Force multipliers in cybersecurity: Augmenting your security workforce
During his RSA conference keynote, IBM Security's van Zadelhoff highlighted cybersecurity's top three force multipliers and explained best practices to deploy them.
The looming skills shortage in cybersecurity -- with an expected dearth of two million cybersecurity professionals by 2019 -- calls for deploying force multipliers in the industry, according to Marc van Zadelhoff, general manager at IBM Security.
Force multipliers are factors that have the potential to intensify the effectiveness of an object or a group.
"If you have soldiers on the ground, the force multipliers end up being satellites, tankers, aircraft carriers that make the boots on the ground that much effective," van Zadelhoff told the audience at the recent RSA conference. "These are multipliers that can really make a difference in everybody's environment if you apply them well. It takes the three to four thousand people in this audience and allows you to do what ... 100,000 people can do."
In cybersecurity, force multipliers like augmented intelligence, security orchestration and automation, and open collaboration can help augment workforce effectiveness and boost an organization's cybersecurity strategy, van Zadelhoff said during his keynote presentation.
Augmented intelligence
According to van Zadelhoff, artificial or augmented intelligence is a game changer for cybersecurity, and the first of its three force multipliers.
To describe how Augmented intelligence works, he compared it to a chess grandmaster who develops intuition from playing so much that they don't need to constantly think about the next move.
"You know the next dozens of moves; you're thinking more strategically," he said. "That, to me, is the essence of augmented intelligence."
Augmented intelligence is helping people like yourselves to go from doing the work of one of you to a thousand of you.
Marc van Zadelhoffgeneral manager, IBM Security
Applying artificial intelligence to scan source code can reduce false positives by 98%, he said. Machine learning and AI can also be used to help detect insider risk, as well as to identify fraud and new threats, he added. The systems can be trained over a period of time to learn what users are doing, then send out alerts when a user goes rogue or the credentials are accessed by a hacker, he explained.
"Augmented intelligence is helping people like yourselves to go from doing the work of one of you to a thousand of you, if we get this right," he told the audience.
Security orchestration and automation
Organizations are employing security automation and orchestration technologies to make sure that the right person, with the right data, is there at the right time to make decisions, he said. In cybersecurity, it is important that the organization is clear about what actions must be taken after an incident occurs.
Automation technologies can make changes right away to contain the issue, he added, but just relying on technologies isn't enough to help prepare for today's advanced threats, he added. Organizations should also practice breach preparedness drills to test their response, he stressed.
Implementing these security orchestration and automation practices also relies on strong leadership that develops a team atmosphere, and teaches team members to work together during a crisis, he said. It will be important to exhibit these strong cultural traits during a breach, especially because cybersecurity playbooks can crack under pressure, he added.
"People want to practice what it's like to go through a breach," he said. "Security orchestration gives you the technology to respond fast and encourages you to practice it so that [when things go wrong] you're ready."
Open collaboration
To address the global cybercrime threat and drive security innovation, van Zadelhoff encouraged organizations to consider open collaboration and cybersecurity threat information sharing.
Open collaboration allows organizations to share their experiences to improve industry cybersecurity, he said.
"We decided to just be open and see what happens, and that led us to taking terabytes of threat intelligence that we've been gathering and make it available to all of our partners and customers ... to see if people can leverage this data and augment it with their ideas," he said.
