With the increase in automation, there are new cybersecurity threats that need to be addressed, and in order to address the new cybersecurity threats, there are a few technological challenges that need to be understood.
The first challenge is the availability and quality of training data that is required for training cybersecurity-related ML models. This data almost always contains massive amounts of sensitive information – intellectual property, PII, or otherwise strictly regulated data – which companies aren’t willing to share with security vendors. Formal verification and testing of machine learning models is a massive challenge of its own. Making sure that an AI-based cybersecurity product does not misbehave under real-world conditions, or indeed under adversarial examples specifically crafted to deceive ML models is something that vendors are still figuring out, and in many cases, this is only possible through a collaboration with customers.
The field of cybersecurity is constantly evolving, so while in many applications, it’s perfectly fine to train a model once and then use it for years. Cyber threat models must be continuously updated, expanded, and retrained on newly discovered vulnerabilities and attack vectors.
Recommendations
While automation is currently in the spotlight, the role of humans cannot be underestimated. In fact, automation was intended to enable humans to focus on priority tasks with reduced effort rather than replacing them. Thus, to secure the autonomous world against cyber threats, organizations and cybersecurity experts must embrace a collaborative working environment between humans and technology. By combining human expertise and automation tools, organizations can create an effective threat intelligence framework to identify, respond and mitigate threats. This can be achieved by real-time monitoring and analysis of user behavior, network traffic, and activity logs. This will allow organizations to identify threats related to data theft and bypass the automation systems using a disguise to infiltrate critical systems in real-time.
One thing which automation currently lacks is contextual understanding. Policies and procedures need to be robust to fill contextual gaps, which will allow the software to not cause disruption in business activities. Human expertise can support in cases of critical decision-making. Finally, cybersecurity professionals should be equipped to tackle ever-evolving cyber threats towards autonomous machines.
Moving Forward
The relevance of the autonomous world will continue to increase in the coming years. With more and more organizations from various sectors embracing initiatives such as digital transformation and the power of AI and machine learning, there will be a proportional increase in the number and sophistication of cyber-attacks. By addressing the security challenges and reinforcing the cybersecurity infrastructure, organizations will truly be able to extract the potential of automation.