Depending only on humans for cyber security is no longer enough, says Oracle-KPMG report

Sensitive customer and corporate data is sprawled across multiple cloud environments. Though the evolving capabilities of Artificial Intelligence (AI) and Machine Learning (ML) are attracting interest, attention now should be focussed on how these technologies drive the value of automation, states a senior executive.

“Depending only on humans to counter threat is no longer enough. It is far easier, efficient to keep track of different threat vectors and monitor an expanding threat surface with an AI-ML led approach,” said Greg Jensen, Senior Principal Director of Security, Oracle.

Speaking exclusively to BusinessLine on the release of the Oracle KPMG Cloud Threat Report, which revealed 87 per cent of IT professionals think AI-ML capabilities are a ‘must-have’ for new security purchases, Jensen said “AI-ML, used in the right way, drives the value of automation.”

Fundamental requirement

The global study of 750 cyber security and IT professionals found that IT professionals are three times more concerned about the security of company financials and intellectual property than their home security.

Data security is also keeping IT professionals awake at night. The study showed 78 per cent of organisations tend to use more than 50 discrete cyber security products to address security issues, while 37 per cent of those surveyed use more than 100 cyber security products.

“Nearly all security providers now cite the use of some form of ML in their products as a means to protect against zero-day threats and malicious behaviours that evade more traditional forms of detection,” said Jensen. “When it comes to AI as a driver for selecting cyber security controls, nine out of 10 survey participants cite AI-ML technology as a fundamental requirement.”

India case

As business leaders move to digitally transform their operations, effective security controls are all too often an afterthought. The Oracle official stressed that organisations need to make security an intrinsic part of their culture.

Jensen said, “Talking with Indian customers, we can see growing maturity when it comes to cloud security. Increasingly, these conversations show that Indian organisations better understand the need for a holistic cloud security strategy, as well as the nuances of the shared responsibility model.”

There are multiple threat vectors, both internal and external, and it is impossible to manually address all these threats. It is also impossible to hire and train enough staff to deal with these increasing security vulnerabilities.

Commenting on the ongoing shortage of cyber security professionals globally, Jensen said he “would love to see more and more cyber security specialists emerging from India, given the wide pool of engineering talent locally available.”

Oracle’s earlier studies have cited the global lack of skills and qualified staff as the second biggest cyber security challenge. The skills gap is expected to get worse in these challenging times.

Intelligent automation

Intelligent automation is realistically changing how corporates tackle security infrastructure.

Jensen said the range of use cases that is driving demand for cyber security solutions that utilise AI-ML has clearly expanded, and is shown by the survey’s respondents. This reveals the expectation that AI will prove effective for detecting a range of threats beyond malware.

“As the report highlights, the involvement of AI-ML and humans is not mutually exclusive, with the former serving as a powerful filter to sift through the number of alerts and flag the most relevant ones to the security analysts to act,” said Jensen.

Right now, there are simply not enough analysts to triage alerts, but survey respondents were confident in AI outperforming analysts, in threat hunting and analysing attack chains.

The official said organisations have advanced ahead in terms of technology, especially with autonomous cyber defence capabilities. “The use of AI-ML in cyber security is a priority, and nearly nine out of 10 participants (in the report) cite technology as a fundamental requirement,” he said.

Rogue actors

“Security is a continuous journey, and we need to realise that rogue actors are using the very same, latest technologies for ulterior purposes,” cautioned the official.

Alluding to the sheer rate at which the use of cloud services is expanding, Jensen said it was creating an appreciable cloud security readiness gap. “92 per cent of this year’s research respondents admitted that their organisation has a gap between current cloud strategies and their ability to provide effective security and privacy controls. It is more than just a technical issue as there are training opportunities to fill the current gaps,” added Jensen.

As noted in the report, 88 per cent of respondents are indicating they plan to leverage intelligent automation to manage configuration and patch management needs with their cloud workloads.

The official said this goes to show the increased trust and faith that businesses are placing on advancing technologies, while also finding innovative ways to overcome key areas where they struggle, such as maintaining knowledgeable staffing levels, and the ability to manage at scale and velocity.