The importance of modernizing cyber defenses [Q&A]

The state of high-profile cyber incidents in recent years has highlighted the fact that defenses need to be kept up to date to provide adequate protection.

AI and machine learning have the potential to transform security operations to enhance protection against emerging threats. We spoke to Gurucul CEO Saryu Nayyar to get her view on how protection technologies are evolving and why this is so crucial.

BN: Are organizations failing to respond adequately to the changing cyber threat landscape?

SN: Many organizations are struggling to keep pace with the rapidly evolving threat landscape external attacks and insider threats included. Our 2024 Insider Threat Report shed light on this, revealing that 48 percent of companies experienced more insider attacks over the past year, and 51 percent faced six or more attacks. These findings highlight that traditional defenses are no longer sufficient to combat today's sophisticated threats.

To address this, organizations need to adopt proactive security strategies that leverage AI, machine learning, and advanced analytics for real-time detection and response. The challenge isn't just about keeping pace with new threats but ensuring resilience and adaptability for future security. As threat actors continue to evolve their approaches, organizations must ensure they have the tools in place to not only detect anomalies, but also reduce false positives and improve response times, ultimately minimizing potential damage.

BN: How is AI being used to improve threat detection and is there a risk that the attackers will simply turn to AI too?

SN: AI is massively transforming threat detection. One of the key applications is in behavior baselines and real-time anomaly detection. Machine learning models are used to establish what constitutes normal activity within an organization, which allows AI to flag deviations that may indicate threats. Predictive risk scoring is another critical area where AI analyzes behaviors across various data sets, assigning dynamic risk scores to prioritize activities for faster response times. This, in turn, reduces false positives, allowing security teams to focus on the most pressing threats without being inundated by irrelevant alerts.

Additionally, AI enables organizations to manage increasingly complex threats with greater efficiency by automating detection and response workflows. This streamlines the threat management process, while also minimizing the potential for human error. However, as AI strengthens defenses, attackers are also harnessing these technologies to automate and enhance their methods. This emphasizes the critical need for proactive AI defenses that can continuously evolve and adapt to counter AI-driven attacks. For long-term protection, organizations must ensure their systems are adaptive, capable of learning from new threat patterns, and prepared to counter emerging threats.

BN: Do governments need to take a greater role in driving cybersecurity initiatives?

SN: Governments in the United States and abroad have enacted numerous regulations, policies, and information-sharing frameworks aimed at protecting sensitive information, critical infrastructure, and consumer privacy from cyber threats. In the US, these include measures like FISMA, CISA, GLBA, and HIPAA. Certain industries have their own set of requirements like PCI DSS for organizations handling credit card data and DFARS for Department of Defense contractors. The SEC adopted new rules in 2023 pertaining to cybersecurity disclosure for public companies. Organizations must carefully assess which laws apply to them based on their industry, location, and the types of data they handle. They also must ensure that their security operations platform supports their compliance efforts.

BN: Which emerging technologies are going to be most important to combat future threats?

SN: AI and machine learning are at the forefront of technologies that will play a critical role in combating future threats. These technologies enable organizations to detect, predict, and respond to threats in real-time by analyzing vast amounts of data and swiftly identifying suspicious behavior. Our platform utilizes AI capabilities, such as behavioral analytics, to continuously monitor activity, flagging anomalies to mitigate insider threats, account compromises, and external attacks. As cyber threats become more sophisticated, AI's ability to learn from new data and adapt will be key in staying ahead of attackers and closing security gaps.

Zero Trust architecture will also be vital in combating threats by requiring continuous verification of user identities at every access point, regardless of whether the user or device is inside or outside the network. This approach ensures that no implicit trust is granted based on network location, reducing the risk of unauthorized access. By combining Zero Trust with advanced automation technologies, organizations can quickly identify and neutralize threats while minimizing human error, building a strong, adaptive defense.

BN: What does the recent history of cyberattacks have to teach us about anticipating future threats?

SN: The recent history of cyberattacks underscores how increasingly complex IT environments contribute to security vulnerabilities. Findings from our Insider Threat report support this, with 39 percent of organizations identifying complex environments as a major factor behind the rise in insider attacks. These challenges make it difficult for organizations to maintain effective defenses, especially when relying on outdated security measures. To stay ahead of evolving threats, organizations must harness next-generation technologies that deliver real-time insights and predictive capabilities, enabling swift and proactive responses.

Another key takeaway from these attacks is the need for greater visibility across systems. Many organizations continue to use disconnected security tools, leading to detection gaps and delayed responses. By unifying data and applying advanced analytics to monitor behavior, organizations can better anticipate and prevent future attacks. Defense strategies must evolve as quickly as the threats themselves, with data unification, AI, and machine learning ensuring that organizations remain agile and resilient against both internal and external threats.

Image credit: kopitin/depositphotos.com