In a candid interaction with PCQUEST, Vaidyanathan Iyer, Security Software Leader, IBM Indian South/ Asia talked about the role of AI in security and its landscape in India.
The security landscape in India- Why is it no longer a boardroom discussion alone?
As per a 2018 IBM Ponemon study, the average mean time to identify a data breach in India increased from 170 days from the previous year to 188 days. ‘Malicious or criminal attacks’ took 219 days on an average to be identified. The report further highlighted that the average mean time to contain a data breach in India increased from 72 days from the previous year to 78 days. Average time to contain ‘Malicious or criminal attacks’ took 99 days.
Today, the implications of a breach go beyond the C-Suite, impacting financials, brand, client loyalty, employee privacy, legal/regulatory issues, etc. CISOs roles are increasingly becoming more complex and the need for them to work closely with the C-Suite team and board is on rising.
Firstly, the CISOs are entrusted responsibilities to constantly evaluate the relative 'maturity' of the organizations' security controls and also evaluating the progress they are making regularly without waiting for any formal 'audits'. CISOs understand that this is a journey and are adopting industry-standard frameworks as the threat environment evolves so should the risk posture of an organization.
The role of AI in security. How can it help make banks, other utilities, more secure?
We believe the adoption and role of AI within Security space is still at a nascent stage, however, continues to be an important strategy. We believe organizations across various sectors will leverage Cognitive/AI systems to analyze security trends and distill enormous volumes of structured and unstructured data into actionable knowledge.
Security leaders and analysts can’t possibly absorb all the human-generated security knowledge that is out there, including research documents, industry publications, analyst reports, and blogs. Cognitive systems look to blend that information with more traditional security data. Cognitive security solutions will be used in combination with automated, data-driven security technologies, techniques, and processes—helping to ensure the highest levels of context and accuracy.
Cognitive security solutions can help augment the capabilities of SOC analysts—helping them to increase the speed of their response, better identify threats, strengthen application security and reduce the overall level of enterprise risk. The goal is to move analysts away from the mundane, repetitive security tasks to the most intellectually challenging work.
What are the Skilling and Upskilling required in the security era?
With an exponential increase in things to secure (20.8 billion by 2020), there are not enough qualified cybersecurity professionals to conquer the situation. Beyond CISO's worry, cybersecurity is a national security concern. Threats have evolved rapidly in recent years, and are no longer the domain of a limited number of skilled individuals. Malware-for-hire phenomenon has substantially lowered the bar for cybercriminals as lacking the technical know-how is no longer a barrier for those that can rent a botnet, exploit kit, or ransomware package.
The cybersecurity skill gap is at 2.93 million today. Asia Pacific has the largest gap of 2.14 million today as per ISC2 study on Cybersecurity workforce 2018. India today is also deeply affected by the global cyber skill shortage and is predicted to have a shortfall of one million skilled cybersecurity professionals by 2025, according to a DSCI report.
Addressing this gap, our senior experts at IBM who are on the boards of studies of institutes have made security syllabus recommendations to institutes across the country. Our course curricula cut across Application Security, Security Intelligence, Identity and Asset Management, Data Security, Intelligence security and Network security. Some institutes such as Chandigarh University (Mohali), DIT (Dehradun) and Mody University (Women's institute at Lakshmangarh), UPES (Dehradun), Hindustan University and MRIU (Delhi) have adopted the long term security curriculum.
The Application Security Engineer career path prepares students to scan web applications against vulnerabilities and attacks. The Security Intelligence Engineer career path prepares students to learn to consolidate event logs from device endpoints within a network to identify threats. Both these courses have certification exams which students can take at the end of the course. All courses lay the foundation of Cybersecurity.
We also have IBM Security Learning Academy which is a free full-service learning platform, providing a variety of training objects and instruction options.
What is IBM’s security strategy- expansion plans, go-to-market with business partners?
We are leading the journey towards AI and Intelligent Automation in Cybersecurity. We foresee both being a key priority for CISOs in 2019. Enterprises are looking at driving service agility and resilience in their digital business along with data-driven security intelligence which can help them be prepared for any unforeseen threats. We are quite excited about the opportunity in the India market. The market is maturing very fast and the needs are multiplying. IBM has the technology, expertise to be part of this exciting journey. Partners are going to be key in executing this. Our plans include expanding and providing additional outcome-driven solutions to our large clients, help in adoption of cybersecurity for the start-ups, and help move the information security paradigm to the next level in mid-level organizations to support their business strategy.
We have simplified our portfolio to help clients in three strategic areas, strategy and risk, Threat Management/Intelligence and Digital Trust. Further, we are focused on top security needs we hear from our customers around advanced threats, cloud security, mobile and IoT, compliance mandates and addressing the skills shortage in the security space. We are already the largest security provider to the enterprises in India, and we aim to strengthen this position as we drive our security strategy in 2019. We recently announced new Business Partner sales, skilling and technical journeys on the IBM Skills Gateway platform designed to provide partners with the same learning experience as IBM clients and sellers to develop their IBM portfolio expertise and help them earn IBM credentials. We have some interesting courses on IBM QRadar, IBM Cloud Private to name a few.
One of our key plans is GTM with partners. We have large global system Integrators- the Big 4, and key strategic partners who have signed up with us and are successfully executing outcomes. We have a well-defined globally valid XSP model for our partners.