Hopkins University, where I taught a graduate course on homeland security for two years. Teaching students who will be future leaders about cybersecurity is particularly gratifying.

In all, I enjoy being an influencer and sharing knowledge and insights on key issues, concepts, and policies relating to cybersecurity to everyone interested. What I want to accomplish as an influencer is to continue writing and speaking about the varied aspects of the topic and especially in educating others on how to help protect themselves. My advisory and board director roles with organizations and companies, and my role as a professor at Georgetown University are reflections of that passion and interest.

Cybersecurity has been a priority for most businesses; however, attack sophistication was amplified in 2021, and organized cybercrime groups profited due to the new normal of distributed work environments. Could you stress on some of the traditionally organized cybercriminal activities and their long-term impacts?

Several factors have transformed the cyberthreat landscape. Certainly, COVID-19 usurped the digital landscape and forced organizations to adapt to a remote working paradigm with little notice and preparation. Cybercriminals took advantage of security gaps and launched many successful attacks, and the number of breaches in 2021 has already surpassed the previous years.

Also, although it has been around for almost two decades, ransomware became a weapon of choice for hackers in the expanding digital landscape. The transformation of so many companies operating in a primarily digital mode had created more targets for extortion. And with the ability to get compensated in cryptocurrencies that are hard to trace, organized hacker gangs have taken advantage of the low-hanging fruit by exfiltrating data and holding it hostage to hospitals, municipalities, and critical infrastructure operators.

Another factor is the cooperation of cybercriminal gangs. They are being more collaborative and sharing both targets and sophisticated hacker tools on the dark web and dark web forums. There has been a consolidation of smaller hacker affiliates into larger hacker criminal families for a wide mix of attacks, including exploit kits, malware, and other coordinated activities, including hacking-as-a-service, and money laundering.

Also, threat actors, especially state-sponsored and criminal enterprises, have been investing some of their resources in emerging tech such as machine learning to employ more sophisticated means for discovering target vulnerabilities, automating their phishing attacks, and finding new deceptive paths for infiltrating malware.

Exploiting vulnerable supply chains has also been trending. Cyberattackers will always look for the weakest point of entry, and mitigating third-party risk is critical for cybersecurity. Supply chain cyberattacks can be perpetrated by nation-state adversaries, espionage operators, criminals, or hacktivists. Their goals are to breach contractors, systems, companies, and suppliers via the weakest links in the chain.

The bottom line is that as internet connectivity exponentially expands, so will the opportunities for attacks. Hybrid work environments, although more fortified, will likely still be successfully targeted by hackers who are collaborating and using sophisticated hacking tools. In the future, businesses and government must ramp up their capabilities to discover, monitor, and mitigate attacks, but that will not be an easy task.

Humans play a critical role in cybersecurity, and they’re often termed the “weakest link.” Cisco’s 2021 Cyber Security Threat Trends report reveals an alarming dominance of phishing attacks, accounting for 90% of data breaches. How can employers raise the bar in avoiding the exploitation of human behavior or psychology? And how can we have a better-integrated approach to security?

Humans certainly are the weakest link in cybersecurity. Usually because of negligence, but sometimes because of insider threats. The one consistent statistic I encounter every year is that phishing attacks account for most successful breaches. It is because phishing is easy to do for hackers, and it works. It used to be that you would get an email from a prince in a faraway land saying that he needs your bank account number to deposit funds. Now, a phish may appear to be a message from your boss, from a store where you shop, a bank, or even a friend. Hackers have come a long way in being able to mimic graphics and logos; they use social engineering to gain knowledge of your work, interests, and friend groups on social media platforms.

Companies can raise the bar by doing regular training with employees on how to recognize a phish. They need to teach the psychology of human behavior and where the vulnerabilities may lie in networks and devices from people. Gamification is a popular tool for that kind of training. Corporate programs need to include cyber hygiene to include strong passwords, multi-factor authentication, and incident response as a part of their operational mission. Also, if they must, they can restrict who has access to databases and sites on the interest via identity and access management tools. For insider threats, monitoring aberrant behaviors can work, but it is a challenge.

While on the topic, do you think businesses should assess employees’ security performance/awareness while evaluating other KRAs/goals? And would it help reinforce the human firewall?

I am a strong believer in accessing security performance awareness because a breach may have major consequences to a business legally and operationally. For many small and medium businesses, a breach could be fatal to their flow of commerce, reputation, and ultimately their future. Reinforcing the human firewall through access controls is also sensible. The more that your security team can control and monitor, the better the likely outcome.

What are some of the emerging technologies in security? Would these generate opportunities and create challenges?

We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.

Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.

Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools. SolarWinds was more than a wakeup call for those realities.

Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints.  Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

In addition to my previous question on emerging technologies, what are some of the AI and ML trends in cybersecurity that we can expect in 2022?

The core of AI smart capabilities is rooted in its subcomponent of machine learning, ML. AI is largely used to protect networks as well as increase data security and endpoint security. There are some specific areas where AI technology will contribute to making cybersecurity smarter include:

• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
  While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.

AI and ML will be an enabler for cybersecurity for the foreseeable future. As the computational capabilities and digital complexity of global enterprises continue to grow, AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Tell us your top three cyberthreat predictions for 2022.

• Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks. CI is a high-profile target for both geopolitical and economic considerations for hackers. This CI includes defense, oil and gas, electric power grids, health care, utilities, communications, transportation, education, banking, and finance. Protecting CI Industrial Control Systems (ICS), Operational Technology (OT), and IT systems from cybersecurity threats is a difficult endeavor. They all have unique operational frameworks, access points, and a variety of legacy systems and emerging technologies. Protecting the CI supply chain in IT and OT systems will be a public and private sector priority. A special concern for the supply chain is Third Party risk and visibility of partners in the chain. Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring. 
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices. IoT incorporates physical objects communicating with each other, including machine to machine and machine to people. It encompasses everything from edge computing devices to home appliances, from wearable technology to cars. IoT represents the melding of the physical world and the digital world.  They differ from conventional computers as they are highly specialized and usually small, both in physical size and computing capacity. A cybersecurity challenge of IoT is the lack of visibility and the lack of ability to determine if a device has been compromised and not performing as intended. The increased integration of endpoints combined with a rapidly growing and poorly controlled attack surface poses a significant threat to the internet of things. Protecting such an enormous attack surface is no easy task, especially when there are so many varying types and security standards on the devices. It will only get worse in 2022 as connectivity grows. 

Lastly, is there anything you’d like to add?

Thank you for allowing me to share some of my cybersecurity perspectives with your readers.

About the Author

Pooja Tikekar is the Sub Editor at CISO MAG, primarily responsible for quality control. She also presents C-suite interviews and writes news features on cybersecurity trends.

More from the author.

The post “AI and ML Will Be Enablers for Cybersecurity for the Foreseeable Future” appeared first on CISO MAG | Cyber Security Magazine.

By Rajiv Sharma, Vice President, EXL Service

Building a Strong Cybersecurity Workforce

Raising public awareness about cybersecurity career starts with understanding the new skill requirements and demand to build a strong cybersecurity workforce by the organizations. With the rise in sheer volume and diversity of cyberattacks, organizations are looking to bring effectiveness and efficiency in securing, testing, and continuously monitoring their digital assets. Automation of processes and up-skilling the task force are the need of the hour. This has led to a sharp increase in the demand for cybersecurity skills. Emerging technologies such as cloud computing and storage, IoT, blockchain, etc., have further increased skill demand due to the integration of technologies with the business processes, leading to a new attack surface for malicious users and hackers to target. Hence, hiring the talent to maintain and manage security posture has become equally important as having a robust architecture in place for information security.

See also: How to Learn Ethical Hacking from Scratch and Start Your Career

For organizations building a workforce involves planning, implementing, and assessing the cybersecurity readiness of their security workforce. Prior to establishing a workforce, organizations need to determine their risk exposure and risk tolerance, which influences the need to address their cybersecurity workforce gaps. The NICE framework for the cybersecurity workforce provides guidance to organizations on how to recruit cyber talent and develop professional opportunities for their cyber workforce.

Cybersecurity Career Demand and Opportunities

Cybersecurity roles are among the fastest-growing career opportunities available in the STEM field. The U.S. Bureau of Labor Statistics (BLS) jobs will grow 31% by 2029, which is seven times greater than the U.S. average growth rate for jobs. Hence, indicating that information security will be in demand as technologies keep evolving alongside the growth in cyberthreat. It could be safely assumed that the growth of cybersecurity jobs will be proportional to the increase in volume and diversity of the cyberattacks, which by the way, have grown over 50% since 2020 and are estimated to cost the world $6 trillion annually in 2021.

Hundreds of breaches each year and the loss of millions of records have tremendously increased the demand for information security posture and professionals to maintain it. The global pandemic has further boosted threat incidents, with reports highlighting the rise in cybercrime by 600% in the Asia Pacific alone due to its impact. This displays the fragile nature of the current security posture that is susceptible to different threat factors. To combat such malicious cyber intent, businesses need the assistance of professional expertise. Hence, making it is imperative for organizations to foster cybersecurity skills and talent alongside efforts for implementation of rigorous cybersecurity awareness programs, prevention and detection controls, and best practices. Multiple studies have indicated that security job roles and skills related to application development, cloud computing, incident handling, threat intelligence, risk management, security compliance and governance, data privacy, identity and access management, etc., are expected to grow the fastest in the near future.

Cybersecurity Career Pathways

There exist multiple job roles and career pathways for cybersecurity aspirants to choose from and pursue. In the era of Digital Transformation, emerging technologies and the constantly evolving digital security industry further add to these pathways that could be roughly be categorized in broad skillsets viz management, technical, and leadership.

• Management: The security management category deals with tasks and roles associated with compliance and governance within the security posture. This area tends to be less technical, but it is, nonetheless, important for professionals in these positions to know the technicality behind cybers risk in order to manage them better. The roles and responsibilities in this domain call for the need to be business savvy and got skills programmatically manage the organization’s security posture. Awareness training, audits, compliance, IT risk management, including third-party risk management, project management, etc., are some of the functions involved with these roles.
• Technical: As suggested, this pathway covers more technical roles such as diving deep into technicalities of systems, data, tools, networks, hardware, software programming, etc., with an aim to detect, prevent, respond, and mitigate cyber threats. These skills are essential in deploying cybersecurity solutions in an organization. Some of the prime roles of pathways could be listed as in the figure below.
• Leadership: This position is of extreme importance as this connects security goals to that of business processes, hence playing a critical role in the success of the business. Some of the widely popular roles in this domain include CISO (Chief Information Security Officer), directors and managers, which includes thorough leadership skills at all levels.

The career pathway listed could be an exciting journey for aspirants as the entry to the security domain could be considered as interdisciplinary, i.e., any pathway or combination of roles could be adopted based on the market demand. As there is no set pathway, choosing accordingly helps individuals gain exposure to various technologies and processes, hence allowing them to work with what they are most comfortable to adopt rather than what is available in the mainstream. One skill set which is need of the hour and common to the above-listed areas is the aptitude to adopt automation i.e., to automate manual or repetitive processes through deploying Artificial Intelligence, BOTs, ML, or BIG Data.

The Untapped Potential of an Underrepresented Population

Diversity is the need of the hour, as a diverse team is most likely to make better business and security decisions compared to a non-diverse one. Workforce development frameworks should accommodate and promote increased participation from women, veterans, persons with disabilities, minorities, and other underrepresented populations. Diversity is purposeful and should be voluntarily worked upon and be committed to by organizations aligned to their business goals. Organizations should be mindful that any security initiative or operation should involve equitable representation of the underrepresented groups. A number of organizations are running with various diversity programs and conscious efforts have been made to tap cyber talent, to name a few WiCyS, NCI’s IWICS, Palo Alto, Purdue, EC-Council, Fortinet, Facebook, etc. Such organizations aim to increase the representation of women and veterans in cybersecurity, through various training and sponsorship opportunities.

Conclusion

With cybercrimes growing multifold in volume, the demand for corresponding cybersecurity skills is also increasing exponentially. The statistics suggest that cybersecurity careers will be in high demand in the upcoming decade, and may grow by 31% in the U.S alone. This provides individuals in both STEM and other fields to pursue a career in cybersecurity.

About the Author

Rajiv Sharma is currently the Vice President of EXL Service and has more than 25 years of experience in information technology, cybersecurity, information security governance and compliance, and disaster recovery and business continuity planning. His wide range of experience involves the identification of cybersecurity risks in an ever-changing cyber threat landscape, as well as designing/recommending, and implementing/establishing control environments to mitigate the risks. Rajiv has in-depth, hands-on experience in the field of cybersecurity risk and implementation across multiple industries like fast-moving consumer goods (FMCG), automobile, telecom, manufacturing, retail financial services (banking and capital market), insurance, and ITeS.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post Cybersecurity Career Awareness: The Growth of Cybersecurity in IT Industry appeared first on CISO MAG | Cyber Security Magazine.

To dive deeper into the subject, CISO MAG interviewed Sanjay Nagaraj, CTO and Co-Founder of Traceable. Nagaraj is an entrepreneur and a Silicon Valley engineering leader. He believes in building products and teams that are obsessed with customer success.

Nagaraj discusses his entrepreneurial journey, API security and the potential risks associated with it, and the future of AI and ML in cybersecurity.

You have had quite a remarkable journey. From AppDynamics, to then staying in stealth mode with Traceable for a significant part of the time, to coming out with a $20 million investment. I think Traceable was born a unicorn. Can you summarize your entrepreneurial journey? Where did it all begin?

I believe in building products and teams that are obsessed with customer success. Prior to co-founding Traceable, I was VP Engineering for AppDynamics/Cisco. At AppDynamics, I was responsible for product teams for Application Performance Management and Database Monitoring products. Additionally, I was responsible for scaling teams across different geographic locations. The innovation that my team and I built was critical in helping DevOps teams to lead the digital transformation at many of the Fortune 100 companies. With the customer obsession of my team, and the products at AppDynamics, I was responsible for generating over half a billion dollars in revenue during my tenure. As a senior engineering leader, I have been building complex enterprise software solutions for over 20 years. Prior to AppDynamics, I worked at various companies including Hyperion Solutions (Oracle) and Philips. I am an inventor credited with several U.S. Patents.

According to major industry analysts, IT organizations struggle to evolve their processes for developing, delivering and managing APIs for integration and digital business transformation. Do you feel API security has become a blind spot for several businesses? How instrumental can a CISO be in this regard?

Yes, absolutely. Many organizations don’t have security practitioners as part of their developer cycle, and developers are not being trained on how to secure their APIs. APIs come in many forms:

• APIs that you expose to your clients can be applications (mobile or Single page apps).
• APIs that developers who are B2B customers or internal dev teams using them.
• APIs that are third-party or B2B APIs where requests and responses are expected from.

CISOs can be instrumental in putting the focus on their API security by asking some simple questions: “Do we know where our APIs are? How many APIs are internal vs. external? What types of users/roles access our APIs? Where is the sensitive data accessed?”

To get better at API security, development teams need to understand what we call their application DNA, understand how it is changing, and be able to identify anomalies to detect and block legacy and new threats. These new threats require an understanding of the application context and user behavior to really distinguish the bad actors from the regular users. Can you elaborate on “application DNA?” What is that and why is it important for application teams to understand?

Sure. Application DNA is what we call the collection of data that defines what an application is made up of, how those parts interact, how each of those parts behaves, and how the different users of the application interact with each of those parts. Knowing this data is vitally important to be able to effectively secure modern applications. But in these modern applications, this data is continuously changing, so it is not only challenging to collect this data but even harder to keep it updated. This is why we created Traceable, to use distributed tracing and AI to make it possible for teams to create and maintain secure applications in these challenging environments.

Cloud-native applications have clearly become hackers’ favorite targets. These applications are all API-driven, with APIs exposing business logic to the outside world. Do you think the current application security approaches are built for modern application architectures?

With the explosion of cloud-native apps and services, we now have an explosion of services and microservices, all talking to each other using different APIs. This has also drastically grown the number of unique APIs that are being used. As such, the number of clients has exponentially grown, between mobile, IoT, and other services calling each other, and data has become the new gold. So, the data, this precious thing, we are constantly handling it, manipulating it, and passing it off to other services which might or might not be safe. In general, there’s now a lot more to keep track of, and the interactions between everything are now more varied, more complex, and harder to keep track of. This is serious. Today’s app architectures have added a whole new attack surface at the API level.

One of the fundamental problems is that people don’t even know what APIs are being used and which APIs have a potential security risk, or which APIs could be used by attackers in bad ways. How can we get better visibility?

Better visibility is a must to be able to secure today’s cloud-native apps. To accomplish this, I believe the industry needs to shift to what we call Security Observability. Security Observability is the combination of service relationships, API DNA, data flow and risk, and user behavior analytics. Together, these give the visibility that is so critical for securing today’s apps.

Traceable extensively leverages AI and ML. But it can also be safely said that AI and ML are still evolving in several functionalities. Historically, one of the biggest difficulties for AI has been to distinguish between legitimate users and malicious ones. How does Traceable solve this problem differently?

One primary challenge for us when we were developing Traceable AI was developing algorithms to efficiently analyze massive amounts of data to trace user activities and detect anomalies and potential threats (traditional tools often focus on IP addresses – Traceable works with user identity). Our data science team developed advanced methods and algorithms to extract the accurate identity of the user from the data stream. They also developed unsupervised AI models to detect changes and anomalies, which are often indicators of malicious activity or attacks. As a result, our AI algorithm can continually learn and determine the difference between nominal and abnormal activity.

More specifically, AI has been adopted heavily and successfully where image processing or natural language processing (NLP) can be applied. This mostly applies to domains where the data on which models are built are mostly static and deterministic and large amounts of supervised data exist. The challenge in cybersecurity is that every environment is different. Similar to applications and APIs evolving, hackers are continuously evolving as well. So, fixed rules or static models don’t work. Instead, the predominant strategy used is anomaly detection, which is a strategy to discover the proverbial needle in the haystack. However, anomaly detection has been plagued with issues of false positives, primarily due to the algorithms lacking context. Traceable addressed this by building the Traceable platform that helps gather as much application context as possible.

The second issue plaguing solutions that use anomaly detection for cybersecurity is poor correlation capabilities. It is very hard to track the attacker’s path within a gamut of time-varying data of high statespace complexity. Traceable has taken a unique approach leveraging graph learning algorithms by breaking down the problem in a unique way to constrain the statespace thereby enabling these algorithms to become viable. I think the future of AI in cybersecurity is in leveraging graphs and understanding users within an application context. Graphs are hard to work with, but by constraining the state-space they become a viable solution to an otherwise complex problem. I think this fundamental change in thinking is what is needed to address the cybersecurity issues of the future. Using graph machine learning to track users and their data and how data flows through the system is the key.

Cybersecurity and legal teams have often been operating in silos, but this needs to change. Several times, inhouse legal teams handle some of their company’s most sensitive and confidential data, and law firms face an even more daunting security challenge, having to manage the highly confidential and privileged data of all their clients. How can you eliminate these silos?

More than with every company that collects sensitive data from their customers, law firms and legal departments especially need to make sure they are protecting their client’s data. The API vulnerabilities that lead to data breaches in all companies are equally as effective in software used by legal organizations. The difference is that in certain instances the legally sensitive data might be considered a more valuable target. But there is another part to this, which is the importance of being able to prove that the sensitive data is not being leaked. Auditing sensitive data flow was challenging before so many applications became cloud-native. Now, where this sensitive data can be handled by tens or hundreds of microservices distributed around the globe, tracking the flow of sensitive data is even more difficult. Keeping in compliance with sensitive data requirements now requires holistic visibility of how the sensitive data flows across the entire distributed application landscape.

Where is the future of AI and ML in cybersecurity headed?

In general, regarding AI and ML’s role in cybersecurity, I think today we still get a lot of eyes rolling up when we talk about this, because unfortunately there has been a lot of AI-washing, where companies have latched on to AI and ML as buzzwords, but never really deliver using it. But just like with cloud and cloud-native, there was a time earlier in the cloud hype cycle where this also happened (cloud-washing, cloud as a buzzword, cloud-everything without true customer value, etc). Eventually, cloud technology and the values it provides became real and clearly defined. The same thing will happen with AI/ML for cybersecurity, and I am proud that our team at Traceable is advancing the science and art to evolve this space towards that clearly defined state.

What is in store for Traceable?

Traceable will continue its mission to make businesses and the software they rely on more resilient, and we will continue to bring our expertise to the table to rethink how modern applications and APIs can be secured, both in production and preproduction. We have a lot of exciting capabilities on the way, which I don’t believe anyone else can do, and I look forward to being able to share them with everyone.

This interview first appeared in the July 2021 issue of CISO MAG. Subscribe now!

The post “I believe in building products and teams that are obsessed with customer success” appeared first on CISO MAG | Cyber Security Magazine.

By Dr. Serge Droz, Chair, Forum of Incident Response and Security Teams (FIRST), and Senior Advisor at ICT4Peace

What is AI?

The term goes back to a workshop at Dartmouth College held in 1956. However, today, roughly speaking, it leverages two mathematical disciplines – statistics methods and neural networks.

A good example of the former is Bayesian email spam filters – the statistical distribution of words in each message is calculated and compared to a number obtained from a corpus of legitimate and spam messages. The filters typically require access to large amounts of data before making meaningful predictions, which can become challenging. This is the reason that large mail providers, with access to millions of messages, have a much higher success of correctly classifying messages when users are also helping to tag spam messages.

Neural networks on the other hand are loosely inspired by the human brain; in a training phase, connections between strands of the network are adjusted to maximize a certain value function. No one understands what exactly happens in such a network, but they are very successful at recognizing patterns.

Access to curated training data is crucial for the proper functioning of these methods. This sounds easier than it is. Not only is a lot of data needed, but it must also be of good quality. Any error, or bias, in the training data will re-emerge in the classification, producing false positives and false negatives. A good example of this is face recognition. Most commercially available products have been trained on collecting images based on where the products are engineered. This has resulted in white males being accurately identified 99.5 % but falls way below 70% for women of color. Obviously, this is a problem when such algorithms are used in consequential decision making such as unlocking a phone or granting access to a secure facility, Examples like these are ample. But image recognition has been stunningly successful in some areas, e.g., medical diagnostics. One of the reasons is that most medical imagery is extremely well classified.

So, what is the reality for cybersecurity?

Traditionally security tools have been based on signatures – clear markers of malicious activity. Let us focus on one example for the moment. A classic example is virus scanners which look for unique characteristics in pieces of code. However, this method is becoming increasingly more difficult with the ever-increasing amount of malware – AV signatures are often updated several times per day. This is similar to the biological world – the flu virus is very adaptable, so the human immune system constantly needs to adapt to new versions of the flu.

So, could AI recognize generic patterns of malware? Indeed, most AV products today seem to contain AI and ML. Unfortunately, many of these algorithms are too naive and perform poorly under real-life conditions due to a bad understanding of the data on one hand and encryption on the other.

Classifying cat pictures by using pictures with cats, rather than pictures of cats will likely fail. It cannot be reiterated enough: training data must be of good quality. In recent years, however, people have begun to train classifiers on components of disassembled malware. And indeed, this seems to be a much more promising approach. It however requires a more detailed look at samples and an understanding of program code. Naively applying AI to blobs of data doesn’t work. This is tied to the second stumbling stone – encryption. Good encryption removes the statistical properties of the original data. Statistical classification will thus fail for exactly this reason. Malware authors today routinely encrypt and pack in the jargon to make the analysis of their malware more difficult.

Other applications

Machine learning (ML) or AI is generally useful when searching for complex patterns in large amounts of data. Typically, security specialists want to find hints of breaches and at the same time reduce the number of false positives. Breaches are, despite all, very rare compared to the many legitimate events making them difficult to spot by statistical methods. People have applied ML techniques to network anomalies, but with little success so far. Another area that seems to be popular is UEBA, User and Entity-based Behavior. This looks at the fact that attackers exhibit different behaviors from regular users. Unfortunately, regular users can behave in an extremely diverse fashion, so an action can only be labeled legitimate by evaluating the context of the action. This information gathering can be automated and runs under the term security orchestration.

A way forward

Today AI has very limited applications in cybersecurity. AI also has dangers, in particular bias.

AI works reasonably well with large amounts of data, but only a few organizations have an adequate volume for AI to be useful. However, the AI field is evolving rapidly, and it is certainly worth keeping an eye on new developments, some of which cannot be anticipated. Research is often not linear – it may well be that new paradigms will help solve some of the intractable problems. But more importantly, it’s too early to say goodbye to traditional signature-based detection methods. The bulk of cyber threats are still recognized using signatures, and new standards such as Yara and Sigma rules have moved the field forward. And interesting projects are trying to combine signature-based detection with AI.

It’s important to understand the underlying methodology when investigating AI solutions for your organization. Vendors need to be more transparent about what their AI solutions do behind the scenes. At the same time organizations need to invest more resources into understanding their data to profit from it, security or otherwise. Just collecting data and hoping a magical algorithm finds the golden needle may work in movies, but rarely works in reality.

About the Author

Dr. Serge Droz is a senior IT-Security expert and seasoned incident responder working at Proton Technologies. He studied physics at ETH Zurich and the University of Alberta, Canada, and holds a Ph.D. in theoretical astrophysics. He has worked in private industry and academia in Switzerland and Canada, among others as a Chief Security Officer of Paul Scherrer Institute, as well as in different security roles at the national CERT in Switzerland for more than 15 years. Serge is the chair of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organization of recognized global leaders in incident response, and a Senior Advisor to the Swiss-based ICT4Peace foundation. He also served for two years in the ENISA (European Union Agency for Network and Information Security) permanent stakeholder group. Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post What role does AI play in cybersecurity? appeared first on CISO MAG | Cyber Security Magazine.

In an interview with Augustin Kurian from CISO MAG, Palmer reflects on the bot attacks in 2020 and their success rates. He also talks about API security and the tools that hackers favor for attacks. The latter part of the interview has interesting insights on Group-IB’s fraud hunting platform and “smart” bot protection.

Edited excerpts of the interview follow:

Which were the massive bad bot attacks of 2020 that had your attention? Do you believe those could have been prevented? If yes, how?

In 2020, bad bot attacks were plentiful: threat actors resorted to bots frequently to automate the process of conducting fraud, which offered them greater outreach and, hence, higher capitalization of their crimes. The application range of bot attacks is impressive, with bots generating about 30% of Internet traffic. Cybercriminals often leverage bots to compromise users’ online accounts and steal their payment or personal data. There are also several known cases of bots being used as a means of unfair competition — to generate hundreds of negative comments or paid adsclicking.

In terms of scope, the e-commerce sector was often targeted by bad bots. This was due to the proportion of valuable content available on e-commerce websites, both without authentication, such as pricing and scope, and in users’ accounts; the lack of appropriate protection measures; or their ineffectiveness against bot threats. Group-IB has observed a number of large-scale bot-attacks aimed at getting access to users’ reward points in online stores, their travel miles, or even personal data. Such attacks were characterized by the high intensity of requests, totaling up to 90% of all website traffic at some point. Apart from direct financial losses, bot attacks can create inconvenience for legitimate users who might have problems accessing the website.

Most of these incidents could have been prevented if a proper mechanism for checking all the requests and their source was in place. The thing about AI and machine learning is that it’s used by not only good guys but by bad actors as well. To shield against advanced bot attacks, one should not only analyze the source of requests, the frequency of requests from the same IP address, but also behavioral parameters like whether the request was generated by a browser or some tool like Selenium, to imitate user activity, and if it is the result of the user’s activity in a mobile or web app.

According to your research, three out of 100 user sessions at banking and e-commerce portals worldwide appeared to be fraudulent, with malware attacks, social engineering, and bot activity as the top three threats for users of e-commerce and banking portals. Following the same chronology, among these top three threats, which sees the maximum rate of success?

These three attack vectors compete in effectiveness, and we often see that one attack vector serves as a continuation to another. We have recently seen online fraud with the use of a Trojan utilizing the Android Accessibility Service for the bot-generated money transfers in mobile banking. In addition, sometimes it is difficult to distinguish between these three vectors.

Bots, however, have been gaining popularity lately with the highest success rate. It relies less on the human factor. In addition, tools for bot development are becoming more unified, diversified, and effective, reducing the entry threshold for conducting bot attacks.

While there are automated bots that snatch the best deals and win giveaways, there are also dangerous ones that break into online accounts, steal users’ payment and personal data, and abuse APIs while imitating human behavior. Do you think the cybersecurity industry is giving enough to API security? 

We have seen a number of huge portals that have to deal with bad bots because of outdated and irrelevant security solutions. API abuse is something that is on the rise. While more and more financial institutions and services for banks utilize APIs to fill their apps with data, fraudsters are taking advantage of this. As a result, businesses need to analyze requests to their API…To read the full story, subscribe to CISO MAG.

This story first appeared in the February 2021 issue of CISO MAG.

About the Interviewer

Augustin Kurian is the Assistant Editor of CISO MAG. He writes interviews and features.

The post “Bot attacks can create inconvenience for legitimate users” appeared first on CISO MAG | Cyber Security Magazine.