The rapidly-evolving threat landscape calls for not just the latest technologies, but a fundamental change in the way a CISO functions.
Vaidyanathan Iyer, Security Software Leader at IBM India/South Asia, believes that a strong incident response and business continuity plan is imperative in today's threat environment.
In his 11-year stint at IBM, Vaidy, as he is popularly known in the circuit, has been instrumental in driving the company's cybersecurity posture.
In a comprehensive interview with CSO India, Iyer walks us through technologies that will hog the limelight and why it’s imperative for the present-day CISO to be a business enabler.
What are three biggest security challenges you see in 2019?
Let's look at security challenges pertaining to different sectors.
- Large enterprises: The large enterprises already have a robust security posture in place - they are moving to the next paradigm. The challenges for them is around how are going to achieve digital transformation through security transformation.
A common challenge for the large enterprises stems from figuring out how much security is adequate and how much is excessive. The next question is where can they limit the controls, because digital transformation comes with businesses becoming all-encompassing and accesses are becoming wider.
They have to ensure that their current security posture is adequately equipped to support digital businesses. Additionally, they also have to pay attention to app modernization and how to make it secure.
- Startups: Startups do not have the challenges pertaining to legacy infra, they start with digital. But most of them use multiple clouds owing to costing factors. The challenges in this domain revolves around providing security in a multi-cloud environment. Their challenges are around making built-in security.
- Government: This sector is subjected to a mix of both challenges. Their current security posture is very limited. They need to figure out how to structure their basic security and then go for digitization.
Which technologies, in your opinion, are going to disrupt the cybersecurity landscape?
I believe a completely different approach to managing security operations is necessary. Machine Learning (ML), Artificial Intelligence (AI), augmented intelligence and self-learning systems are going to be disruptive. A traditional approach to security is passé now.
The future is going to be defined by cognitive security, and not reactive security. Also, the term artificial intelligence is actually a misnomer, because you're not creating intelligence out of something that's not existing today, and that's why IBM believes in the concept of augmented intelligence.
How can enterprises prepare better to deal with zero-day attacks and Advanced Persistent Threats?
Zero-days primarily happen when your security posture is not matching the vulnerabilities you could be exposed to. Most vendors do not report these vulnerabilities because if I announce the vulnerability without a fix, you're a sitting duck.
Sometimes though, the vulnerability is spotted by a malicious element and is used as an exploit.
“It's a two-way process - the board should also be taken into confidence and complete freedom should be given to the CISO. A CISO is not an operational person, he or she is a business-enabler.”
Now this is where a cognitive SOC comes in place - to advise users about how zero-day vulnerabilities are managed. Zero-day vulnerabilities have to be managed proactively, because it has the propensity to be exploited more than anything else - it's because you don't know about it.
Secondly, you need to have a very robust threat intelligence platform. Thirdly, have a very strong incident response plan in place, because there's a good possibility of you realizing the attack after you've been hit.
What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the years to come?
Security Operations Centres and threat intelligence are going to be intertwined going forward. Threat intelligence feeds inputs to the SOC proactively. One should also remember that every threat in the world is not applicable to every enterprise.
Just because there's a threat, you don't have to rush to patch it. And this is where threat intelligence and the cognitive SOC comes into the picture. The cognitive SOC helps determine the threats which are applicable to you.
What is your advice to CISOs and other top-level security management professionals? What do they have to keep in mind before they turn to cognitive SOCs and automated threat intelligence?
In my point of view, CISOs should relate their security posture to their business requirements. Otherwise, chances are you may have so many things in your system that will not be used at all.
And that is why security is a boardroom conversation. My two cents is that CISOs should be completely in sync with the board of directors and the business goals. A CISO should always be forward-looking, and that's exactly why he or she must be involved very deeply in business planning exercises.
It's a two-way process - the board should also be taken into confidence and complete freedom should be given to the CISO. A CISO is not an operational person, he or she is a business-enabler.