Artificial Intelligence (AI) and automation have become critical to security. The sheer volume of attempted attacks means that it is impossible for human analysts to examine them all to identify real and serious threats. AI and automation can filter and validate the real threats and isolate breaches before they can cause serious damage.
By Lukas van der Merwe, specialist sales executive: security at T-Systems South Africa
In terms of preventative security, it is also possible to teach AI to look for patterns that precede an attack, such as malware signatures or specific sequences of events. This can provide an early warning to head off more attacks before they successfully breach a network.
The usage of AI and automation is also driven by the fact that cybercriminals are leveraging these capabilities to breach systems. So, if they do not form part of security solutions, it is not possible to effectively counter attacks. AI and automation are not replacing humans by any means, but simply enabling us to keep up.
The IoT complicates matters
As the nature of the threat evolves, security must adapt too. However, the challenge is compounded by the blurring of the physical world with connected technology as a result of the growth of the Internet of Things (IoT) and increasing numbers of connected devices. For example, physical security devices such as access control systems, digital locking mechanisms, security cameras and more have all become dependent on IT infrastructure to function. This introduces a number of issues.
When devices are connected, criminals can potentially access them to physically disable them, or they could use these devices as a gateway onto the network. The default setting is not secure on many devices, leaving a loophole to be exploited when connected to home and office networks. While cameras, facial recognition, access control and so on enable improved security and transparency in operations, it is essential to ensure these devices are properly managed and controlled. Best practices around security need to be followed, including changing passwords and having devices like IP cameras on a separate network to data and personal devices.
New technology is coming to the fore
Passwords and dual-factor authentication are the gold standard of current security practices. However, they are clumsy, difficult, inconvenient and fallible. People frequently use the same password for multiple applications because it is simply not possible to remember hundreds of different unique codes. This is why biometrics have become increasingly popular options.
In particular we are seeing the growth of facial biometrics, which offer the perfect opportunity to get around these methods using a unique identification system – the contours of the human face. This will simplify things from a cybersecurity perspective. It also has applications for verification in financial institutions as well as airports, and for law enforcement purposes. However, the more facial recognition is applied the more attempts will be made to fool it.
As more applications are put into place it is also important to ensure the information associated with biometric systems is properly secured and to understand the potential consequences should this data be breached. Just as with any new technology, as it is implemented, new vulnerabilities will be discovered and patched, but securing information and ensuring data privacy remain paramount.
Ignorance is not bliss
To date, many organisations have tended to ignore certain elements of cybersecurity. However, ignorance in this instance is most certainly not bliss. Data protection is becoming increasingly heavily regulated, and aside from the penalties associated with non-compliance, the consequences of a data breach can be severe.
In 2020 and beyond we are beginning to see a shift in mindset to security first with new products being developed with security in mind, and functionality being built around what can be secured. Cybersecurity is a board level concern, and no longer simply considered “an IT problem”. Without effective cybersecurity measures in place, organisations are leaving themselves vulnerable – they are essentially ticking time bombs and when an incident occurs it could cripple them permanently.