Randy Abrams, Senior Security Analyst at SecureIQ Lab on security trends, false positives, and the talent pipeline for security.
Find out more at www.absolute.com
Transcript:
In my analysis of the current trends, like everyone's talking about ransomware, and wipers, pretending to be ransomware. And yeah, that's the big story. But here's the background, what's happening behind the scenes the background is we don't have enough outreach for cybersecurity education. And that's a national security issue, we need more techies. And it's not just the government needs more places like to say they need more cyber defense skill, because supply chains huge. But it might not be the people you think are most likely to need to do the outreach. It's great that companies do outreach and internships, that's all wonderful. But who do you think it is? That really needs to do outreach? It's your recent computer science graduates, people graduating the people, one or two years into the field. And the reason for that is, there's a huge shortage of talent. These people go for, you know, five years, they get into the management area. What are they going to do to support them? They need really qualified people to make them look good. You know, so it's critical that these fresh faces coming into the field, help encourage other people to join. It's national security. And it's their success to. AI is really all about heuristics. And these companies will say we don't use heuristics, well, yeah, anything that's rule based is heuristics. And AI is all about very complex rules. The problem is, as AI gets more and more developed, it gets less and less understood by the creators. And what I mean by that is, the programs will make decisions that no human would have made. Maybe a million monkeys throwing darts at a dartboard would have been no human would have made.
And there have been detections for threats, that the vendors have no idea how it was detected. That also makes it more difficult at times, to figure out why there's a false positive, you have to have a different look at false positives now than you used to. In the old days.
Malware wasn't nearly as vicious and false positives cause major headaches to the point where you asked him the enterprise IT person and it's like a false positive was worse than missing a virus. That's different today. Ask Maris the shipping line, you know, the not Petya hit them.
And it was only one offline domain server in Ghana, I believe that saved them from having to recreate their entire Active Directory system. So I mean, they end up spending 800 I think was $800 million because of that threat. And the thing about AI is you have to balance any heuristics, you have to balance how aggressive it is because aggressive causes more false positives, or potentially does. But if it isn't aggressive enough, you're missing too much. And so now what really becomes important is identifying the severity of a false positive because you're going to get them so as a CISO especially has to educate their staff on what these false positives mean. A seaso has to have a very good SLA with their security vendors because they need to get things fixed quickly.
3 авг 2022
