At a BlackBerry-CybersecAsia roundtable event, CISOs exchanged views on what really matters when tooling up for the current surge in cyber risk sophistication and escalation
In an interesting demonstration of the power of AI-driven predictive endpoint defense that is not based on malware signature matching, a ‘typical user’ showed how his laptop did not need to be connected to the internet to have its 2015 version of Cylance AI defense software effectively detect and quarantine an infamous 2021 malware introduced manually into the system.
Best of all, the malware had not even been detonated by the user for detection and interception to occur: the Cylance agent’s AI engine was doing its job of intercepting every incoming file, on the fly, and detecting any kind of suspicious code through intelligent analysis, rather than depending on virus signatures stored in the Cloud.
Imagine, if this same setup had been installed in any high-profile 2021 supply chain attacks such as the Colonial Pipeline or Kaseya incidents, the outcome of the attacks could have been very different!
Fast forward to 2022
Almost three years since the purchase of Cylance by BlackBerry, the tested-and-proven power of smart AI malware detection has been amplified, updated and integrated into an even more powerful end-to-end solution encompassing the Security-By-Design philosophy.
This was demonstrated to participants of a joint CybersecAsia-BlackBerry C-level roundtable event in Singapore on 24 Aug, where CISOs, CIOs and even a university professor heading a cybersecurity thinktank shared their deep perspectives.
Some of the top challenges cited by the various participants tasked with defending their organizations were:
- The problem of getting workers educated and compliant with cyber hygiene best practices
- The increasingly sophisticated levels of cyberattacks, social engineering scams and highly-realistic phishing emails by threat groups also using AI, deepfakes and machine learning to pull off their patient, slow-paced campaigns
- The growing sense of helplessness as cyber insurance premiums and exclusion clauses render this avenue of fiscal protection redundant
- Increasing pressure to justify the need for escalating cyber defense ”investments” to protect the organization because management boards also have to contend with major business challenges after almost three years of rushed digitalization and pandemic control measures
- Issues surrounding the global switch to hybrid/remote-working exacerbated by IT talent shortages
- Issues around the increasing sprawl in the number of disparate cyber defense tools and measures tacked on to existing infrastructure as more regulatory pressure builds, and more cyberattackers become more state-sponsored and/or increase their agenda to include socio-political and ideological goals
- Boardroom members assuming that “no malware detections” in the system means “no cyber risks” and thereby becoming less receptive to CISO budget requests
The unanimous conclusion by the expert participants and discussion panel was: humans are the weakest link, and that, in the face of increasing sophistication and relentlessness of cyberattacks, all cyber defense measures must focus on prevention; non-signature-based end-to-end security-by-design principles supported by AI-powered zero-trust networking access with low friction; and finally, the adoption of simplified, single-pane-of-glass integrated management of data backups, disaster recovery and crisis management measures.
Prevention is better than cure, but IT administrators bear the brunt!
In one presentation, challenges cited by participants who know the wisdom of the “prevention is better than cure” axiom included: issues such as alert fatigue; lack of IT talent that could match the advanced level of sophisticated cyber threats; and the heavy workloads accruing to the shift to remote-work amid a Great Resignation movement.
Ironically, even with more management boards (usually in the larger firms) being convinced to divert more funding towards the acquisition of more “AI-based” solutions being peddled by every cybersecurity vendor, the alarming rate of high-profile cyberattacks has been increasing for years.
Is spending more to include more cyber tools really bringing returns on investment? Or has this simply increased software/vendor sprawl, reduced employee experience (due to zero trust friction) and causing cyber fatigue that could lead to ‘cyber carelessness’ or cyber indifference at work?
In fact, healthy skepticism among the event participants of the ubiquitous terms ‘AI’ and ‘Zero Trust’ in the latest cyber products/MSP services had created a shared atmosphere of “we do not really know when and whether our latest and greatest cyber efforts and expenditures will be proven untenable.”
It was at this point that BlackBerry presented its take on its secure-by-design solution to address the skepticism and show why and how AI and Zero Trust can work with a proven AI-based detection engine can help CxOs sleep much better after work…
A missing element of current Zero Trust practices
According to a Zoom presentation at the roundtable event by CSO Steven Sim, President, ISACA one reason for the growing but premature skepticism of zero trust today is: an important element is missing or at least, not prominent enough.
According to Sim’s insights into the experiences of thousands of ISACA members, zero-trust practitioners have to assume there will not be any breaches through this strict and intelligent identity management path. “We also need to focus on the inevitability of a breach. By assuming the inevitability of a breach, and by assuming this, teams will perform regular compromise assessments and threat tracking.”
When this overarching missing element is embodied in the zero trust philosophy amid a secure-by-design infrastructure, organizations will become resilient by design, “and become participants of active cybersecurity by sharing threat intelligence through communities such as ISACA,” said Sim.
Holistic AI-driven Security By Design in practice
Having demonstrated how a 2015 version of the continually-improving BlackBerryPROTECT agent’s prevention-first XDR engine could detect and quarantine a 2021 malware, the BlackBerry team explained how the firm has integrated a whole ecosystem of active cybersecurity systems around the core protection:
- BlackBerryGUARD 24/7 managed XDR comprising:
- End-to-end threat detection and response: BlacBerryOptics
- Behavior risk analytics: CylancePERSONA
- Network protection: CylanceGATEWAY
- Information protection: CylanceAVERT
- Critical information and event management (CIEM): BlackBerry Alert
- Low friction Zero Trust Architecture: BlackBerry ZTA powered by CylanceAI
In addition to this exhaustive approach to active cybersecurity, BlackBerry’s solution ecosystem relieves CISOs of allocating valuable staff resources; can be onboarded quickly to existing cyber security systems, and will tap on the collective threat-hunting knowledgebase of global cybersecurity research agencies and private sector firms.
Finally, the lean teams that can employ the BlackBerryGUARD single-pane-of-glass to maintain maximum visibility of the expanded corporate perimeters will have no alert fatigue, be able to rely on quick response teams of experts to make needed interventions on their behalf, and be empowered to devote their time to other critical duties more productively.
Concluding, Yeo Swan Chin, Managing Director (Asia), BlackBerry, made a compelling case for the relevance of BlackBerry’s AI and zero trust solutions even though cyberattacks continue to escalate globally: “Everyone is now introducing AI, but BlackBerry Cylance AI engine is currently already in its 7th generation (of continual improvement). The 6th generation had already gotten to a very high level of efficiency and (detection) accuracy, but with another two-and-a-half-years of refinement, the current iteration is even more future-proof to tackle any new cyber threats.”