In today’s interconnected digital realm, the advent of artificial intelligence (AI) has catalysed a profound shift, unleashing a wave of unparalleled ingenuity and operational efficiency. Whether revolutionizing business processes or elevating user engagements, AI has seamlessly integrated into the fabric of contemporary society.
However, as AI’s influence expands and evolves, it assumes a dual role in cybersecurity, offering unprecedented opportunities alongside formidable challenges for organizations worldwide. With the demand for robust cybersecurity measures escalating, we seize this opportunity to showcase the eminent leaders spearheading advancements in safeguarding digital assets.
Today, we feature Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, and discuss his journey in security.
Tell us how you got into the field of technology and cybersecurity and what your journey has been like.
I started my career in the age of first-generation “Directories” – LDAP, X500, and Active Directory. At that time, we didn’t refer to this as “Identity Management”, but it was the dawn of true Identity and Access Management (I&AM). Around these first generation directories, I developed my expertise in Public Key Infrastructure ((PKI) X.509 certificates).
A few years later, I joined RSA (a security vendor), where my remit encompassed many subjects, including cryptography, multi-factor authentication, I&AM, Online fraud, and Risk Management. Over the years, as my expertise grew, I rose through the ranks, eventually leading a team of engineers in the Threat Detection & Response domain (SOC).
Two years ago, I joined Tenable, an exposure management pioneer. Now, my focus is on helping organisations understand and practise ‘Preventative Cybersecurity’ to strengthen defences and thwart successful attacks and incursions.
How has cybersecurity as a space changed and transformed in a post-pandemic world?
The Global pandemic dramatically changed how we work, and for some organisations, this transition happened practically overnight. Instead of travelling to offices or other places of work, we connected to systems and resources remotely.
From a cybersecurity standpoint, this has had a massive impact in the way we need to think about security:
The home network, which had never been secured, suddenly became an extension of the corporate network. Home routers were the only way employees could gain access to resources, significantly expanding the threat landscape.
The only way to secure these connections was to use Virtual Private Networks (VPNs) and multi-factor authentication (MFA).
As organisations moved resources to the cloud, negating the need for VPNs, life for remote workers was simplified and provided a layer of security for organisations.
If we could retain one single ‘Post-pandemic’ change, it would be the acceleration of cloud services (Solutions as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), etc…). The cloud has changed how we work today, removing the need for physical racks of machines accessible only remotely. Machines need not be hardwired to the corporate network to be secure.
Of course, we still have some OnPrem solutions deployed and used. However, most organisations operate a hybrid environment, combining a blend of Private and Public Cloud with OnPrem resources.
Today’s new normal means the ‘castle’ represented by the ‘corporate network’ is now fragmented, resulting in an attack surface that has never been so large or dynamic.
How has AI impacted cybersecurity, and how can it help build better security systems?
Even though everyone has been talking about Artificial Intelligence (AI) for the past 15 months, it is not new in cybersecurity. For decades, we have been using Machine learning and Deep learning technologies to enable cybersecurity professionals to access “low signals” data that AI can help identify. These data have been used to determine indicators of compromise in parts of the network or devices.
What is new is the emergence of Generative Pre-training Transformers (GPT) and large language models (LLM). GenAI has added the capacity to explain complex schemas, like attack paths, or help with Natural Language Processing (NLP). This helps to accelerate the work a security analyst needs to deliver.
Today, AI should be considered an assistant, with the final decision always on the shoulders of the security practitioner and his hierarchy. This is their ownership.
What should organisations keep in mind in 2024 while looking at cybersecurity?
We need to remember that, in most instances, it is a known vulnerability that allows threat actors an entry point to the organisation’s infrastructure. Having gained entry, threat actors will then look to infiltrate the organisation further to steal data, encrypt stems, or engage in other nefarious activities.
Non-malicious misconfigurations, such as basic human error, from configurations left ‘by default’ to developers submitting code through a DevOps high-speed cycle, are human mistakes. However, not checking for these misconfigurations leaves the doors wide open to attackers.
Often, there is a belief that, because an organisation is ‘smaller’, they won’t be a target for attacks. That couldn’t be further from the truth. Yes, typically, the big names make the headlines. Still, increasingly smaller organisations are also targeted as threat actors realise that they are part of the supply chain and often open the door, given the interconnected working practices, to larger companies.
Ten years ago, a ransomware attack was obvious. The computer (PC) was bricked, and a ransomware demand was displayed on the screen. Today, attacks are less obvious and can go undetected for a few weeks as threat actors look to obfuscate their presence, allowing them to creep around infrastructure for nefarious purposes.
Ransomware gangs employ double extortion methods, which combine encryption with another sinister element. Before those files are encrypted, ransomware groups steal them and threaten to publish them on the dark web if a ransom is not paid. The added pressure from this type of extortion has helped make ransomware successful.
Organisations must understand the global context around us—the combination of pressured economy, activism, and geopolitical tensions—to understand the threat landscape. Focusing only on the pure ‘technological’ part is not enough to reduce risk. Key to risk reduction is a proactive, preventive approach.
Getting visibility into where your biggest risk areas are – we call this exposure management – is critical to knowing which doors and windows are wide open and need to be closed first. Threat actors move quickly, and trying to detect and react to their movements is inefficient today.
Give us the top trends in the cybersecurity space that you see
Ransomware is still the top threat today. The number of attacks experienced by organisations daily is growing, and breaches are breaking more and more records in terms of the number of records breached or the volume of data exfiltrated.
Cloud Security is another real challenge for all organisations. The move to cloud resources forces security teams to rethink how they handle security. The traditional perimeter approach, with endpoint and/or server as the focus of security practices, is almost useless when discussing serverless microservices and containers.
Identity has returned as the main focus of concern. Twenty-five years ago, we discussed the challenge of managing identities with the beginning of I&AM. The problem is still very much evident but far more complex: federated identities, MFA, Active Directory, and EntraID, combined with all the cloud-based Identities with AWS, Azure, GCP, and the list goes on.
Of course, like any other technology, AI is another area of focus. Attackers are just beginning to realise the capabilities it offers, and as defenders, we must also determine how to use the technology. Harnessing the power and speed of Generative AI, such as Google Virtex AI, OpenAI GPT-4, LangChain, and many others, it is possible to return new intelligent information in minutes.
This can be used to accelerate research and development cycles in cybersecurity, to search for patterns and explain what’s found in the simplest language possible. Harnessing the power of AI enables security teams to work faster, search faster, analyse faster and ultimately make decisions faster.
