"IT organizations and security vendors must change their approach to cybersecurity"
In this interview we asked Candace Worley about future threats, AI in IT security and the chances of automated processes.
We shouldn’t. However, combining the best of both machine and human capabilities will be the path to material improvements in both the security and safety of our IT infrastructure. Machines are brilliant at analyzing massive amounts of data very quickly – a task that would take a human or a team of human counterparts days or months to accomplish.
As the universe of digital, connected devices increases (on pace to reach 30B by 2020 according to IBM Analytics – estimates vary depending on sources used for these statistics), the amount of data being generated will be untenable without the power of artificial intelligence for analytics.
What machines struggle with is drawing meaning from the analysis they conduct. That is where humans add value. Where interpretation of data is critical to informed decision making, grey matter, matters.
The analytics accomplished through the raw computing power of machines in concert with the interpretive capabilities of humans is a powerful combination that together delivers more value than either of the individual elements standing on their own.
There will always be a need for human involvement even as machines take on more of the repetitive or time and compute intensive tasks of the IT and security teams. Right now, we don’t have enough skilled cyber professionals to fill open requisitions in the industry.
In 2017 McAfee worked with CSIS on a study named Hacking the Skills Shortage. We surveyed companies from 8 countries and found that respondents estimate an average of 15% of cybersecurity positions in their company could go unfilled by 2020. In fact, Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings by 2021 and there won’t be enough skilled professionals to fill them.
With this deficit looming on the horizon we must leverage IT automation for manual and repetitive tasks to allow skilled cybersecurity professionals to spend their time on tasks that require inspection, interpretation of analytics and decisions around remediation.
Even as artificial intelligence evolves to take on more complex tasks and becomes more “human like” in its ability to discern subtle differences and interpret rather than just analyze data, human oversight will continue to be pivotal in making decisions on how machine generated analytic insights get applied to cybersecurity policy and programs.
Based on my conversations with customers and partners, a few things come to mind. First, technology adoption is outpacing organizations’ ability to secure IT. In fact, in many cases new technology is being adopted before IT even knows it is being used. We see this with cloud and SaaS applications today and are seeing it, at an increasing rate, with IoT.
Many technologies that were used traditionally to secure on-premise IT don’t work well in cloud without modifications. In the case of IoT, many do not work at all due to the unique limitations of IoT devices.
Second, the pace and volume of cyber-attacks and the sophistication of adversaries today is unfathomable. As an industry, we could not have foreseen this magnitude of adversarial and threat evolution even 5 years ago, and it would be naïve to believe that it will not continue at the same pace in the future.
As an illustrative example of volume, McAfee’s Global Threat Intelligence Cloud processes 48 billion queries per day. That is 555,555 queries per second. In fact, according to McAfee’s April 2018 report, Winning the Game, an overwhelming majority (93%) of respondents believed the complexity of threats they will face over the next 12 months will increase, and nearly half (46%) admit they will either struggle to deal with this or that threat defense will be impossible.
Building cybersecurity solutions and architectures that can keep up with the pace of technology and adversarial change is a huge challenge today and will continue to tax cybersecurity teams in the future.
Finally, our workforces and their expectations of technology accessibility and usage are changing. Baby Boomers are retiring and they are being replaced by digital natives – employees who see little separation between their physical and digital lives or separation between their personal and professional lives.
Their expectation is that they have always-on access to the digital assets they need to do their jobs and live their lives. This poses significant challenges for the security teams responsible for ensuring the security of corporate assets in concert with the privacy of the corporation, its employees, customers and partners.
Both IT organizations and security vendors must change their approach to cybersecurity. Both must build solutions and architect IT systems that are resilient, adaptable and collaborative. Solutions need to learn from what they have seen in the past and apply those learnings automatically so that incident responders are notified more quickly and policies are modified automatically or, at a minimum, recommendations are automatically generated for human consumption and application.
Where possible, systems need some form of self-healing, making them resilient to attack. For example, if ransomware hits a system it can be rolled back to a recent, unaltered version of the image. Additionally, security solutions must be able to share what they learn in real-time with each other to eliminate the likelihood that we block an attack at one point in the network only to have it penetrate the network somewhere else. Finally, solutions must be capable of sharing threat information in real-time, regardless of vendor.
When we talk to the Incident Response team in our professional services organization they report often finding that a compromised organization blocked an attack on their IT infrastructure at one point in their network and yet were compromised by the exact same attack at a different time at some other point in their network.
Many customers, for a myriad of reasons, use multiple vendors to secure their IT infrastructure. According to Winning the Game, organizations have, on average, 8 cybersecurity solutions and 7 cybersecurity vendors. With this proliferation of solutions and vendors, just over three-quarters (76%) of respondents agree that their organization’s cybersecurity would be much safer if they implemented an open platform for integrating all their security solutions from multiple vendors.
The ability for different cybersecurity solutions from different vendors to automatically share information with each other in real-time makes a material difference in both the speed and accuracy of response in the event of a breach, and in many cases, increases the organizations level of proactivity. McAfee has led the industry in this area, with 130+ partners in our Security Innovation Alliance (SIA) program.