Why you should Rebalance your Cybersecurity Landscape with Machine Learning and Automation
Whether we like it or not, cyber security is, and remains, consistently a news item regardless of the news cycle. And opinions regarding how to improve one’s cyber security posture vary like the shape of leaves falling from trees in the fall. Interestingly enough, within the last few days, very senior cybersecurity officials from both the United Kingdom and the United States agreed publicly on one thing: Cybersecurity automation is required to meet today’s and tomorrow’s newest cyber security threats.
Indeed, Ciaran Martin, the CEO of the UK’s National Cybersecurity Centre noted that his unit was “looking at what a more activist and automated approach” can achieve in fighting lower grade threats. “Like the US and other allies we have a chronic cyber security skills challenge that can only be addressed through sustained, long-term action.” Admiral Mike Rogers had an even more point-blank approach in Senate testimony on Tuesday: “We’re very much interested in artificial intelligence, machine learning, how we can do cyber at scale and at speed. Because if we’re just going to take this largely human capital approach to doing business, that is a losing strategy.”
Though we have written a lot on this topic, the above statements from the two top cybersecurity officials in the US and UK generally represent the feeling today regarding cyber security—that some form of artificial intelligence machine learning and cyber security automation, is a requirement to make the cyber security landscape safe. Why is this so?
1. The skill cybersecurity HR shortage that afflicts nearly all countries;
2. The rise of the nation-state and cyber criminal attacks that have plagued nearly all countries;
3. The dramatic rise of national economies frequently based data storage, innovation, data analytics and mobile smartphones and devices, and
4. The Internet of Things (“IoT”) and the Internet of Everything (“IoE”), which will create not only more network traffic but more opportunities for cyber attacks if connected devices are not, at the very least, secure by design.
AI and Machine Learning cyber security defensive platforms are not “George Jetson”-like technology. They are here today in many forms. From both supervised to unsupervised machine learning platforms, to cognitive computing platforms. They will not put cyber security humans out of business. Rather they will hopefully make us humans even more productive, nearly superhuman, by cutting down on the number of false positive cybersecurity alerts to allow us to focus on more critical and cunning cyberattacks. Mr. Martin and Admiral Rogers feel strongly about cyber security machine learning and automation. Maybe that is a signal that the rest of us should consider these opinions as well. It is time to rebalance the digital cyber security ecosystem. And us humans clearly need some help.
Paul Ferrillo is counsel in Weil, Gotshal & Manges’ Litigation Department.