SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Interview: Cognizant takes thought leadership to AI in security
Wed, 6th Dec 2017
FYI, this story is more than a year old

Cybersecurity and artificial intelligence now seem to go hand in hand as complementary weapons against crime, but what lies ahead?

Manish Bahl is the senior director for Cognizant's Centre for the Future of Work. He is responsible for thought leadership around code halos, digital transformation and the future of work. He works with IT and business decision-makers to provide vision on digital transformation and its effects on business, people, technology and culture.

“Cognizant's Centre for the Future of Work is a dynamic thought leadership powerhouse that examines how work is changing, and will change, in response to the emergence of new technologies, new business practices, and new workers,” he explains.

“By collaborating with a wide range of business and technology thinkers and academics, we identify long-term trends about the future of work as technology continues to change the way in which we go to work, complete work, and run businesses.

We often hear that AI and machine learning are two crucial factors in cybersecurity in order to protect us from emerging and ‘unknown' threats. Do you agree with this and how AI is progressing in terms of security?

Yes, I do agree. As the digital economy expands, cybersecurity threats will multiply. Cybersecurity has already gone beyond a human phenomenon. AI and machine learning will turn security issues upside down by building an intelligent defence mechanism to safeguard sensitive information assets. AI and machine learning will become the new face of cybersecurity.

In Australia, we've seen the Commonwealth Bank of Australia (CBA) developing AI-based technology to aid cyber-security, fraud detection and regulatory compliance. CBA is just one example of how businesses are recognising the importance of investing in AI to protect themselves from any threats.

In theory, hackers could be using this technology to stay one step ahead of defenders. What is ‘bad AI' and are we seeing an increase in machine-vs-machine warfare?

‘Bad AI' is the name we give to hackers and other cyber criminals using AI to build smarter malware for their own benefit. With the cost of technologies such as computing, storage and off-the-shelf machine algorithms significantly lessening over the last few years, cyber criminals now have access to technologies that can ‘beat' existing cyber-security measures.

The challenge is to build immunity against them. Fighting back requires an intelligent machine that can detect threats proactively, identify stealthy malware, reconfigure network traffic to avoid attacks, inform automated software to close vulnerabilities before they are exploited, and mitigate large-scale cyberattacks with great precision. An era of machine-vs-machine warfare is where we're heading and the winners will be the companies that are most prepared for the changing role of technology.

If we look at the three core elements of cybersecurity: people, processes and technology – how well are Asia Pacific businesses using these as part of their security strategies?

Cybersecurity is still seen as a key IT initiative in many organisations. I believe this approach is fundamentally flawed as cybersecurity is key to building the brand. It is essential that cyber security becomes a top agenda point for boardroom discussions so that concrete decisions can be made.

The good news is that organisations in Asia-Pacific are increasingly realising the importance of cybersecurity to their business. By 2020, cybersecurity will emerge as number one business priority in the region. Technological investments, however, will not be sufficient.

Organisations must inject cybersecurity deep into their culture because humans will continue to be the weakest link to cybersecurity. Social media and careless or unaware employees are the top threats increasing companies' risk exposure.

Cybersecurity is everyone's responsibility, and the business's employee performance metrics should reflect that. Also, organisations must invest in building a uniform infrastructure that brings disparate processes together, thus reducing security complexities.

Do you find that APAC organisations are proactively protecting against threats, or are they scrambling every time they learn of a threat or breach that has impacted their business?

The problem is that many organisations still pursue a reactive rather than proactive approach towards security. In our study, we found that 37% of Asia-Pacific organisations took a week to months to identify a security breach in 2016 alone.

Brand loyalty is the result of trust cultivated over many years, but it can be destroyed in a day. It's an uphill battle for organisations to keep their brand and consumer trust intact. Moreover, many Asia-Pacific organisations do not have cybersecurity and data privacy insurance in the event of a breach, indicating the need for a proactive cybersecurity approach.

What are your four proactive approaches that prepare businesses for cyber threats?

There are definitely steps businesses can take to prepare themselves for any potential cyber threats. These include:

Making security automation a core element of business's enterprise IT defence mechanisms. As cyberattacks can occur at any time of the day, security automation will be essential in the future. Bots cannot prevent cyberattacks from occurring, but will enable much faster responses to any potential breaches. The speed of response to an attack determines the scope of damage to your critical assets.

Taking a leap into the future with quantum computing. Although still in the very early days, quantum computing will completely change our approach to cybersecurity.

When combined with AI, quantum computing will allow us to better understand the DNA of attacks on a mathematical basis and will run complex risk models continuously. Westpac has claimed a stake in quantum computing-based cybersecurity firm QLabs, which is planning to roll out its product to global banks.

Conducting regular, formal risk assessments to protect critical digital assets. Protecting data, any business's most critical digital asset, is vital. Research shows some 90% of companies suffered brand damage as a result of data breaches in 2016 alone. It's time that organisations strengthened their data privacy framework and data protection and compliance, such as encryption and data-loss prevention systems.

Making cybersecurity a new competitive differentiator. Merge business, digital, and security strategies into one. While cybersecurity is viewed as a key IT initiative in many organisations, in today's interconnected age, it is time for organisations to invest in a single transformation strategy that cuts across business, IT, and security.

Does Cognizant have plans to delve deeper into AI and cybersecurity in Asia Pacific (or globally)?

We'll see much bigger and more sophisticated attacks in the future, and companies need to be prepared for the coming of new age of cyber threats. Cognizant is committed to investing in technologies, people and processes to protect our clients and be at the forefront of the future of cybersecurity.

As cybersecurity becomes increasingly sophisticated, and increasingly sits outside the realm of human knowledge, harnessing good AI to protect against bad AI will be vital to futureproof against attacks. Companies will be continually challenged to protect their brand and data—and doing so will become harder as cybercriminals tap into bigger and better technologies.