AI focuses more on detect-and-respond
PREVENTION IS NO LONGER VIABLE AS THE SOLE FOCUS OF CYBERSECURITY STRATEGY, EXPERTS SAY
There is a major shift happening in the cybersecurity world. It is no longer enough to try to prevent an attack. Today, the ability to detect and respond to an attack is just an important, according to industry experts.
“A lot of the attention in the past years have been in building big and powerful systems to prevent the attacks. It is important to build a mechanism to prevent the attacks but I need to have the intelligence to detect and respond if I am attacked,” Hani Nofal, vice-president for intelligent network solutions, security and mobility at Gulf Business Machines, told Gulf News, on the sidelines of the sixth edition of the Gulf Information Security Expo and Conference (Gisec).
He said that companies looking to build the biggest system need to remember the Titanic, which sank on her first journey.
“The first lesson we learn from that is that they did not predict or detect the iceberg before it got hit. There was lack of proactive detection or prediction mechanism. The second learning is that responding to the accident. They did not have enough lifeboats and they left with one-third of the capacity,” he said.
“As the rise in threat continues, so has the demand for a comprehensive and responsive cyber defence on a much grander scale than previously thought possible. The threat looms like a dark cloud as it is fast becoming the reality that it is no longer a case of ‘if’ they break through your defences, but ‘when’,” he said.
Prevention methods
However, he said that only one-third of the organisations in the region are taking prediction and response method, while two-thirds of organisations are still focused on traditional prevention methods.
Lee Lawson, counter threat unit special operations at SecureWorks, said that organisations are coming to realise that a 100 per cent prevention is an impossible
dream and that actually rapid and accurate detection of threats, and also the knowledge of how to effectively respond to
them, is the better way to reduce risk to the organisation.
“Something we are seeing is that about 50 per cent of respondents to a survey say that they are involving business leaders in their response and their cyber threat practices in their organisations.
“While this is encouraging that does mean that about 44 per cent do not have the board level investment and backing of their cybersecurity. That has many ramifications and downstream on how effective an organisation can be,” he said.
Nofal said that it is difficult to stop 100 per cent of all the attacks, so it’s important to shift some investments into resources that will help in detection of incidents and responding efficiently.
“Organisations need to balance their investment in prevention, detection and response to ensure an effective security strategy execution. Do not deploy security solutions in silos. Understand all risks associated whether it is people, data or application security. Choose solutions that can integrate with each other to provide maximum visibility at all levels,” he said. Nofal said that 62 per cent of the organisations in UAE, Bahrain, Oman and Kuwait want to invest in Artificial Intelligence for cybersecurity to predict attacks better.
“These technologies are here and organisations should be ready to embrace them so as to improve the efficiency and accuracy of detection and response. Develop use cases where these technologies will add value to you and your business before investing,” he said.
“Prevention is no longer viable as the sole or even main focus of your security strategy. Detection, response and prediction are driving factors behind an AI-based adoption with Gulf organisations. Either AI will help in bridging the gap in human skills or create a new skill set requirement which the new generation needs to be ready with,” Nofal said.
As the rise in threat continues, so has the demand for a comprehensive and responsive cyber defence on a much grander scale than previously thought possible.” Hani Nofal | Vice-president for intelligent network solutions, security and mobility at Gulf Business Machines