Rethinking cybersecurity approaches

Michael Heering, Global Field Marketing Director, SANS Institute discusses the impact of AI on the evolving cybersecurity landscape and the need to focus on cybersecurity training

Elaborate on the importance of driving cybersecurity awareness and training cybersecurity experts.

As the number of cybersecurity professionals continues to shrink, with an estimated shortfall of 3.5 million this year, according to Cybersecurity Ventures, validating an employee’s expertise through thorough accreditation will become increasingly necessary. Now, more than ever, it is important to build up cybersecurity awareness and upskill professionals. Organizations should implement comprehensive cybersecurity awareness programs that educate employees on the importance of security practices and the common tactics used by adversaries. Balance technical defenses alongside existing human resources. Regular training sessions, phishing simulations, and the promotion of a security-conscious culture are effective ways to reduce the likelihood of human-error. Strategies such as gamification of training, personalized learning paths, and promoting security as a shared responsibility can also enhance engagement and awareness.

Discuss the impact of AI on the threat landscape and in terms of cybersecurity automation and tools to combat evolving threats.

Organizations are leveraging AI to address various cybersecurity threats through sophisticated means. For malware, AI is used to analyze patterns and quarantine new strains. In combating phishing, AI examines email content and sender behavior to detect attempts. Additionally, to mitigate insider threats, AI monitors user activities to identify unusual behaviors that may signify a threat, showcasing the versatility of AI in tackling diverse cybersecurity challenges.

Incorporating AI into cybersecurity strategies brings critical benefits, notably enhanced threat detection through vast data analysis, automated threat responses for quick mitigation, predictive analytics for forecasting breaches, and a reduction in false positives for more accurate threat identification. These advancements make AI a key component in modern cybersecurity efforts.

However, to harness these benefits fully, there’s an essential need for training. Cybersecurity professionals must be skilled in AI technologies to implement and manage AI-enhanced security measures effectively. Training ensures teams can deploy AI tools efficiently and keep pace with the evolving landscape of cyber threats, making ongoing education and skills development a pivotal aspect of leveraging AI in cybersecurity.

How are compliance requirements playing a key role in cybersecurity investments and strategies?

We’re seeing an increased focus from governments across the world on regulations that push organizations across all sectors to take cybersecurity more seriously and make it an undeniable part of organizational culture and strategy. We’ve seen this in the US with the SEC ruling on Incident Reporting and Management oversight, with the DoD 8140.3, in Europe the new NIS2 Directive also puts more accountability on executive leaders to ensure they’ve done all they can to strengthen their security posture and we’re seeing a renewed focus on cybersecurity regulation in KSA as well.

Organizations as a result, need to rethink their overall strategies around cybersecurity and how this isn’t just a sole responsibility of a CISO or security team. It is a cross-company responsibility that starts with a strong security awareness across all employees, investments in risk assessments and skill assessments to determine where gaps might lie and subsequent investments to close those gaps thro