Johannesburg, 09 Jun 2022
You can't protect what you don't know. This much-used adage illustrates one of the biggest problems facing cyber security professionals today.
With traditional business perimeters evolving at a rapid pace, many organisations struggle to keep tabs on their critical information assets, meaning they don’t know where their vulnerabilities lie and, as a result, can’t protect themselves effectively against cyber threats.
While most South Africans are aware of the need for proper physical security, many don’t treat cyber security with the same gravitas; probably because they don’t comprehend what they stand to lose should a breach take place.
So said Lukas van der Merwe, an executive for cyber security at Gijima, during a quick chat on the sidelines of ITWeb’s recent Security Summit in Cape Town.
“Sound cyber security practices are only effective if we’ve clearly defined what we’re trying to protect in the first place,” he noted. “Technology helps but if you don’t get the basics right, you’ll just be throwing money at the problem without having a solid plan in place to make sure that this technology does what you want it to do.”
Making an impact with AI
According to him, AI can make a massive impact by enriching the information we get from security alerts, making it possible for business to respond much faster and with more certainty.
Citing an example in a new customer’s environment, van der Merwe explained that when a new variant of ransomware was detected by the customer, they had to follow various manual decision making processes. However, these processes take time which meant that the malware spread and snowballed until they eventually shut the network down three weeks later.
This is not the only value AI can add. Van der Merwe said that these tools also boost staff retention by giving less skilled analysts the chance to do more than just filter through noise. They now get the chance to respond to incidents end-to-end, which helps with job satisfaction and talent development, he added.
“For an analyst to perform a threat investigation using normal channels, they would have to interrogate threat intelligence feeds, run Google searches, check the dark Web, ping IP addresses and sift through reference databases. This can hours, days, even weeks. And this is only a high level investigation,” he said.
“AI can do this in seconds and comes back with a conclusive answer about whether or not something is malicious,” said van der Merwe.
These tasks would usually have been handed to more experienced cyber security analysts but with the insights we get from AI, it is easier to assign tasks like these based on varying levels of complexity.
Handling higher volumes
This makes it possible for businesses to handle significantly higher volumes of incidents than was previously possible with the same amount of people.
“In the past, large teams would spend ages filtering through everything to determine if something is or isn’t a threat. But with the number of attacks increasing far beyond the capacity of what humans can handle, AI has become fundamental to detection and response.”
But he stressed that AI won’t eliminate the need for people. Where AI can fully automate a task based on us stipulating that a laptop found to have a certain type of malware must be shut down immediately, a person can assess if shutting down a specific laptop is the right decision given the context.
If the MD is giving his annual presentation to the board of directors and his laptop is found to have this specific malware, simply shutting down his device without warning might be a bit too abrupt. “This sort of thing is only something that a human can understand.” And this brings us back to knowing where your assets lie.
It’s not ‘just a printer’
For example, one might not think the printer at the gate at SA Breweries is of much value, concluded van der Merwe. But if a hacker shuts this down, and none of the brand’s trucks can make their deliveries, this incident can have a major impact on the business’ bottom line.
“It’s just a printer, surely it can’t be that important. But in this context – acting as the gatekeeper between the business and the customer – this simple printer becomes very significant."
Share