In cybersecurity, new threats and vulnerabilities appear at break-neck speed – faster than any one security team or analyst can manage. As new technologies create opportunities to innovate and streamline, businesses must weigh the benefits against the associated security risks.
If the security incidents of the past 12 months have taught organizations anything, it’s this: it’s not a matter of if, but when an incident will occur. As such, cybersecurity is a top-of-mind business imperative – even at the C-Suite and Board levels.
As organizations adopt next-generation technology, such as machine learning, artificial intelligence (AI) and Internet of Things (IoT), business leaders must work with their security teams to ensure risk management isn’t an afterthought.
What risks should organizations be preparing for, and what trends should security teams begin embracing to manage digital risk?
Jon Ramsey and Dr. Zulfikar Ramzan, Chief Technology Officers for Secureworks® and RSA®, respectively, explain how the adoption of new technology and investment in digital transformation accelerates risk and share key recommendations to address new vulnerabilities without restricting technological innovation.
Watch the full video here, and see some of the highlights from this discussion below:
What should organizations do to better secure their organization when pursuing digital transformation?
Dr. Zulfikar Ramzan: I think having a security mindset from the beginning is very powerful. So, the first step is taking a step back, identifying what matters most to the organization (at a business level) and making sure the security strategy aligns with the overall business strategy.
Jon Ramsey: A business-driven approach to security is crucial. I would say the strategy also needs to include not just technology, but the people and process components to really be effective – and you probably want to include threat intelligence with that. So, you’re not defending yourself from everything all the time; you’re defending yourself from the things you need to defend yourself from. You need to defend what’s important to the business.
With the proliferation of IoT, connected devices and AI, do you think there’s now a need for standardized security guidelines?
Jon Ramsey: In the IoT space, it’s important that it’s a market-led initiative and not necessarily a regulatory compliance initiative. It’s also important that the market, when necessary, (like medical devices) will force the kind of resiliency and security you need in a device like that. I think what’s happening now in this market is the IoT providers assume the environment defends the IoT device while the environment providers assume the IoT devices are [inherently] secure. And so, the assumption between the two results in vulnerability.
Dr. Zulfikar Ramzan: The average consumer doesn’t understand the nuances of security. So, I think it’s going to have to be a healthy balance in trying to create some guidelines. I don’t want say the word “standard”, because that’s too force-fitting and rigid, but maybe guidelines. Maybe there’s some equivalent of a UL certification related to IoT devices, and people who are certified against it can find ways to market that as an advantage. I’m not sure that’s the right solution. I think that’s one of many possibilities, but without some type of overarching framework to think about IoT security, our consumers are going to be left in the dust in terms of figuring out the right thing to do.
In thinking about IoT and AI, there’s real opportunity in the security operation center (SOC) environment to leverage these tools. Do you agree?
Dr. Zulfikar Ramzan: I think the reality is that we don’t have enough analysts out there to deal with every single security issue that we can possibly handle. Artificial intelligence acts as a force multiplier. It makes analysts, to some degree, more powerful. You could use AI to surface the most relevant, interesting events. You could use AI to detect interesting events, as well, and reduce the load on the analyst. To me the third place where AI will be used in the SOC, is to learn how you do effective response automation and orchestration. That is a burgeoning area because the reality is, everyone’s got all these vendors and they’ve got to make all these technologies work together. By applying analytical techniques, including machine learning and AI, we’re going to be able to find new ways to orchestrate technologies and really help the security operation center out considerably.
Jon Ramsey: We want analysts spending time - as threat actor tactics change - studying the threat actor tactics and then supervising the machine learning model to be able to learn those new tactics, to then be able to effectively drive up the competence of the artificial intelligence systems.
Author: Dr. Zulfikar Ramzan, CTO, Jon Ramsey, CTO
Category: RSA Point of View, Blog Post
Keywords: Cyber Security, Artifical Intelligence, Internet of Things, IoT, Machine Learning, Security Operations