Author: Deepak Chaudhary

As governments and enterprises across the world digitise and digitally transform, it is changing citizen, consumer behaviours and preferences. With technology the key enabler in this seismic shift, risk management, particularly around cyber security and resilience, understandably finds itself under the microscope.

Cyber security is the practice of protecting and safeguarding the confidentiality, integrity and availability of systems and information. It enhances trust in the digital economy.

At CGI, we have placed ourselves on the leading edge of cyber security, a position from which we are granted an uninterrupted view of the state of play, and an opportunity to answer the big questions.

What are the biggest threats to ever-more-digital organisations? And how might these threats be mitigated? Let’s take a look.

The biggest cyber security challenges faced today

Security breaches and cyber attacks are reported daily – over the course of the 2019/2020 financial year, the Australian Cyber Security Centre responded to an average of six incidents per day, though the true volume of malicious activity was likely much higher. Governments and enterprises must develop foresight and mitigation capabilities to anticipate cyber-attacks and take decisive action when they do occur. Cyber protection needs to be built into every organisation balancing security risks and the cost of mitigation.

As a constant arms race in which the defender often finds themselves one step behind the attacker, current state of cyber  security is replete with challenges.

  1. Digitisation has resulted in an explosion of the number of connected devices which generate billions of events. Effective risk management demands that all this accumulated data and time-varying signals are analysed, but the sheer amount overwhelms traditional threat hunting techniques and processes.
  2. The cloud is driving the virtualisation of applications and data, bring your own device (BYOD) and work from home (WFH) revolutions are supercharging distributed collaboration and data sharing, and technologies like IoT & 5G are driving the convergence of IT and OT. These are some of the technological advancement that are resulting in connected and accessible networks that exponentially increases the attack surface and makes security surveillance more complicated.
  3. There are endless cyber criminals, malicious actors, terrorists and state actors, many of whom are very motivated, and can orchestrate globally distributed, sophisticated attacks from anywhere in the world. The potential economic loss across Asia Pacific due to cyber security breaches is a staggering US$1.745 trillion — more than 7% of the region’s total GDP.
  4. Globally, there has been an uptick in cyber security-related regulations (specially in critical infrastructure space). While these have helped government and industry keep up with threats and innovation, meeting the demands of the new laws has become increasingly difficult and costly.
  5. Manual threat hunting, often necessitated by antiquated processes and siloed approaches, can be time-consuming, costly, and can result in sophisticated attacks going unnoticed.

Machine learning and AI: The keys to future cyber security

No area of technology shows more potential in this effort than machine learning and artificial intelligence. These two technologies work in tandem – AI can cognitively assess threats, while machine learning recognises patterns in the data. When these capabilities are combined with the domain knowledge of a cyber security analyst, organisations can effectively manage security risks and stay ahead of the threats, all without breaking the bank.

There are a number of areas in which machine learning and AI has started to enable cyber security teams:

  1. Traditional vulnerability management methods are overly reliant on common vulnerability scoring system (CVSS) scores, which does not always correlate with the security risk within the context of the organisation. Machine learning and AI can support vulnerability management processes by:

    1. Helping an organisation gain a complete and accurate understanding of its information assets and their criticality.
    2. Cognitively processing huge volumes of data at scale from vendors, market feeds, cyber security chat boards, social media platforms, dark web sites and other sources to predict which vulnerabilities are most likely to be exploited.
    3. Developing highly contextual vulnerability risk scores to guide the priorities for patching and remediation.
  2. Cyber security analysts must process research papers, blogs, news stories, market feeds and other sources of information to stay ahead of malicious actors. Machine learning and AI can supercharge cyber threat intelligence by helping analysts differentiate the threats from the noise, enabling them to anticipate and react effectively.
  3. Intelligent code analysis, configuration analysis and activity monitoring can supercharge threat hunting and forensic investigations. Intelligent behavioural analytics can profile expected and unexpected behaviour across the IT environment to identify patterns and anomalies, enabling advanced threat detection.
  4. Red, blue and purple teams can use machine learning and AI to identify strengths and weaknesses of your information security program, helping you to calibrate your security posture.

All of the above initiatives will enable security teams to deliver faster and more effective security posture management. They provide enriched context to the security teams, analysing millions of events at warp speed within the context of your organisation, while proactively mitigating vulnerabilities.

Going forward, organisations will move away from an “incident response” mindset to a “continuous response” where systems are assumed to be compromised and require continuous monitoring and remediation. This approach requires a level of sophistication and scale that only machine learning and AI can enable.

Tomorrow’s early warning, intrusion detection, and prevention systems will be powered by AI.

Key factors holding back a full-scale adoption of machine learning and AI in cyber security

Incorporating machine learning and AI into your cyber security programs necessitates careful considerations of a number of factors, including perils of the technologies involved. Security managers have to factor following considerations into their cyber security strategy:

  1. Malicious actors also use machine learning and AI – The same techniques and tools are available to malicious actors to turbocharge their attack or enable people with limited levels of expertise to orchestrate a potent attack. Hackers can also corrupt training datasets, algorithms and configuration of tools used in cyber defence.
  2. Availability of trusted datasets – Machine learning and AI thrive on the availability of massive amounts of trusted and secure datasets. This will require organisations to strengthen their data analytics capabilities and market integration.
  3. Investments – Establishing a machine learning and AI capability within your cyber security team will require investments in people, tools, training etc. and may require an organisation to re-design its cyber security function. This will require investment and executive sponsorship.

CGI's role in improving cyber security processes

At CGI this is the sort of work that we deal in every day. Enterprises look to us for help in identifying and better understanding security risks, building secure outcomes, and generally operating their businesses with confidence.

CGI has four decades of experience in creating and securing critical business systems in complex environments across the globe, including the defence and intelligence sectors. While cyber threats are global phenomenon, we know that requirements vary locally, with each organisation facing its own set of unique challenges. Additionally, operational technology, and the industrial control systems (ICS) that help keep the power on and water and gas flowing, are becoming more prone to cyber attack. Through our expert talent, deep technical and business knowledge, security operations centres, best practices and frameworks, we work to ensure controls are baked in, not bolted on.

We work with leading organisations across commercial and governmental sectors in Australia, the UK, the US, Canada and Europe. As a result, we understand security from all angles – technological, commercial and legal – and have specialists who can build cyber security into your business strategy to drive agility, efficiency and competitive advantage.

To find out more about CGI's work in cyber security, visit our cyber security page.