Innovative strategies are reshaping cybersecurity.
Cyber resiliency continues to rise in today’s ‘Era of (Gen)AI’ – and with vulnerabilities in other emerging and increasingly convergent technologies too!
This presents both opportunities and threats, a topic I have had the pleasure to deep dive on with the team at Veritas Technologies LLC Technologies, including speaking on the panel ‘The How of Enabling 360-Degree Defense in the Age of AI’ at reinvent23 recently with Chris Wiborg, VP, Product & Solutions Marketing and Demetrius M. Cloud & Emerging Technologies Advocate both at Veritas.
And you can watch our live discussion on demand now here!
In this piece, I reflect on takeaways from the event, our dialogues and recent announcements and implications for improving cyber resiliency for organisations of all sizes in 2024.
With both cybersecurity risks and (Gen)AI ‘on the rise’, the need for integrative and robust data protection, governance and security solutions has never been more critical. Indeed, every day it can seem that a significant cyberbreach headline is either on the news, or in our inboxes! 🚨And the impact can be both significant and diverse, including tumbling share prices as Vans owner VF Corp recently experienced after a suspected ransomware attack affected its ability to fulfil some orders ahead of Christmas, or having to move from automated to manual processes as exemplified by the recent cyber attack impacting 70% of Iran’s petrol stations. Additional impacts include the potential for a cascade effect across an ecosystem for example a hotel chain as exemplified by the rise in incidents within hospitality, plus of course issues from financial loss, to reputational damage and compliance fines - the list just goes on! No wonder perhaps then that Cybersecurity Ventures have predicted that cybercrime will cost the world $8 trillion USD in 2023 alone.
And at AWS re:Invent23 in Las Vegas, the 12th edition of this globally leading cloud computing (and possibly Generative AI!) event and which attracted over 60,000 participants worldwide, cybersecurity was indeed a theme centre stage, alongside Generative AI, and data privacy and accuracy. In his opening keynote, AWS CEO Adam Selipsky stated ‘the cloud is for everyone’ and supporting the how of this, I would also recommend this video interview by Erin Figer Vice President, Tackle I.O - a Veritas partner around Cloud to Market strategy – an excellent reflection from re:Invent23 around exactly how your business can maximize the value of cloud spend within the AWS Marketplace, and relevant to organisations of all sizes.
So what are the key challenges to address? As we discuss on the panel – quite simply, things have got more complicated! We have an expanded attack surface, and one accelerating still further by increasing IT and OT convergence alongside the ‘rise of AI’ – more on this later. But it’s not only the threat expansion, it’s the diversity of the threats we face too, as bad actors become more and more adaptive.
On top of this, bad actors are increasingly collaborating, sometimes to the extent of organised crime groups (OCGs). Ransomware ‘dwell times’ are shorter than they have ever been, supply chain attacks are rising and specific verticals are facing new hybrid threats, for example killware in the case of energy and utilities. ‘Awareness–to–Action’ gaps persist too, as just one example, which Veritas brought to the fore at Kubecon this year – more than 80% of organizations use Kubernetes in production but less than half have a backup strategy, again bringing the imperative for data resiliency and recovery solutions centre stage. More from Veritas at Kubecon here, joined by Nigel Poulton.
And in dealing with all of this expansion in the scope, scale and sophistication of cyber threats, it involves a lot of different people and a lot of different tools – indeed tool sprawl is a growing challenge and another gap example. A recent survey by JumpCloud reflects just how many tools IT admins alone are juggling - 5% report needing more than 19 applications whilst a majority need at least 3-7 applications ‘to enable employees to do their job’. Conversely, an overwhelming 77% of SME IT admins actually report wanting a single tool. Add to this the perennial challenge of alignment and cross team communications - do your SecOps and the IT ops team really know each other? Meeting skills needs can be a challenge too, especially with the talent gaps in today’s cybersecurity and broader technology market – as Chris Wiborg highlights on the panel, this is particularly true for areas like DevSecOps where individuals that can combine all three skill areas could be described as ‘unicorns’.
And in terms of rising governance needs, relevant examples include the recent SEC Rulings alongside U.S. President Biden’s AI Executive Order, the recent UK AI Safety Summit, the upcoming EU AIAct and NIS2 in the European Union which must be transposed into national laws by October 17th 2024 - more on my thoughts on this are available in depth here.
Now back to Generative AI! Clearly this can be a double-edged sword, on one side, affording the value opportunity for tremendous productivity gains, supporting cybersecurity defence and right through to advancing holistic business outcomes. For security in particular, AI, ML and Deep Learning can support the identification of attack vectors especially precursors, flag concealed anomalies, automatically evaluate and respond to incidents, reduce human-load and help negate human error - some 82% of data breaches involve this. Indeed, a survey by The Economist Intelligence Unit found that 48.9% of global executives and security leaders consider AI and ML as potent tools to combat today’s rapidly evolving cyber threats.
But on the other side, Generative AI also presents risks from mal use by bad actors, from social engineers leveraging AI to launch more persuasive and sophisticated deepfakes and phishing schemes, to use the use of AI-aided CAPTCHA cracking and passport guessing by hackers and the manipulation of ChatGPT to generate malware, circumvent access controls and identify code vulnerabilities. Other challenges include issues around training data variability, quality and bias, issues of hallucination and current trends such as firms are deploying a combination of LLMs from various sources. It is interesting to reflect on how the definition of security itself changes in this evolving context, for example expanding to include the product of what is done with the data sets used to train the models themselves.
On re:Invent23 Day 1 AWS CEO Adam Selipsky announced a range of new AWS capabilities that will support organizations throughout the AI lifecycle with infrastructure, model and applications. Highlights include increased LLM choice, support of multi-modal vector embeddings to Amazon Q and model evaluation on Amazon Bedrock (in preview). Partnerships are also key here alongside proactively leaning into security and compliance, to ensure the longevity and purposeful application of this breakthrough technology.
Veritas’ technology supports organisations to manage their data on AWS providing high-performance cloud solutions at scale. This can range from backing up to Amazon Simple Storage Service (S3), to archiving to Amazon S3 Glacier, migrating workloads to Amazon EC2, or making sure that mission-critical apps are highly available and recoverable across multiple availability zones – this 360 support is embedded by design. A great example of how AWS and Veritas work together in the Healthcare space can be explored now here.
And talking of 360! – Veritas’s comprehensive 360 Defense architecture, which unifies data security, data protection, and data governance capabilities while integrating with top-tier security vendors directly supports addressing the challenges raised. This innovative approach builds on Veritas’s strong legacy within data protection and advances this, with the support of tools, techniques and technology such as AI and ML to offer not just cyber recovery, but cyber preparedness as well, coupled with data governance and data resiliency capabilities. It helps ensure that organizations recover quickly, identify data access permissions, and proactively mitigate threats. More on this here!
I would also recommend checking out the excellent piece by Varun Grover , Product Marketing Leader at Veritas | AI | Cloud who provides a really comprehensive evaluation for his AI Predictions 2024 – and reflecting back on our discussions are re:Invent I especially love the points raised around Personalised Education via AI and Democratization of AI through Open Source. I also see a fusion across Varun’s superb points on AI’s role in Environmental Sustainability and AI’s Strategic Enterprise Applications, and one that must be anchored by a focus on the data and digital infrastructure to empower it!
Look out for more from us next year in this area, plus on the more technical side, including a focus on Traditional AI alongside Generative AI which is sometimes overlooked, and growing areas such AI-Augmented Development and Retrieval Augmented Generation (RAG) and how it enhances LLMs.
You can also join the Veritas AI community to learn more about the latest in AI developments and insights, a superb knowledge resource! And finally, don’t forget to check out my recent podcast with Chris here! :)
A highly experienced chief technology officer, professor in advanced technologies, and a global strategic advisor on digital transformation, Sally Eaves specialises in the application of emergent technologies, notably AI, 5G, cloud, security, and IoT disciplines, for business and IT transformation, alongside social impact at scale, especially from sustainability and DEI perspectives.
An international keynote speaker and author, Sally was an inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations, and has been described as the "torchbearer for ethical tech", founding Aspirational Futures to enhance inclusion, diversity, and belonging in the technology space and beyond. Sally is also the chair for the Global Cyber Trust at GFCYBER.
Dr. Sally Eaves is a highly experienced Chief Technology Officer, Professor in Advanced Technologies and a Global Strategic Advisor on Digital Transformation specialising in the application of emergent technologies, notably AI, FinTech, Blockchain & 5G disciplines, for business transformation and social impact at scale. An international Keynote Speaker and Author, Sally was an inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations in 2018 and has been described as the ‘torchbearer for ethical tech’ founding Aspirational Futures to enhance inclusion, diversity and belonging in the technology space and beyond.