In the age of Industrial Revolution 4.0, cybersecurity has become a more pressing and disturbing concern for both boards and senior management globally. As a result, many organizations have begun to broaden the scope of information security functions in various ways. The goal for any business leader is to make well-informed decisions about safeguarding organizations’ assets against both accidental and malicious damage.
I strongly believe that an effective cybersecurity field requires much more than sophisticated technology, not limited to but including the acquisition of skillful and knowledgeable personnel, a well-engineered operating model, and effective security architecture and governance structure, with proper oversight and organizational agility to keep up with rapid technological advancement that could leave any organization behind. Organizations can effectively prevent sophisticated cyberattacks from inflicting damage to businesses by predicting cyberattacks in their early stages, responding to them in real-time or near-real-time, containing them, and safeguarding assets based on their significance. And that is achievable through implementing and incorporating machine learning and artificial intelligence technologies with a significant amount of process automations.
The old model of doing things is not going to work anymore; the security perimeter model is already dead and encryption control alone is insufficient. So many large organizations spent millions of dollars on perimeter controls, yet they are unable to keep up with the resources demanded to defend against several kinds of attacks. I strongly believe that understanding what is involved with active defense strategy may be the first step to pave the way toward implementation success of AI technologies to build effective and efficient learning models using the same old strategies with new tools – in other words, a strategy that is powered by smart minds to design, engineer and operate models incorporating AI technologies.
Predicting cyberattacks before they occur is a significant pillar to enable organizations to examine the threat environment and see whether they are already under attack, identify vulnerabilities and enable early attack detection. This is a data-driven approach that is very significant. Bringing cybersecurity experts to an organization can also empower organizations in making proper assessments to develop thoughtful insights about their security posture, helping to establish risk-based thinking and decision-making.
Establishing and engineering effective processes through orchestration and automation systems to deal with the ever-increasing number of security and performance warnings and events, businesses also must embrace and leverage big data, machine learning and AI technologies to build tailored models that fit their organizational context.
Implementing defense-in-depth has huge significance in security as organizations build layers of defense to keep the company’s most valuable assets secure. There is a need to develop an IT strategy that organizes and prioritizes security-related technology investment. It is noteworthy that protecting assets must be proportionately commensurate with an asset’s value in terms of its criticality and sensitivity.
Shifting to an active-defense strategy necessitates organizational leaders realizing that cybersecurity needs top-management commitment and oversight, proper funding and performance incentives. Organizations that want to deploy an active-defense approach must also understand that typical working habits must change, and the mindset must be shifted toward non-linear thinking. Some of these changes may be undesirable. Organizations are always evolving, and human behavior is unpredictable.
Two commonly used techniques are intrusion detection and anomaly detection. Intrusion detection systems scan for previously known malicious signatures. Such systems, however, may overlook new indications of compromise or attack, since they are functioning to detect predefined signatures. They may also have difficulty differentiating between benign and malicious activities, such as benign internal communications. Anomaly detection systems operate in the other direction. Instead of looking for well-known attack signatures, they seek anomalous activity, such as an unusual surge in traffic, or authorized login outside working hours. Organizations with an active-defense strategy integrate both systems and anomaly detection systems to enable more comprehensive detection with higher accuracy.
Organizations are becoming more vulnerable as their complexity increases. Changing to an active-defense strategy by integrating analytics engines and threat intelligence with artificial intelligence capabilities can be useful. The best starting point is considering a balanced strategy of adopting AI technologies that are aligned with business goals. Without leveraging the huge computational power and AI technologies that are available now, we will keep struggling for years to come defending bad actors. Adopting sophisticated AI technologies can help organizations reduce complexity and save time and effort on day-to-day security activities to derive efficiency and effectiveness in daily operations while also being better prepared for emerging threats. Such sophisticated technologies are both a weapon against current threats and a long-term investment if acquired and operated the right way. AI technology is becoming more widely available, so there will soon be no excuse for any organization to put off implementing AI to thwart cyberattacks. It is preferable to be ahead of the curve and begin developing a robust custom AI model tailored to your organization’s needs and leverage these technologies before it is too late.
Editor’s note: For additional insights on this topic, download ISACA’s new AI Uses in Blue Team Security white paper.