In the contemporary landscape of global connectivity, the rise of artificial intelligence (AI) marks the onset of a transformative period characterised by remarkable advancements and heightened efficacy. Across various domains, be it optimising corporate workflows or enriching user interactions, AI innovations have woven themselves intricately into the fabric of contemporary existence.
Yet, amidst AI’s ongoing evolution and widespread adoption, it has become a paradoxical instrument within the cybersecurity domain, offering immense potential while simultaneously posing formidable obstacles for organisations on a global scale.
With the imperative for bolstered cybersecurity protocols and standards on the rise, we seize this moment to spotlight the foremost figures leading the charge in cybersecurity excellence.
Today, we feature Aaron Bugal, Field CTO APJ, Sophos, and go through his journey in the field of security.
Tell us how you got into the field of technology and cybersecurity. What has your journey been like?
I started in technical support over 20 years ago, for a small VAR that was focused on load-testing web applications. Computers and technology were available to me whilst I was growing up – a very close family friend owned a computer repair and supply store, I spent many weekends there helping out, cleaning, stock taking and tinkering with leftover motherboards, hard drives and high-speed UART add on cards to build a PC for myself.
After the technical support role, I moved into another similar role where my focus was on email and web filtering, which quickly turned into a pre-sales role with demonstrations and implementations happening every week.
That foundational knowledge in a blossoming information security age and with major malware events hitting the news (Sasser, Iloveyou, Bugbear) my curiosity into cyber security – even though it wasn’t a big field – was fostered by my employer and I quickly went down the rabbit hole of all things offensive security in a bid to understand how to defend.
How has cybersecurity as a space changed and transformed in a post-pandemic world?
The rapid displacement of people from the office and into working-from-home scenarios has fractured where effort must be placed to ensure resiliency against cyber criminals. Not only do we consider office housing- now described as legacy – infrastructure that we still need to protect but we need to have efficiently implemented endpoint protection systems, always on VPNs and data classification and protection processes.
Add to this the numerous cloud applications and functionality we need to string this together with constant instrumentation and telemetry requiring mandatory review equates to a sprawling set of responsibilities and increased risk.
What has the impact of AI been in the cybersecurity space and how can it help build better security systems?
Artificial Intelligence and the various technological leaps it’s provided are a double-edged sword. On one side we’ve been able to use it to take the overwhelming telemetry most organisational security tooling generated and filter the data points that matter.
Correlating vast amounts of information to find the precursor events that could indicate an attack was imminent. On the other hand, cybercriminals have turned to using GenAI platforms – LLMs, Deepfakes – to build better lures for their phishing campaigns. With one such deepfake incident conning a multinational business out of $25 million.
I do firmly believe that AI with the right governance and investment can be best suited to helping defend businesses against a multitude of attack types. From being able to sample and label unknown code on if it’s malicious or not and to determining new email messages on if they could indicate a scam was in play.
What should organisations keep in mind in 2024 while looking at cybersecurity?
Cyber security is a vast pool of specialisations that all organisations will need to draw on from time to time. However, the skillset of most organisations would suggest that the people needed to drive changes and progress security aren’t there. Shiny new technical tools are one thing but the requirement of human expertise to realise the most from those investments is an absolute.
When considering a protective set of controls, understand if they could be provided as a service for you. Lean on your providers and vendors and ask for them to help you get the most out of what you intend to buy and, just as importantly, what you’ve already invested in.
What are the top five trends in the cybersecurity space currently?
Ransomware will continue to dominate with extortion tactics to continue the course. As long as digital currency exists as a method to elicit payment, then this will continue to bother those who are unprepared.
Cybercriminals will continue to rapidly weaponise new vulnerabilities at an astonishing pace and will require organisations to rapidly patch critical, disclosed vulnerabilities in the software and devices they operate.
The abuse of LOLBINS (living off the land binaries) included with operating systems as a method to laterally move, collect and steal data will continue. This reinforces the requirement that organisations must be watching for abnormal activity when out-of-step activity is witnessed and recorded.
Generative AI and its unregulated use for criminal activity will surge. As well-known AI platforms iterate and make available radical new tech to fabricate and duplicate all media types the people and things represented will require a method to identify them.
Watermarking or even the use of blockchain to help validate known trusted content by publishers will sign their media will be a way to ensure authenticity – similar to driver signing in modern operating systems – not that it’s perfect.
And finally, human vulnerability. As humans, we too are not perfect and can falter. As such, consider your security teams and the responsibility they carry to ensure cyber resilience. Are they equipped with the right resources?
Do they have the best support from their leadership? And is there clear governance around the risk that they’ve been deputised to mitigate? If not, our defenders could suffer fatigue and burnout and in turn not perform as expected. Things could get missed, mistakes may be made and what would have been a small issue turn into a major incident or worse yet, a breach.
