By Abdulla Bader Al Seiari, Chief Executive Officer (CEO) at Cyber 50 Defense – L.L.C. – O.P.C. In an era marked by rapid technological advancement and escalating cyber threats, the strategic integration of Artificial Intelligence (AI) into cybersecurity operations emerges as a pivotal industry trend. This show more ...
evolution promises not only to transform traditional defense paradigms but also to redefine the roles and responsibilities of Level 1 (L1) cybersecurity analysts. Strategic Imperatives for AI Adoption in Cybersecurity The digital threat landscape is characterized by its complexity and dynamism, challenging the traditional cybersecurity frameworks and necessitating a more agile and intelligent response mechanism. AI’s role in this context is twofold: augmenting human capabilities and enabling more sophisticated, real-time threat detection and mitigation strategies. The Transformative Impact of AI on L1 Analysts Operational Efficiency: Leveraging AI for routine and volumetric threat detection tasks enhances operational efficiency, allowing analysts to concentrate on higher-order problem-solving and strategic decision-making. Continuous Monitoring: AI’s capability for 24/7 surveillance addresses the limitations of human-centric monitoring, ensuring a proactive stance against potential security breaches. Accuracy and Reliability: By minimizing human error, AI contributes to a more reliable threat detection process, underpinning a robust cybersecurity defense mechanism. A Collaborative Future The narrative surrounding AI in cybersecurity transcends the simplistic notion of technology replacing human roles. Instead, it emphasizes a symbiotic relationship where AI enhances the analytical and operational capacities of L1 analysts. This collaborative approach envisions: Elevated Analytical Roles: Analysts are liberated from the constraints of monitoring and preliminary analysis, enabling a focus on complex, strategic issues that demand expert judgment and creative problem-solving. Continued Professional Development: The shift in responsibilities encourages L1 analysts to pursue advanced training and skill acquisition in areas such as threat intelligence, incident response, and cybersecurity policy, ensuring career growth and adaptation in a changing technological landscape. Strengthened Cyber Defenses: The integration of AI into cybersecurity operations fosters a more agile and resilient defense ecosystem, capable of responding to sophisticated threats with unprecedented speed and accuracy. Conclusion The strategic integration of AI into cybersecurity heralds a new era for L1 analysts and the broader industry. This evolution is not a displacement but an enhancement of human capabilities, ensuring that cybersecurity professionals remain at the forefront of technological innovation and defense strategies. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
By Sithembile (Nkosi) Songo, Chief Information Security Officer, ESKOM According to the Ultimate List of Cybersecurity Statistics, 98% of cyber attacks rely on social engineering. Social engineering and phishing attacks tactics keep on evolving and targeting a diversified audience form executives to normal employees. show more ...
Advanced phishing attacks that can be launched using GEN AI. There is also a shift in motivation behind these attacks, such as financial gain, curiosity or data theft. Recent attacks have shown that cyber criminals continue to use various social engineering tricks, exploiting human weaknesses. Attackers are evolving from only exploiting technology vulnerabilities such as using automated exploits to initiate fraudulent transactions, steal data, install malware and engage in other malicious activities. Furthermore, it is a well-documented fact that people are deemed to be the weakest link in the cybersecurity chain. Traditional security controls put more focus on the technical vulnerabilities as opposed to the human related vulnerabilities. Threat actors are transitioning from traditional system and or technology related cyber-attacks to human based attacks. The cyber criminals have identified and are now taking advantage of uninformed or untrained workforce by exploiting the human related vulnerabilities. Employees often make it too easy by posting a huge amount of information about themselves, including daily status, activities, hobbies, travel schedule and their network of family and friends. Even small snippets of information can be aggregated together. Bad guys can build an entire record on their targets. Employees, especially those that are targeted, should limit what they post. Bad guys leverage on other weaknesses, such as the improper destruction of information through dumpster diving and unencrypted data. The three most common delivery methods are email attachments, websites and USB removable media. Properly implemented USB policies and trained users can identify, stop and report phishing attacks. Well-educated workforces on all the different methods of social engineering attacks are more likely to identify and stop the delivery of these attacks. While malicious breaches are the most common, inadvertent breaches from human error and system glitches are still the root cause for most of the data breaches studied in the report. Human error as a root cause of a breach includes “inadvertent insiders” who may be compromised by phishing attacks or have their devices infected or lost/stolen Entrenching a security conscious culture is therefore extremely important in today’s digital age. Cyber awareness is of utmost importance in today’s digital age. What is "Security Culture"? Security culture is the set of values shared by all the employees in an organization, which determine how people are expected to perceive and approach security. It is the ideas, customs and social behaviours of an organization that influence its security. Security culture is the most crucial element in an organization’s security strategy as it is fundamental to its ability to protect information, data and employee and customer privacy. Perception about cybersecurity has a direct impact to the security culture. It could be either positive or negative. It’s deemed to be positive if information security is seen as a business enabler and viewed as a shared responsibility instead of becoming the CISO’s sole responsibility. On other hand it’s perceived negatively if security viewed a hindrance or a showstopper to business or production. A sustainable security culture requires care and feeding. It is not something that develops naturally, it requires nurturing, relevant investments. It is bigger than just ad-hoc events. When a security culture is sustainable, it transforms security from ad-hoc events into a lifecycle that generates security returns forever. Security culture determines what happens with security when people are on their own. Do they make the right choices when faced with whether to click on a link? Do they know the steps that must be performed to ensure that a new product or offering is secure throughout the development life cycle. Security culture should be engaging and delivering value because people are always keen to participate in a security culture that is co-created and enjoyable. Furthermore, for people to invest their time and effort, they need to understand what they will get in return. In other words, it should provide a return on investment, such as improving a business solution, mitigating risks associated with cyber breaches. Culture change can either be driven from the top or be a bottom-up approach, depending on the composition and culture of the organization. A bottom-up approach rollout allows engaged parties to feel they are defining the way forward rather than participating in a large prescriptive corporate program, while support from the top helps to validate the change, regardless of how it is delivered. In particular, a top-down mandate helps to break down barriers between various business functions, information security, information technology, development team, operations, as well as being one of the few ways to reach beyond the technical teams and extend throughout the business. Organizations that have a Strong Cybersecurity culture have the following: Senior leadership support from Board and Exco that echo the importance of cybersecurity within the organization. Defined a security awareness strategy and programme, including the Key Performance Indicators (KPIs). Targeted awareness campaigns which segment staff based on risk. Grouping users by risk allows for messages and the frequency of messages to be tailored to the user group. A cybersecurity champion programme which allows for a group of users embedded in the organization to drive the security message. Usage of various of mediums to accommodate different types of people who learn differently. Employees are always encouraged to report cybersecurity incidents and they know where and how and to report incidents. Creating an organizational culture where people are encouraged to report mistakes could be the difference between containing a cyber incident or not. Measurements to test effectiveness: This is often done with phishing simulations. Employees have a clear understanding of what acceptable vs what is not acceptable. Information security becomes a shared responsibility instead of CISO’s sole responsibility. The below image depicts percentage of adopted awareness capabilities Security architecture principles such as Defence in Depth, the failure of a single component of the security architecture should not compromise the security of the entire system. A defense-in-depth mechanism should be applied to mitigate phishing related risks. This approach applies security in different layers of protection, which implies that if one control fails the next layers of controls will be able to block or stop the phishing attack. The controls involve a combination of people, processes and technologies. User behavior analytics (UBA) should be used to augment the awareness programme by detecting insider threats, targeted attacks, and financial fraud and track users’ activities. Advanced our phishing attack simulations by using GEN AI based simulations should also be conducted to combat advanced phishing attacks. Possible Measurements There are several measures that can be applied to measure the level of a security conscious culture: Employees attitudes towards security protocols and issues. Behaviour and actions of employees that have direct and indirect security implications. Employees understanding, knowledge and awareness of security issues and activities. How communication channels promote a sense of belonging and offer support related to security issues and incident reporting. Employee knowledge, support and compliance to security policies, standards and procedures. Knowledge and adherence to unwritten rules of conduct related to security. How employees perceive their responsibilities as a critical success factor in mitigating cyber risks. Conclusion According to Gartner, by 2025, 40% of cybersecurity programs will deploy socio-behavioural principles (such as nudge techniques ) to influence security culture across the organization. Recent human based cyber-attacks, together AI enabled phishing attacks, make it imperative to tighten human based controls. Promoting a security conscious culture will play a fundamental role in transforming people from being the weakest into the strongest link in the cybersecurity chain. Building a cybersecurity culture is crucial because it ensures that everyone understands the importance of cybersecurity, adherence to the relevant information security policies and procedures, increase the level of vigilance and mitigate risks associated with data breaches. Furthermore a strong cybersecurity culture fosters better collaboration, accountability and improved security maturity. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
By Dina Alsalamen, VP, Head of Cyber and Information Security Department at Bank ABC In today's interconnected digital landscape, cyber threats pose significant risks to organizations of all sizes and industries. From data breaches to ransomware attacks, the consequences of cyber incidents can be severe, show more ...
including financial losses, reputational damage, and regulatory penalties. To effectively mitigate these risks and safeguard their operations, organizations must prioritize building cyber resilience. In this article, we'll explore strategies and best practices for building a cyber-resilient organization. Understand Your Risks The first step in building cyber resilience is understanding the unique risks facing your organization. Conduct a comprehensive risk assessment to identify potential threats, vulnerabilities, and their potential impact on your business operations. This assessment should encompass all aspects of your organization's IT infrastructure, including networks, systems, applications, and data assets. Develop a Cybersecurity Strategy Based on your risk assessment, develop a robust cybersecurity strategy that aligns with your organization's goals and priorities. This strategy should outline clear objectives, policies, and procedures for protecting against cyber threats. Key components of your cybersecurity strategy may include: Risk Management Framework: Establish a risk management framework to systematically identify, assess, and mitigate cyber risks across your organization. Security Controls: Implement a layered approach to cybersecurity by deploying a combination of preventive, detective, and responsive security controls. Incident Response Plan: Develop a detailed incident response plan outlining procedures for detecting, responding to, and recovering from cyber incidents. Employee Training and Awareness: Educate employees about cybersecurity best practices and raise awareness about the importance of security hygiene in everyday operations. Implement Security Controls Deploy a range of security controls to protect your organization's digital assets from cyber threats. These controls may include: Firewalls and Intrusion Detection Systems: Implement firewalls and intrusion detection systems to monitor and control network traffic, identifying and blocking malicious activities. Endpoint Protection: Install endpoint protection solutions, such as antivirus software and endpoint detection and response (EDR) tools, to defend against malware and other malicious threats targeting end-user devices. Data Encryption: Encrypt sensitive data both at rest and in transit to prevent unauthorized access and protect confidentiality. Multi-Factor Authentication (MFA): Enable MFA for accessing critical systems and applications, adding an extra layer of security beyond passwords. Continuously Monitor and Assess Cyber threats are constantly evolving, so it's essential to continuously monitor your organization's security posture and assess for vulnerabilities. Implement threat detection tools and security monitoring systems to detect and respond to suspicious activities in real-time. Conduct regular security assessments, including penetration testing and vulnerability scanning, to identify weaknesses and address them proactively. Foster a Culture of Cyber Resilience Building a cyber-resilient organization requires a collective effort from all stakeholders, from top management to frontline employees. Foster a culture of cyber resilience by promoting collaboration, accountability, and a shared responsibility for cybersecurity across the organization. Encourage open communication channels for reporting security incidents and provide support and resources for ongoing training and skill development. Conclusion Building a cyber-resilient organization is an ongoing process that requires proactive planning, investment, and commitment from leadership and employees alike. By understanding your risks, developing a comprehensive cybersecurity strategy, implementing robust security controls, continuously monitoring and assessing your security posture, and fostering a culture of cyber resilience, you can strengthen your organization's ability to withstand and recover from cyber threats, ensuring the continuity of your business operations in an increasingly digital world. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
