Changing threats, volume of threats, and ransomware plague organizations. Having some autonomous AI tools to help pros do their jobs can help.
TechRepublic’s Karen Roby spoke with Marcus Fowler, director of strategic threat for Darktrace and former CIA officer, about ways to help cybersecurity professionals get their jobs done more easily. The following is an edited transcript of their conversation.
SEE: Identity theft protection policy (TechRepublic Premium)
Karen Roby: Marcus, talk a little bit about conversations that you’ve been having with clients, regardless of the size of their businesses. How have those conversations about cybersecurity changed since the start of the pandemic?
Marcus Fowler: I think it is a little unique to industry in terms of whether they’re still in survival mode and trying to make it through because their industry was specifically hit very hard by that, or they’re in leaning in and transformation mode. I think, certainly, a really new sense of dependency on cyber and digital, and with that dependency, a recognized vulnerability. I think there is more invitation for security being in the room at the most senior levels, more appreciation for understanding, “Could we have prevented that? What does this mean for us?” So, a broader discussion there. I hope that continues. It was a trend even before the pandemic, but I think it’s accelerated, too. Out of the gate, you had changes in business operations, such that the security team had to catch up. Now there’s dependency on the security team for ensuring that what’s in place is sound and secure. Business resilience, not just business success, is really tied together. I think there’s a very visceral understanding of that.
Karen Roby: As we roll into 2021 now, what are, in your opinion, the biggest threats we’re facing in cybersecurity?
Marcus Fowler: You put a good point out there in threats because I think there are two areas where people are concerned. One is the changing threat space and one is how changes or security requirements change. I think from the threat space the greatest threat I often hear about is ransomware and what they’re really worried about. You really can sense that nobody wants to be kept at ransom, so you can get that. For me, personally, a more concerning threat is an insider threat, which can come through something like a supply chain, but it is somebody already behind the walls and kind of taking advantage of intellectual property, or espionage, or doing damage to a company. Those two, to me, are the leading candidates of concern.
SEE: Predicting 2021 in cybersecurity: DDoS attacks, 5G speed, AI security, and more (TechRepublic)
In terms of what I’m hearing, not from a threat actor space, but in terms of my digital environment and where I’m worried, it’s probably two areas. One, what changes in visibility and understanding have occurred as I’ve moved to things like SaaS [Software-as-a-Service] or in the cloud, and how has that changed from a security team? I mean, it is one of the areas certainly where Darktrace, as a company, has leaned in, in terms of being able to be on the end point, being able to bring in those VPN logs, and all of those different data ingestion points because, again, without visibility and understanding, you’re really not going to do very well in that security fight.
I think the other is how to augment that human security team. I think across the industry, we often hear about the skills gap, which I laughingly call, really, a unicorn gap because companies are looking for these amazing potential employees that have every certificate under the sun, to include four years of experience on something that was released two years ago. The reality is when I talk to companies, it’s actually a cycle shortage. There’s more work than the human team can do. We’re using AI [artificial intelligence] to augment the human team by doing autonomous investigation, by doing autonomous triage, by arming the human team, those human experts to be 20 to 30 minutes into every investigation the second they start the investigation, because that commodity and heavy lifting has already occurred because the AI is doing that behind the background. That’s an area we continue to expand.
You mentioned my time at the CIA, I did a decade of counterterrorism. My greatest stress every day was as a manager and as a leader, am I using my critical human resources in the most efficient way against the most credible and imminent threats? It was really hard for me day in, day out to say with confidence that I was, but something like an AI analyst or this autonomous (tool) helping you with threat prioritization, helping your people get further in their day, in terms of all the different investigations they’re going is really an enabler and powerful.