Experts at the August 4 episode of MapleSEC 2021 didn’t mince words when it came to discussing cybersecurity. At the event, they reiterated that no one is immune from becoming a victim, especially given that remote work has lent malicious actors a wider surface of attack.
But what should organizations do? For starters, ask the right questions, said ITWC chief information officer Jim Love in the opening remarks.
“Fundamentally, what do we need from our cybersecurity systems?” said Love. “I think we need them to help us detect threats earlier, make decisions faster and under enormous pressure to provide better investigations.”
George Nastasi, associate partner of threat management cloud and cognitive software of IBM Canada, painted the complexity of the security landscape in broad strokes.
“Things progressed over the years with the adoption of cloud-facing multi-hybrid cloud environments,” said Nastasi. “And now we have AI, quantum and IoT security. That means more interconnected IT systems, more things to look at and protect. And that comes with more inherent threats to handle as well.”
AI is integral in defending against modern threats
IT leaders need the right tools to be able to react quickly and precisely. As Nastasi noted, the traditional way of manually monitoring and investigating incidents doesn’t cut it anymore in today’s threat landscape. As cyberattacks evolved, so has the number and complexity of the solutions designed to counter them.
Many security solutions today use AI to sniff out trouble before an attack starts. Nastasi gave a poignant example with threat detection. He noted that 50 to 60 per cent of security events on average are potentially false positives or benign. Instead of toiling for hours over non-issues, machine learning can expedite the process by running these events through algorithms, saving massive amounts of time for high-priority items.
Moreover, AI can match patterns and pull up relevant information in just seconds for deep analysis.
But Love warned that although it’s effective, leaders need to make informed decisions about solutions that are advertised as AI capable.
“AI is a buzzword at the moment. And not everything labelled AI is truly what AI should be, especially with an increasing number of companies jumping on the AI bandwagon,” Love explained. “Most of today’s AI offerings don’t actually meet the AI test. They may use technologies to analyze data and let results drive certain outcomes, but that’s an algorithm, not AI. It’s not coming close to reproducing the cognitive abilities that real AI employs to automate tasks.”
AI goes both ways
While AI is helping to safeguard organizations from catastrophic losses, threat actors are applying AI in nefarious ways. Nastasi said that cybercriminals are using AI and automation to execute large-scale attacks with relative ease. Email-based attacks, social engineering, and defeating facial recognition are just a few of the threats AI is bleeding into.
“Not only can I take the data that was breached from a company, I can now combine that together perhaps with some publicly available information,” said Adam Frank, chief technology officer of Security Intelligence at IBM Canada. “Stuff we’re posting on our own social media, LinkedIn, things like that. We can combine that information together, or the criminals can combine it together, and then use that in a much more targeted manner when they’re targeting their attacks against our organizations.”
Frank described how AI has reduced the tedium in constructing targeted profiles, allowing threat actors to more easily impersonate a figure.
The cat and mouse game between cybercriminals and security researchers is always ongoing. There are now many ways in which the profiling techniques can be defeated. For example, security solutions can now detect deviations in a user’s behaviour and raise a flag when it performs an action outside of that norm.
Transparency and selecting the right data are still the biggest hurdles for AI
AI engineers and researchers have long grappled with choosing the right data. Just because there’s an abundance of datasets doesn’t mean they’re all fit for use in training. Ali Dehghantanha, a threat intelligence researcher at the University of Guelph, pinned data filtering as the weakest link in training an AI successfully.
“If you train it wrong, it’s really just doing the wrong thing forever,” said Dehghantanha. “Unfortunately, a lot of data sources that we have our biased, are incomplete. And when you are training an engine that has learned to make these decisions automatically, on the scale, you are just increasing the problem significantly all around.”
Dehghantanha also underscored the nebulous decision-making process in an AI system. Once the AI/ML model has been sufficiently trained, it’s extremely difficult–sometimes impossible–to pinpoint what parameters the model used to arrive at the result. This poses a challenge for digital forensics, where the investigator needs to know how decisions are made.
“There’s a real need for education and knowledge in this area because of the pervasiveness and the increased solutioning that’s using these capabilities,” said Cindy Gordon, CEO of Saleschoice. “We really need to ensure that there’s strong diversity and inclusivity in terms of the solutioning development in the field of AI. We all know that diverse cultures drive high-performance outcomes, and we need to attract more women and sustain them in these areas as well. We need multicultural representation. It’s so important, especially as you’re going through defining the problem and looking Got the data source to make sure it’s just not historical data. “
Speaking on increasing cybersecurity talent, Cybereco CEO Marcel Labelle highlighted the need to rethink talent acquisition not just in Canada, but globally as well. Echoing Gordon’s sentiment, Labelle also noted that attracting foreign talent will be key in filling the vacuum in the cybersecurity job market. Additionally, the industry needs to help demystify what a career in cybersecurity entails. Labelle recommended that it be promoted at all levels both in education and corporate environments.
“To attract more talent…we need to promote diversity. I think there are some initiatives, like women in cybersecurity, but we need to attract people from minorities. Also, we need to look at promoting internally. Cybersecurity, sometimes, it seems that we or many people see cybersecurity in terms of the technical side, but it’s not the case. We need different skills. in cybersecurity these days. The leader portion is also developing new talent.”
To cap off his segment, Labelle said organizations should actively work with universities and colleges to develop new programs and make sure they’re accessible to everyone who’s interested.
