FeatureWith so many threats and so few resources, any tech that helps security teams focus on security and not overhead or noise are very welcomed: Cloud, AI, and analytics are three such examples. Our large clients are managing 100-150+ different cyber solutions.
That is a lot of integration and device, application overhead that cloud deployments help in terms of lessons learnt. Likewise, as large clients are swamped with millions of security alerts, AI and analytics are helping to comb through.
The cybersecurity arms race between defenders and attacks shows no signs of slowing down
Threat actors continue to improve their business models, especially with ransomware. When ransomware first made a big splash 5+ years ago, the business model was simple: hit as many victims as possible, as fast and as automated as possible, with low ransoms that most would be willing to pay.
The most mature organisations measure response time in minutes and not hundreds of days
Today there is an entire criminal ecosystem around ransomware, with separation of duties between developer, attackers, negotiators. Victims are being targeted in customised ways including recruiting insiders; large ransoms are being negotiated in ways that feel more like eBay auctions or customer service chats and defenders are scrambling to fight back.
It is therefore no wonder that mean time to identify attackers inside the network hovers over 200 days
Investments can then be ranked and put on a roadmap according their ability to move you from your current state to the target state as informed by the board’s risk tolerance.
The average cyber-security team at our large clients must handle ~1,000,000 security alerts per week. In that sea of alerts, they must identify the ~4 incidents that warrant further investigation. It is therefore no wonder that mean time to identify attackers inside the network hovers over 200 days.
Sorting through 1 million alerts per week is simply not a human scale problem. AI and Machine Learning are the only hope to help drowning security teams and, in many organisations, it is already making an impact.
In that sea of alerts, they must identify the ~4 incidents that warrant further investigation
The most mature organisations measure response time in minutes and not hundreds of days. Still, AI is a triple-edged sword. In addition to being a resource for defenders, AI is also a tool for attackers and a new kind of business asset that needs special protection. The cybersecurity arms race between defenders and attacks shows no signs of slowing down.
CISOs need to develop an asset inventory for their respective organisations. At early maturity levels, take a pragmatic approach to focus on inventorying and protecting the most critical assets – the crown jewels. The board must set your overall risk tolerance, which should then inform decisions on which assets and which threats to prioritise. Then do a thorough assessment, asking tough questions, and not merely checking boxes. This should give you an honest view of your current position.
Sorting through 1 million alerts per week is simply not a human problem and AI and machine learning are the only hope to help drowning security teams.
