For many in the IT industry and cybersecurity domain, embracing AI without clearly understanding what it can and cannot offer is akin to flying blind in the ever-expanding computing skies. AI will have a particularly important role to play in cybersecurity and next-gen data center, however that merits a closer look at its present state first.
Version 1.0 of the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF) celebrated its fourth birthday in February. The CSF is a “risk-based approach to managing cybersecurity risk... designed to complement existing business and cybersecurity operations.” I recently spoke with Matthew Barrett, NIST program manager for the CSF, and he provided me with a great deal of insight into using the framework.
It has only been in the last few years that the networked enablement of everyday business functions has forced enterprises to embrace the fact that physical security and cybersecurity must be treated in a unified manner.
Hackers are outpacing and adapting their techniques at a faster pace than defenders, and nearly half of all cyberattacks are resulting in financial damages over $500,000, including lost revenue, customers, opportunities and out-of-pocket costs.
According to the Institute for Critical Infrastructure Technology, the healthcare sector fell prey to more cyber incidents through data breaches than any other critical infrastructure area in 2015.
A key factor in establishing trust is the presence of a Security Operations Center (SOC). The SOC is charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems and brand integrity.
From elections to North Korean nuclear threats and missile launches, it appears that cyber actors are using geopolitical events to achieve cyber activism and other goals.
2017 illustrated a significantly lower barrier-of-entry to the world of cybercrime with the emergence of malware-as-a-service, with user profile names and credit card numbers readily available on the Dark Web and distribution of 20,000 messages for just $40.
Today, cyber breaches cost the U.S. more than $100 billion a year. While organizations are actively procuring new cybersecurity technology, they’re not investing enough in people, skills and talent. And according to ISACA, a non-profit information security advocacy group, a global shortage of two million cybersecurity professionals is expected by 2019.
As cybersecurity continues to become more complex and harder to manage, the role of security operations for organizations is also shifting across the board. Long gone are the days where firewalls or intrusion detection systems (IDS) could keep adversaries outside the perimeter. Instead, we are seeing increases in both size and frequency of attacks leading to more pronounced impacts to the business.