Depending only on humans for cyber security is no longer enough, says Oracle-KPMG report

Amrita Nair-Ghaswalla Mumbai | Updated on May 15, 2020 Published on May 15, 2020

Recent cyber attacks on IT firms brought security gaps to light   -  sarayut

AI-ML technologies can serve as a powerful filter to sift through alerts and flag the most relevant

Sensitive customer and corporate data is sprawled across multiple cloud environments. Though the evolving capabilities of Artificial Intelligence (AI) and Machine Learning (ML) are attracting interest, attention now should be focussed on how these technologies drive the value of automation, states a senior executive.

“Depending only on humans to counter threat is no longer enough. It is far easier, efficient to keep track of different threat vectors and monitor an expanding threat surface with an AI-ML led approach,” said Greg Jensen, Senior Principal Director of Security, Oracle.

Speaking exclusively to BusinessLine on the release of the Oracle KPMG Cloud Threat Report, which revealed 87 per cent of IT professionals think AI-ML capabilities are a ‘must-have’ for new security purchases, Jensen said “AI-ML, used in the right way, drives the value of automation.”

Fundamental requirement

The global study of 750 cyber security and IT professionals found that IT professionals are three times more concerned about the security of company financials and intellectual property than their home security.

Data security is also keeping IT professionals awake at night. The study showed 78 per cent of organisations tend to use more than 50 discrete cyber security products to address security issues, while 37 per cent of those surveyed use more than 100 cyber security products.

“Nearly all security providers now cite the use of some form of ML in their products as a means to protect against zero-day threats and malicious behaviours that evade more traditional forms of detection,” said Jensen. “When it comes to AI as a driver for selecting cyber security controls, nine out of 10 survey participants cite AI-ML technology as a fundamental requirement.”

India case

As business leaders move to digitally transform their operations, effective security controls are all too often an afterthought. The Oracle official stressed that organisations need to make security an intrinsic part of their culture.

Jensen said, “Talking with Indian customers, we can see growing maturity when it comes to cloud security. Increasingly, these conversations show that Indian organisations better understand the need for a holistic cloud security strategy, as well as the nuances of the shared responsibility model.”

There are multiple threat vectors, both internal and external, and it is impossible to manually address all these threats. It is also impossible to hire and train enough staff to deal with these increasing security vulnerabilities.

Commenting on the ongoing shortage of cyber security professionals globally, Jensen said he “would love to see more and more cyber security specialists emerging from India, given the wide pool of engineering talent locally available.”

Oracle’s earlier studies have cited the global lack of skills and qualified staff as the second biggest cyber security challenge. The skills gap is expected to get worse in these challenging times.

Intelligent automation

Intelligent automation is realistically changing how corporates tackle security infrastructure.

Jensen said the range of use cases that is driving demand for cyber security solutions that utilise AI-ML has clearly expanded, and is shown by the survey’s respondents. This reveals the expectation that AI will prove effective for detecting a range of threats beyond malware.

“As the report highlights, the involvement of AI-ML and humans is not mutually exclusive, with the former serving as a powerful filter to sift through the number of alerts and flag the most relevant ones to the security analysts to act,” said Jensen.

Right now, there are simply not enough analysts to triage alerts, but survey respondents were confident in AI outperforming analysts, in threat hunting and analysing attack chains.

The official said organisations have advanced ahead in terms of technology, especially with autonomous cyber defence capabilities. “The use of AI-ML in cyber security is a priority, and nearly nine out of 10 participants (in the report) cite technology as a fundamental requirement,” he said.

Rogue actors

“Security is a continuous journey, and we need to realise that rogue actors are using the very same, latest technologies for ulterior purposes,” cautioned the official.

Alluding to the sheer rate at which the use of cloud services is expanding, Jensen said it was creating an appreciable cloud security readiness gap. “92 per cent of this year’s research respondents admitted that their organisation has a gap between current cloud strategies and their ability to provide effective security and privacy controls. It is more than just a technical issue as there are training opportunities to fill the current gaps,” added Jensen.

As noted in the report, 88 per cent of respondents are indicating they plan to leverage intelligent automation to manage configuration and patch management needs with their cloud workloads.

The official said this goes to show the increased trust and faith that businesses are placing on advancing technologies, while also finding innovative ways to overcome key areas where they struggle, such as maintaining knowledgeable staffing levels, and the ability to manage at scale and velocity.

Published on May 15, 2020

A letter from the Editor

Dear Readers,

The coronavirus crisis has changed the world completely in the last few months. All of us have been locked into our homes, economic activity has come to a near standstill. Everyone has been impacted.

Including your favourite business and financial newspaper. Our printing and distribution chains have been severely disrupted across the country, leaving readers without access to newspapers. Newspaper delivery agents have also been unable to service their customers because of multiple restrictions.

In these difficult times, we, at BusinessLine have been working continuously every day so that you are informed about all the developments – whether on the pandemic, on policy responses, or the impact on the world of business and finance. Our team has been working round the clock to keep track of developments so that you – the reader – gets accurate information and actionable insights so that you can protect your jobs, businesses, finances and investments.

We are trying our best to ensure the newspaper reaches your hands every day. We have also ensured that even if your paper is not delivered, you can access BusinessLine in the e-paper format – just as it appears in print. Our website and apps too, are updated every minute, so that you can access the information you want anywhere, anytime.

But all this comes at a heavy cost. As you are aware, the lockdowns have wiped out almost all our entire revenue stream. Sustaining our quality journalism has become extremely challenging. That we have managed so far is thanks to your support. I thank all our subscribers – print and digital – for your support.

I appeal to all or readers to help us navigate these challenging times and help sustain one of the truly independent and credible voices in the world of Indian journalism. Doing so is easy. You can help us enormously simply by subscribing to our digital or e-paper editions. We offer several affordable subscription plans for our website, which includes Portfolio, our investment advisory section that offers rich investment advice from our highly qualified, in-house Research Bureau, the only such team in the Indian newspaper industry.

A little help from you can make a huge difference to the cause of quality journalism!


Support Quality Journalism
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.
You have read 1 out of 3 free articles for this week. For full access, please subscribe and get unlimited access to all sections.