Enterprises are rapidly embracing Artificial Intelligence (AI) and Machine Learning (ML) tools, with transactions skyrocketing by almost 600% in less than a year, according to a recent report by Zscaler. The surge, from 521 million transactions in April 2023 to 3.1 billion monthly by January 2024, underscores a growing reliance on these technologies. However, heightened security concerns have led to a 577% increase in blocked AI/ML transactions, as organisations grapple with emerging cyber threats.
The report highlights the developing tactics of cyber attackers, who now exploit AI tools like Language Model-based Machine Learning (LLMs) to infiltrate organisations covertly. Adversarial AI, a form of AI designed to bypass traditional security measures, poses a particularly stealthy threat.
Concerns about data protection and privacy loom large as enterprises integrate AI/ML tools into their operations. Industries such as healthcare, finance, insurance, services, technology, and manufacturing are at risk, with manufacturing leading in AI traffic generation.
To mitigate risks, many Chief Information Security Officers (CISOs) opt to block a record number of AI/ML transactions, although this approach is seen as a short-term solution. The most commonly blocked AI tools include ChatGPT and OpenAI, while domains like Bing.com and Drift.com are among the most frequently blocked.
However, blocking transactions alone may not suffice in the face of evolving cyber threats. Leading cybersecurity vendors are exploring novel approaches to threat detection, leveraging telemetry data and AI capabilities to identify and respond to potential risks more effectively.
CISOs and security teams face a daunting task in defending against AI-driven attacks, necessitating a comprehensive cybersecurity strategy. Balancing productivity and security is crucial, as evidenced by recent incidents like vishing and smishing attacks targeting high-profile executives.
Attackers increasingly leverage AI in ransomware attacks, automating various stages of the attack chain for faster and more targeted strikes. Generative AI, in particular, enables attackers to identify vulnerabilities and exploit them with greater efficiency, posing significant challenges to enterprise security.
Taking into account these advancements, enterprises must prioritise risk management and enhance their cybersecurity posture to combat the dynamic AI threat landscape. Educating board members and implementing robust security measures are essential in safeguarding against AI-driven cyberattacks.
As institutions deal with the complexities of AI adoption, ensuring data privacy, protecting intellectual property, and mitigating the risks associated with AI tools become paramount. By staying vigilant and adopting proactive security measures, enterprises can better defend against the growing threat posed by these cyberattacks.
As businesses embrace the cloud, software-as-a-service (SaaS), and remote work, a million-dollar question arises: How will these roles evolve? The answer seems as complex as the myriad factors influencing it – company size, industry, culture, existing organizational charts, and future digital transformation plans, to name a few. Some advocate maintaining the status quo, while others propose a more specialized split between a business-oriented executive focused on risk management and compliance, and a technical executive honing in on threat prevention and response.
Regardless of the path chosen, the crux of the matter remains – the imperative need for collaboration and alignment between CIOs and CISOs. In a world where successful digital transformation is contingent upon the delicate relation between innovation and security, these IT leaders find themselves at the forefront, shaping the future of businesses large and small. The article will delve into the intricacies of this new development, shedding light on the collaborative journey of CIOs and CISOs as they navigate the ever-changing currents of technology and cybersecurity.
About two decades ago, CIOs primarily focused on managing an organization's IT infrastructure and applications. However, with the rise of digital transformation, cloud computing, and remote work, their role has shifted. Today, CIOs act as brokers of IT services, concentrating on how technology can drive innovation and effectively managing resources.
Concurrently, the profile of CISOs has been on the rise, fueled by compliance mandates, data breaches, and emerging cybersecurity threats. Compliance requirements such as HIPAA, PCI DSS, GDPR, and SOC 2 have played a dual role – increasing the visibility and budgets for cybersecurity teams but often falling short in addressing sophisticated threats like phishing and ransomware.
The growing importance of digital security at the board level has prompted CIOs, traditionally the voice of digital matters, to delve deeper into understanding cybersecurity. This trend blurs the lines between the roles of CIOs and CISOs.
Enter digital transformation, offering an opportunity to enhance cybersecurity. Despite some skepticism about its promises, digital transformation has necessitated closer collaboration between CIOs and CISOs. While CIOs continue to guide the ship, CISOs have become proactive partners, deeply involved in operational decision-making from the outset.
As companies embrace the cloud, software-as-a-service (SaaS), and remote work, the question arises – how will these roles evolve? The answer is not straightforward and depends on various factors like company size, industry, culture, and existing IT setup. Some suggest maintaining the status quo, while others propose splitting the roles into a business-oriented executive focusing on risk management and compliance, and a more technical executive concentrating on threat prevention and response.
Regardless of the direction these roles take, the overarching theme is the critical need for collaboration and alignment between CIOs and CISOs for successful digital transformation. This synergy is essential not only during the transformation process but also for navigating the evolving cybersecurity landscape.
In essence, the traditional boundaries between CIOs and CISOs are fading, giving way to a collaborative approach that acknowledges the intertwined nature of technology and cybersecurity. As companies navigate this evolution, the success of their digital transformation hinges on the ability of these IT leaders to work hand-in-hand, ensuring a secure and innovative future for businesses of all sizes.
This transformative shift emphasises the importance of simplifying and strengthening the relationship between CIOs and CISOs, creating a united front against the ever-growing challenges of the digital age.
It has been observed that around 85% of the IT decision-makers are now setting identity and access management investments as their main priority, rather than any other security solution. This is stated in the CISO Survival Guide published by Cisco Investments, the startup division of Cisco, along with the venture capital firms Forgepoint Capital, NightDragon, and Team8.
Interviews with Cisco customers, chief information security officers, innovators, startup founders, and other experts led to the creation of the 'guide', which examined the cybersecurity market in relation to identity management, data protection, software supply chain integrity, and cloud migration.
From 30,000 feet up: More interoperability, less friction, and data that is genuinely relevant and understandable for decision-makers, according to interviewees, are the most essential requirements.
The main spending priorities of the report were fairly evenly distributed, with user and device identity, cloud identity, governance, and remote access receiving the most mentions from CISOs.
Cloud security turned out to be the primary concern, with a focus on the newly emerging field of managing cloud infrastructure entitlements.
The three main areas of identity access management, clouds, and data that CISOs believe are most concerning are:
Moreover, the authors of the Cisco Investment Study note that “This trend imposes cycles for CISOs to vet and unpack these purportedly new categories, only for them to discover they are a rehash of existing solutions.”
Apparently, some top motivators cited by CISCOs will be investing in identity management solutions for the management of user access privileges, identity compliance, and the swift expansion of companies' threat surfaces.
Here, we are mentioning some of the changes that the IT decision-makers look forward to in the next-generation identity platforms:
Before the rapid development and popularity of digitization, the role of CISO (Chief Information Security Officer) was constrained to just being a part of IT teams, directing IT staff and planning cybersecurity defense. Regardless of conducting crucial tasks, CISOs were not traditionally a part of high management and had limited influence on the main business.
This has changed due to the rising risk of a cybersecurity breach and the rising expense of remediation. CISO is no longer a mere security evangelist, but holds much greater significance in the IT world.
However, with more power comes more responsibility. The cyber landscape now has become more complicated than ever, with more frequent cybercrime activities being witnessed than ever before. As cyberattacks become more complex, frequent, and damaging, the CISO is ultimately responsible for any defensive blunders made in defending against existing and new risks.
Moreover, the shortage of security professionals only adds to the struggle and strain that comes with this profession. Thus, CISO is required to focus on this issue to maintain its efficiency, with their evolving jobs. They may both safeguard their businesses and reduce their stress levels by devoting time and money to important areas like cultivating loyalty, dealing with legacy systems, and developing a culture that prioritizes security.
Competing with one another, CISOs are striving to acquire qualified cybersecurity personnel. Because there is now a dearth of qualified cybersecurity professionals and great demand, the majority of them may select where they work and demand higher pay. It will be challenging to compete with this, especially for CISOs who increasingly have more budgetary authority but also more accountability for spending wisely.
CISO can instead employee professionals who are not much skilled in cybersecurity, or even work in IT. They might gradually transition into important new cybersecurity responsibilities with the correct training and assistance. After all, not all cybersecurity positions require technological expertise.
Moreover, for roles that do require technical skills, Many firms have an underutilized resource—their developer community. Developers are in a great position to upgrade their skills, could learn secure coding approaches, and share responsibility for security because of their solid understanding of how computers function.
Looking internally eventually profits a firm’s morale and loyalty. Also, the corporation gains new cybersecurity expertise, and their employees gain whole new lucrative career.
Patching systems and keeping them up-to-date is not an easy task. While many company are already equipped with built up infrastructure, including legacy equipment, frameworks, and equipment that has been tightly interwoven into their work processes, ripping out and replacing is not an easy alternative. CISOs are responsible for preserving and managing these older programs, while also using the most recent apps that are running in hybrid clouds and using contemporary frameworks.
However, cybercriminals are smart. When attempting to hack into a network or steal data, they nearly always seek for the weakest link, and such outdated frameworks, apps, and infrastructures are frequently the chosen targets.
Thus, CISOs are required to work on their maintenance plans for all legacy software. External access should be completely eliminated, if at all possible, but it is crucial that teams receive training in security best practices for all active programming languages through practical training methods and courses. Nothing gets left behind when the most recent technologies are used alongside outdated languages that have proper security support.
In order to improve security and ease the CISO's workload, the solution may not entirely depend on technology. The best way to genuinely establish a company where security is a top priority is through a shift in culture. CISOs are in a unique position to drive this transition, both with other executives and the people they lead. They are both members of senior management and members of the security team.
A security-first culture will thus implant security into every aspect of a company's operations. Instead of being a consideration until later in the SDLC, developers should be able to write secure code that is devoid of flaws and resistant to assaults right away. This effort should be led by designated security champions from among the developer ranks, who will serve as both a coach and a motivator. With this strategy, security is ingrained in the team's DNA and supported by management rather than being mandated from above.
While these changes cannot be met overnight, they may happen gradually with some combined efforts. Since, the threat landscapes remain complex, highly advanced and ubiquitous to be handled by any one individual or a small team. Thus, it requires every employee – no matter their role – to actively contribute to increased security; only then will a business have a chance to prevent costly breaches and downtime.
In a significant move to enhance cybersecurity measures, the Securities and Exchange Commission (SEC) has recently approved new regulations. These rules mandate that public companies must promptly disclose any cybersecurity breaches within a strict four-day timeframe. Additionally, the SEC requires these companies to elevate their Board's proficiency in handling cyber risk and overseeing cybersecurity matters.
Zero trust is an essential requirement for getting an IAM right, and identity is at the heart of zero trust. CISOs must adopt a zero-trust framework thoroughly and proceed as though a breach has already occurred. (They should be mindful, though, that cybersecurity providers frequently exaggerate the possibilities of zero trust.)
According to CrowdStrike’s George Kurtz, “Identity-first security is critical for zero trust because it enables organizations to implement strong and effective access controls based on their users’ needs. By continuously verifying the identity of users and devices, organizations can reduce the risk of unauthorized access and protect against potential threats.” He says that“80% of the attacks, or the compromises that we see, use some form of identity and credential theft.”
According to CISO, one of the significant challenges in staying updated with the IAM technology is the pressure that comes with their cybersecurity tech stakes and goals like getting more done with less workforce and budget. 63% percent of CISOs choose extended detection and response (XDR), and 96% plan to combine their security platforms. The majority of CISOs, up from 61% in 2021, have consolidation on their roadmaps, according to Cynet's 2022 CISO study.
As customers combine their IT stacks, cybersecurity providers like CrowdStrike, Palo Alto Networks, Zscaler, and others see new sales prospects. According to Gartner, global investment in IAM will increase by 11.8% year between 2023 and 2027, from $20.7 billion to $32.4 billion. Leading IAM suppliers include IBM, Microsoft Azure Active Directory, Palo Alto Networks, Zscaler, CrowdStrike, Delinea, Ericom, ForgeRock, Google Cloud Identity, and AWS Identity and Access Management.
We are mentioning some of the IAM aspects that CISOs and CIOs must know of in 2023:
An Insider attack is a nightmare for CISOs, raising concerns about their jobs that keep them up all night. According to some CISOs, a notorious insider attack that is not caught on time could cost them and their teams their jobs, especially in financial services. Furthermore, internal attacks are as complicated as or harder to identify than exterior attacks, according to 92% of security leaders.
A common error is importing legacy credentials into a new identity management system. Take your time examining and erasing credentials. Over half of the businesses have encountered an insider threat in the previous year, according to 74% of organizations, who also claim that insider attacks have escalated. 20 or more internal attacks have occurred in 8% of people.
According to Ivanti's Press Reset, a 2023 Cybersecurity Status Report, 45% of businesses believe that previous workers and contractors still have active access to the company's systems and files. “Large organizations often fail to account for the huge ecosystem of apps, platforms and third-party services that grant access well past an employee’s termination,” said Dr. Srinivas Mukkamala, chief product officer at Ivanti.
Multifactor Authentication (MFA) is essential as a first line of zero-trust security, according to CISOs, CIOs, and SecOps team members interviewed by VentureBeat. MFA is an instant win that CISOs have consistently told VentureBeat they rely on to demonstrate the success of their zero-trust projects.
They advise that MFA should be implemented with as little impact on employees' productivity as possible. The most effective multi-factor authentication (MFA) implementations combine password or PIN code authentication with biometric, behavioral biometric, or what-you-have (token) aspects.
ITDR tools could mitigate risks and strengthen security configuration. Additionally, they may identify attacks, offer remedies, and uncover and repair configuration flaws in the IAM system. Enterprises can strengthen their security postures and lower their risk of an IAM infrastructure breach by implementing ITDR to safeguard IAM systems and repositories, including Active Directory (AD).
Some of the popular vendors include Authomize, CrowdStrike, Microsoft, Netwrix, Quest, Semperis, SentinelOne (Attivo Networks), Silverfort, SpecterOps, and Tenable.
The draft, Master Directions on Cyber Resilience and Digital Payment Security Controls for PSO, proposes a governance mechanism for the identification, analysis, monitoring, and management of cybersecurity risks.
RBI confirms that these norms will be implemented from April 1, 2024, for large non-bank-PSOs. For medium-sized non-bank PSOs, the norms will be implemented by April 1, 2026, as for the smaller ones, the deadline is April 1, 2028.
The key responsibility of the draft circular will be designated to a sub-committee of the board that must meet at least once every quarter.
"The PSO shall formulate a board-approved Information Security (IS) policy to manage potential information security risks covering all applications and products concerning payment systems as well as management of risks that have materialised," the draft note said.
“The directions will also cover baseline security measures for ensuring system resiliency as well as safe and secure digital payment transactions[…]However, they shall endeavour to migrate to the latest security standards. The existing instructions on security and risk mitigation measures for payments done using cards, Prepaid Payment Instruments (PPIs) and mobile banking continue to be applicable as hitherto,” the RBI noted.
As per the proposed norms, the PSO will define relevant key risk indicators (KRIs) to identify possible risk events and key performance indicators (KPIs) to evaluate the efficacy of security controls.
According to the RBI, the PSO must conduct cyber-risk assessment exercises pertaining to the launch of new products, services, and technologies along with initiating innovative changes in infrastructure or processes of existing products and services. The central bank is seeking feedback on the draft norms by June 30.
In order to manage potential information security risks involving all applications and products related to payment systems, the PSO has been asked to develop an Information Security (IS) policy that has been authorized by the board.
According to the proposed norms, the PSO was required to create a business continuity plan (BCP) based on several cyber threat scenarios, including the most unlikely but conceivable occurrences to which it might be subjected. To manage cyber security events or incidents, the BCP should be evaluated at least once a year and include a thorough response, resume, and recovery plan.
Moreover, a senior-level executive like the chief information security officer (CISO) will be in charge of implementing the information security policy and the cyber resilience framework as well as continuously reviewing the overall IS posture of PSO. According to the draft norms, the PSO must implement safeguards to keep its network and systems safe from external assaults.
The PSO must also implement a thorough data leak prevention policy to ensure the confidentiality, integrity, availability, and protection of business and customer information (both in transit and at rest), in accordance with the importance and sensitivity of the information held or transmitted.