OPINION:Weaponizing machine learning for cybersecurity

The recent travel agency hacks in Hong Kong have raised alarm bells about the potential threats from hackers targeting local mid-size businesses. In fact, as one of the world’s most connected cities, there are potential entry points for hackers everywhere in Hong Kong - from employee smartphones to the increasingly popular smart devices that support the Internet of Things (IoT).

With hackers looking to further exploit an attack surface that is becoming increasingly horizontal, attack vectors will continue to grow and shift across the technology stack. And defending this new frontier will continue to become more challenging as perimeters disappear and boundaries change.

Automation will help close the skills gap

The ISACA has estimated a global shortage of two million cybersecurity professionals by 2019 with the Hong Kong Monetary Authority predicting Hong Kong will not be spared from the shortage of qualified professionals in the field of cybersecurity. To combat the skills gap and assist in the growing adoption of advanced analytics, automation will become an even higher priority for local businesses.

The automation of repetitive manual tasks - where there is high confidence in the outcome - is often the first consideration. As automation continues to increase within security operations centers (SOCs), tier 1 analysts will remove themselves from 101 security processes, moving beyond “red light/green light” alerts so they can better focus on proactive security strategies. In turn, this will help close the skills gap and enable security analysts to do more with less.

The race is on to leverage new tools

While the concept of using Artificial Intelligence (AI) to solve cybersecurity challenges is not entirely new, we will see AI’s applicability in the sector broadening in 2018. However, with the expansion of Machine Learning (ML) and AI for cybersecurity defenders, it should not be forgotten that actors on the attacker side will also have access to the same technology advancements, with many collaborating and sharing to innovate faster. Hackers can leverage ML and AI to speed up discovery of vulnerabilities, improve the precision of attacks, morph the route and path to breaches and avoid detection through counter-ML measures. Data and ML algorithms are emerging as a new battle ground where the winning strategy relies on having the best formula to fuse human intelligence, machine learning and data.

Security will become a business enabler

Cybersecurity has been high on the agenda of worldwide regulators in recent years. Overseas regulations - such as the European Union’s new General Data Protection Regulation (GDPR) -  as well as local initiatives - including the Hong Kong Monetary Authority’s Cyber Resilience Assessment Framework - will be the catalysts to helping companies rethink privacy and security control, and ultimately change the way they do business and protect their digital assets.

At the same time, digitization is driving companies to rapidly transform their security operations at a scale that was previously unimaginable. This acceleration is due to the convergence of cybersecurity and business risk management as well as the convergence of operational technology (OT) security and information technology (IT) security. The shift from perimeter-based security towards safeguarding and leveraging data across systems, devices and cloud will provide unified visibility and holistic security risk assessment to the management level. This will also give security specialists a more important role in the company and enable businesses to leverage their data in ways they didn’t know were possible. These security insights and capabilities will provide confidence and enable companies to solve business-critical issues, improve the customer experience and even create new revenue streams.

Chern-Yue Boey is vice president – APAC at Splunk