IT leaders should keep track of developments in cyber security standards and best practises related to the implementation of new technologies
When asked how the bandwagon of emerging technologies will reshape future cyber security operations, Vimal Mani, Head of Information Security, Privacy & IT GRC Programs (CISO & DPO) at Bank of Sharjah, in an exclusive interview with CIO News, said, “Cyber-attacks these days keep changing their objectives, such as manipulating data, causing hardware failures, and impacts to cyberspace. While the number of cyber-attacks is increasing phenomenally, the existing technology-driven cyber resilience capabilities won’t be sufficient enough to manage these disruptive-natured cyber-attacks. To effectively address this, every organisation should consider reviewing and replenishing the technology stack they have in place to prevent, detect, and respond to cyber-attacks and reduce the attack surface of the organization. The global technology market is becoming more and more proliferated with the arrival of various disruptive technologies, which have the potential to reshape the existing cyber security practises and take them to the next level. To name a few, technologies such as Block-chain, Artificial Intelligence, Machine Learning, Data Science, and Analytics are considered to be the ones that are going to upscale the cyber resilience capabilities of organisations worldwide. The investments made in bringing these technologies to practise for improving the existing cyber resilience capabilities are witnessing a surge globally.
When asked how block-chain technology will improve cyber security operations, he said that implementation of block-chain technology platforms can improve the cyber defence capabilities of organizations. Block-chain technology can be used to prevent various kinds of cyber-attacks and cybercrime activities. It could also help in improving operational resilience, data encryption, auditability, and transparency of various electronic transactions carried out in an organisation on an on-going basis.
Block-chain technology is considered by many global organisations to boost their online security systems. The following are key reasons for block-chain technology to be considered in boosting cyber security operations:
- The decentralized, immutable ledger system of block-chain technology keeps records of digital transactions in a much more secured manner, which can’t be tampered with by hackers easily. This immutable block-chain technology can establish a trusted platform for carrying out sensitive transactions without the need for any intermediary.
- As a cryptography-driven distributed ledger system, block-chain technology enables organisations to carry out trusted transactions among untrusted participants in the network.
- As block-chain-driven systems can be synchronised well across multiple systems, it will not be an easy job for hackers to target and attack the information stored in a block-chain network. The blocks comprised in a block-chain network have information chunks which are linked to each other. As this information is not concentrated in one centralised place, it will be impossible for hackers to attack and steal the information stored in blocks of a block-chain network. That’s why many global organisations are showing an interest in implementing block-chain-driven security systems.
- Applications designed and developed based on block-chain technology can maintain the integrity of data better than other technologies. A system based on block-chain technology must store original data as hashes and files in the system using a keyless signature structure. In brief, it can detect any change made to the original data. With such capabilities, block-chain technology is considered as one of the technologies of the future that will reshape the cyber security practises of global organizations.
- The versatile nature of block-chain technology is another important reason why organisations prefer to use it for ensuring the security of systems and transactions. From applications such as electronic voting to commercial banking applications, block-chain technology can help in ensuring the security and privacy of these activities or transactions performed by end users using these applications. Block-chain’s adaptability is evident in banking, government, healthcare, retail, and supply chain management. The easy identification capability of block-chain will make the systems used in these industries secure and fool-proof. With the implementation of block-chain technology, information about user identity is auditable, traceable, and verifiable. A block-chain-based identity management system will not store end-user information. The smart contract capability of the block-chain technology enables controlled disclosure of data by end users.
When asked how artificial intelligence (AI) will improve cyber security operations, he stated that AI is gradually gaining traction and being integrated into security policies and strategies of individuals, businesses, and governments who want to use AI in their cyber defence plans against cybercrime, cyber-terrorism, and cyber-warfare, all of which are highly sensitive to critical infrastructure protection and national security. Implementation of security use cases with support from AI can be useful in solving and automating a plethora of security issues faced by individuals, organizations, and governments. The key reasons for the usage of AI in boosting cyber security operations are the following:
- AI can effectively manage cyber threat intelligence and support security analytics to manage cyber-attacks such as advanced persistent threats (APTs)
- Negative threat scenarios include organised cybercrime, state-sponsored attacks, and zero-day exploitation. With its assisted intelligence, augmented intelligence, and autonomous intelligence capabilities, AI can help in preventing these attacks. Assisted intelligence will improve cyber-attack prevention activities that are already happening. Augmented intelligence will enable people and organisations to initiate cyber-attack prevention activities that are not done today. Autonomous intelligence, which is being developed to prevent cyber-attacks targeting connected devices such as wearables, self-driving vehicles etc., which are in widespread use now
- AI techniques can be used in identifying cyber-attacks targeting the network perimeter of an organisation and help in supporting the implementation of well-defined network protocols
- AI can help organisations implement effective vulnerability analysis, leading to the mitigation of critical vulnerabilities
- AI can enable the search of massive amounts of data to create meaningful alerts. These alerts will give the cyber security team of an organisation insight into sensitive security loopholes. AI can track all the security loopholes with good visibility, which will help in identifying and preventing the loopholes in a proactive manner well in advance. This saves a significant amount of time and effort
- Quick security automation can be enabled by AI
- AI can support organizations in data mining, interpreting and data extraction from Big Data Environments based on which sensitive informed decision-making can be made such as Cyber Defence Strategies of Governments and Big Corporates. The machine learning algorithms supporting AI implementation can empower cyber data scientists to better understand big data environments and gather meaningful insights about the potential cyber threats that exist in those big data environments. Implementing big data analytics solutions will aid in the collection of useful information from network flows, sensors, and security incident and event management systems (SIEM), allowing the business to detect and respond to intrusions in a proactive manner.
When asked how machine learning will improve cyber security operations, he said, “The good old rules-based and behaviour-based cyber security operations are helping us to detect only well-known cyber-attacks, which can’t prevent the new age innovative cyber-attacks.” This machine learning technology assists IT and security leaders in addressing this weakness, which aids in preventing hacker attacks through information mining, pattern discovery, and drawing inferences from mined data. Machine learning has become an inevitable technology for cyber security professionals. Machine learning assists cyber security professionals in detecting cyber threats in advance by identifying attack patterns and mapping attacks to TTPs. With such support, machine learning helps in evolving the role of cyber security professionals in newer directions with the arrival of new roles. Machine Learning helps by evolving cyber security roles such as SOC Analyst, System Administrator, and Network Administrator and by introducing new roles such as cyber data scientist, machine learning expert, etc. Key reasons for the usage of machine learning in boosting cyber security operations are the following:
- Machine learning helps organisations to have new capabilities such as User and Network Behaviour Analytics, Intelligent Prediction, and advanced network threat detection. Organizations can use these techniques alone or together in conducting an effective threat hunting exercise, which will help in identifying IOCs (Indicators of Compromises) and TTPs (Tools, Techniques, and Procedures) used by hackers
- Intelligence collection, triage, and analysis of SOC can be improved
- Machine learning assists IT and security leaders in evolving their functions into an agile organisation capable of effectively managing its threat landscape.
- Machine Learning advocates proactive threat hunting that will help organisations handle cyber-attacks in an effective manner. Threat hunting is a collection of techniques used for searching and detecting indicators of compromise (IOCs), tools, techniques, and procedures (TTPs) used by hackers in launching successful cyber-attacks. Hypotheses-based hunting is one of the very effective threat hunting techniques that extensively uses machine learning
- Machine learning can learn characteristics of known malware to predict potential malware infections that signature-based approaches would normally miss
- Machine learning can learn about deviations happening in normal network traffic in real time, which will help in saving too much time spent in manually reviewing the network logs to predict potential anomalies
- Machine learning can study the patterns of malicious traffic occurring at the network perimeter and significantly improve intrusion detection capability to prevent attacks
- Machine learning algorithms can help in integrating multiple security analytic products, which will help in improving the threat prediction and threat prevention capabilities
When asked how data science will improve cyber security operations, he said that cyber security data science is an emerging practise globally to prevent cyber-attacks. Cyber security data science is a practise adopted by security monitoring professionals for identifying cyber-attacks targeting critical infrastructures. The data-focused approach of data science is coupled with robust machine learning techniques, which will result in better identification of potential cyber threats. Implementation of cyber security data science will help organisations with robust machine learning algorithms that will analyse current and historical information about cyber-attack attempts and successful intrusions. Cyber security data science will help in finding meaningful patterns, which will help in detecting possible intrusions and future attacks before they happen. The key reasons for the usage of data science in boosting Cyber Security Operations are the following:
- Data Science is a field of study which combines knowledge of mathematics and statistics to extract meaningful inferences from normal and big data environments
- Data Science offers a scientific approach to identifying cyber-attacks on critical infrastructures. It uses a data-focused approach driven by machine learning techniques, which helps in identifying and preventing emerging cyber-attacks
- Data science can be effectively used to analyse big data environments for identifying and preventing cyber-attacks. This predictive approach to data science will increase the cyber resilience capability of critical information systems to fight well against emerging cyber-attacks by finding meaningful patterns that will help in detecting possible intrusions and future attacks before they happen
- Data science combined with machine learning can help in finding meaningful correlations in the system and network related logs generated
- Implementation of data science helps organisations come up with structured hypotheses around cyber security risks. This helps organisations understand their cyber threat landscape in a much better manner. This capability of data science really helps in ensuring that there are very few false positives seen regarding instances of spam emails and malware. This helps in better planning as well. A false positive can show a genuine email message as spam, which would have been incorrectly identified as spam by spamBlocker. A false negative can be considered as a missed spam which may not be correctly identified as spam by spamBlocker
- Data science can be effectively used by leaders in making informed choices based on the analysis of normal and big data
When asked how security analytics will improve the cyber security operations, he said, “Security analytics is emerging as a new practise as an extension of the current detective controls, such as SIEM, by extracting actionable cyber security intelligence from big data environments and analysing the data sets to arrive with insights on improving the existing cyber security posture. The key reasons for the usage of security analytics in boosting cyber security operations are the following:
- The Security Analytics capability can help SOCs by collecting and analysing a wide range of cyber security intelligence and processing it to gain meaningful insights into new security measures that should be implemented in an organization
- Security analytics helps organisations extract actionable insights from the high volume of data sets collected with the help of advanced pattern mining and ad-hoc analysis. With ad hoc analysis, users can have the critical insights they need to make better business decisions with no support from outsiders such as the IT department. Typically, an ad hoc report will be more of a visual report, which will be easy for even a non-technical audience such as the senior management team to understand. Using pattern mining techniques to analyse databases and event logs will aid in the detection and decision making related to malware, system and network security
- While legacy cyber security solutions mostly rely on pre-defined patterns and scenarios modelled based on an existing knowledgebase of previous attacks, statistics driven security analytics solutions can map the normal behaviour of critical systems and flag any dynamic anomalies
- Integrating security analytics solutions with the existing SIEM solution will help organisations reduce the false positive alerts received by the SIEM solution.
- By analysing the historical logs with security analytics solutions, atypical behaviour patterns can be identified very well
- Network traffic analytics help in determining if login activities are legitimate or not
- Unusual data movements can be detected by applying analytics solutions to network traffic and identifying any data, or specified thresholds of data volumes, moving from an internal server to an external location
- Security analytics solutions will enable organisations to come up with deeper and more accurate security intelligence and actionable insights, which will help organisations detect and prevent cyber threats in a proactive manner
He highlighted that it is evident that going forward, cyber security operations will become more reliant on automation and new age technologies. The introduction of new technologies such as Blockchain, Artificial Intelligence (AI), Machine Learning, and Analytics has paved the way for the development of innovative techniques for improving organizations’ cyber security posture. With their capability to drive predictive analytics, threat prevention, and mitigation, these new age technologies are expected to play a key role in improving the cyber defence and cyber resilience capabilities of individuals, organizations, and governments in the future. The economic impact of large-scale cyber-attacks and the proliferation of digital transformation efforts globally necessitate security leaders considering effective orchestration of new age technologies to reduce their organizations’ cyber-attack surface. The following recommendations need to be given appropriate considerations which will help in ensuring a robust cyber security operation which will be well aligned with these new technologies:
- Cross-functional security knowledge exchange, education, and training initiatives should be pursued in order to develop knowledge of cutting-edge, best practices, methodologies, tools, and techniques related to new technologies
- Focused competency development activities should be undertaken to develop the critical competencies related to the implementation of new technologies
- A detailed gap analysis needs to be performed and, based on the gaps identified, policies, procedures, and guidelines need to be standardised for implementing the new technologies.
- Enterprise architecture and security architecture need to be revisited, taking into account the future implementation of new technologies
- The maturity of currently implemented cyber security solutions needs to be reviewed in line with the potential threat landscape of new technologies.
- IT leaders should keep track of developments in cyber security standards and best practises related to the implementation of new technologies
Vimal Mani, CISA, CISM, Six Sigma Black Belt, is the head of the information security department of the Bank of Sharjah. He is responsible for the bank’s end-to-end cyber security program, coordinating cyber security efforts within the banking operations spread across the Middle East. Mani is also responsible for coordinating the bank’s wide cyber security strategy and standards, leading periodic security risk assessment efforts, incident investigations and resolution, and coordinating the bank’s security awareness and training programs.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics