cyber security

Cybersecurity: A battle between Human and Technology

The world of cybersecurity is becoming complex as businesses and humans are increasingly becoming dependent on technology in their day-to-day lives and with the continuously evolving threat landscape. Businesses and individuals are benefiting from being globally connected. It even helped in the difficult period of the pandemic. The terms like connected gadgets, and IoT are becoming household names; appliances are getting smart and connected; communication technologies are evolving, and remote working is becoming a norm in many industries. Companies are looking to adopt Artificial Intelligence (AI) and Machine Learning (ML) to carry out repetitive and mundane tasks.

As technology helps us solve complex problems and provides convenience, threat actors are also using smarter and advanced techniques to breach security shields. With an increase in dependence on technology and the ever-evolving cyber world, threat actors also get access to sophisticated techniques to carry out the attacks. While technology has increased, the human element cannot be eliminated who uses and operates these devices. The technologies and devices can be as secure and as smart as they are configured by humans and regularly patched and updated to the newest versions. Looking at the past data of breaches, it can be observed that human errors have caused a major portion of Cybersecurity breaches.

The human element contributing to the breaches can be intentional like an insider threat or unintentional like an error caused by inadvertent action or inaction. While organizations continue to invest in newer technologies to boost their cyber security posture, the basics of security still mandate to equally paying attention to people and processes along with technology. Humans often tend to make mistakes in decision making which may be due to a lack of data insights or there can be gaps in skills in handling the technology. Effective security awareness training conducted regularly often reduces human errors.

Solutions like spam filters and mobile device management systems help in protecting end-users. Also, modern anti-malware and threat detection software help stop sophisticated attacks, however, they can be only effective if they are configured properly and utilised effectively. Unless the administrators have proper knowledge of the products and have resources available to tune them according to individual use cases, the cybercriminals will still be able to penetrate them. 

Increased use of AI has shown benefits in detecting and preventing cybercriminals from exploiting vulnerabilities. AI has helped many organizations reduce the technology gaps related to the details of cybersecurity. The use of AI and ML helps perform a variety of tasks with consistent results eliminating the need for large technical manpower. Many security solutions, like Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), are available in the market and use a combination of programs to recognize the behavioural patterns in attacks and triage threats to trigger necessary alerts and start remediation. According to estimates, the market for AI in cybersecurity will grow from $3.92 billion in 2017 to $34.81 billion by 2025, at a compound annual growth rate (CAGR) of 31.38%. One of the other common challenges, often faced by It companies is programming errors. AI research is planning for Artificial Intelligence for software testing (AIST) design software that can self-test and self-heal.

However, though AI offers benefits, it cannot be completely relied upon for Cybersecurity solutions. Threat actors also use sophisticated tools using AI and ML to confuse detection technologies. Cybercriminals often make use of attacks like social engineering, and phishing if they fail to penetrate technologies like perimeter security e.g., Firewalls, IDS/IPS. According to Verizon Data Breach Report (DBIR) 2021, Phishing is involved in 36% of breaches.

While technology can aid you with all the necessary ammunition to fight against these attacks, human intuition and creativity also continue to play an important role in this battle. The key lies in reducing opportunity by educating end users. The perspective would need to change from tagging humans as the weakest link in the line of security to ensuring they have the right tools and technologies, along with setting processes and appropriate training so that they can be the first line of defence against any attack.

The article has been written by Amit Jaju, Senior MD at Ankura Consulting

Leave a Reply

Your email address will not be published. Required fields are marked *