By Vijay Ganti
Special to The Nation
ALTHOUGH security as a percentage of IT spending continues to grow at a robust rate, the cost of security breaches is growing even faster.
According to Frost & Sullivan, IDC, and Gartner, in 2017 Thailand spent Bt6.71 billion on cybersecurity. This is expected to grow to Bt16.2 billion in 2025, or 0.07 per cent of GDP. However, on the flipside, the potential economic loss in Thailand due to cybersecurity incidents could hit a staggering Bt286 billion or 2.2 per cent of the country’s total GDP, according to Frost & Sullivan.
Why isn’t cybersecurity working as it should?
Most security products are focused on understanding malware or attacks. As a result, we are always playing catch-up with malicious actors. We must figure out a way to bind the problem.
How can cybersecurity threats be contained?
The principle of least privilege is one of the oldest information security principles, with the original formulation stating: “Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.”
If we had enforced this principle within our IT environments, we’d have dramatically reduced the attack surface, and would consequently have bounded the problem.
While this doesn’t eliminate the need to monitor for threats, it simplifies the problem. So, the right solution architecture would include two components:
1 A foundational piece that shrinks the attack surface by enforcing least privilege (also known as cyber-hygiene);
2 A complementary piece that controls residual risk by monitoring for threats.
What are the limits of “least privilege” in cybersecurity?
Customers have tried implementing least-privilege environments in the past through whitelisting.
While whitelisting solutions can be effective, they have been a nightmare to operationalise.
The constant changes during the normal course of operating an IT environment at scale are very hard to keep up with.
So, in this case, instead of playing catch-up, we were chasing our own tails.
Can AI and ML help to shrink the attack surface?
Ensuring good is always going to be more effective than chasing bad. This approach gets even better with the rise of modern artificial intelligence (AI) and machine learning (ML).
AI/ML can offer IT security professionals a way to enforce good cybersecurity practices and shrink the attack surface, instead of constantly chasing after malicious activity.
AI/ML techniques are ideal for achieving cyber-hygiene and shrinking the attack surface at scale. There are two distinct advantages that make it ideal.
1. Rules exists for the behaviour of good software;
2. There is plenty of data labelled “data for goodware”.
The primary challenge has been the constant change at scale. The nature of change, though, is predictable and follows patterns. This is the kind of problem that AI/ML excels at. Using AI and ML to achieve cyber-hygiene and enforce least privilege environments at scale is the breakthrough idea that will help us secure modern IT environments against an ever-evolving threat landscape.
Vijay Ganti is ML/AI tech director at VMware.