RSA 2018 Preview: Companies Are Still Wrestling With AI’s Role in Cybers
The fiercest debate at the 2017 RSA Conference centered on the degree to which artificial intelligence (AI) might be able to replace cybersecurity professionals. At the RSA 2018 Conference there’s likely to be more grudging appreciation of what can be accomplished using, for example, machine learning algorithms. But it’s also clear that those algorithms are not going to replace the need for human cybersecurity professionals any time soon.
AI provides a lot more visibility into cybersecurity threats that are now regularly launched by bots. AI can also provide suggestions regarding what needs to be remediated once a threat is discovered. But cybersecurity personnel are still needed to analyze the full extent of any series of threats, said John Kuhn, senior cyber threat researcher for IBM X-Force.
In fact, most organizations still wrestle with cybersecurity fundamentals such as how to more effectively install patches to defend exploits that have already been well documented. AI will one day play a bigger role in that process.
The Tide is Turning
Nevertheless, the latest IBM X-Force research suggests the number of compromised records in the last year stood at 2.9 billion. That’s down from four billion the year before. Billions of anything, of course, is still a large number, but a decrease of that magnitude suggest cybersecurity is improving.
“The tide is starting to turn,” Kuhn said.
Research from Micro Focus supports that conclusion. The company’s annual State of SecOps 2018 report concludes organizations are automating security incident investigations and making use of deception grids (formerly known as honey pots) to identify breaches and potential threats more quickly.
Organization are also starting to pool their security expertise to help make up for the ongoing shortage of trained cybersecurity personnel, said Matthew Shriner, vice president for professional services security at Micro Focus.
“The security maturity level of a lot of organizations is improving,” Shriner said.
Many organizations also are concluding they will never have enough cybersecurity expertise to combat the level of threat. Those organizations are opting to rely more on the expertise of managed security service providers (MSSPs), Shriner said.
Despite that prognostication, however, other research suggests cybercriminals are getting better at targeting their attacks, most notably in the form of high-profile ransomware that recently paralyzed the IT operations of the city of Atlanta.
A new Global Research Report from Trustwave, a provider of managed security services and penetration testing services, identifies phishing and social engineering as the leading method of compromise (55 percent), followed by malicious insiders at 13 percent, and remote access at nine percent. Many breach incidents show signs of careful planning using commonly well-known methods. Cross-site scripting (XSS) was involved in 40 percent of attack attempts, followed by SQL Injection (SQLi) (24 percent), Path Traversal (7 percent), Local File Inclusion (4 percent), and Distributed Denial of Service (DDoS) (3 percent).
“It’s easy to buy an exploit kit,” said Brian Hussey, vice president of cyber threat detection and response for Trustwave.
Unfortunately, Web applications remain especially vulnerable. A full 100 percent of web applications tested by Trustwave displayed at least one vulnerability with 11 as the median number detected per application.
No one is quite sure yet to what degree the rise of DevSecOps might curtail the number of vulnerabilities that regularly appear in applications. But given the relative immaturity of DevOps processes inside most organizations it may be a while before better application development processes make an impact on cybersecurity.
IT and cybersecurity professionals gathering at RSA next week will undoubtedly hotly debate all these issues. The good news for now is that spending on cybersecurity is at an all-time high. The unspoken challenge for the coming year will be showing a demonstrable return on those investments.