Home Interviews “AI and ML Will Be Enablers for Cybersecurity for the Foreseeable Future”

“AI and ML Will Be Enablers for Cybersecurity for the Foreseeable Future”

Chuck Brooks, President of Brooks Consulting International and Adjunct Faculty at Georgetown University, talks about his journey as a cybersecurity influencer, the long-term impacts of traditional cybercrime, and emerging technologies in AI and ML.

AI and ML

In the first half of 2021, cyber adversaries pried on opportunities to attack enterprise infrastructure and critical industries. Even the slightest security mismanagement motivated them to disrupt operations and exfiltrate data. As the year draws to a close, and with the holiday season around the corner, attack sophistication and scale could see a new shift. Looking at the current cybersecurity landscape, cryptocurrencies, mobile wallets, ransomware attacks targeting supply chains, and deepfakes are the most talked-about topics. At the same time, Artificial Intelligence (AI) and Machine Learning (ML) are among the hottest trends because, if leveraged appropriately, they can identify vulnerabilities and reduce incident response time.

To discuss this further, Pooja Tikekar, Sub Editor at CISO MAG interviewed Chuck Brooks, President of Brooks Consulting International and Adjunct Faculty at Georgetown University. Chuck is a Technology Evangelist, Corporate Executive, Speaker, Writer, and a Government Relations, Business Development, and Marketing Executive.

With over 74,000 followers on LinkedIn, 16,000 followers on Twitter, and 5,000 followers on Facebook, Chuck has built a sizeable community on social media, where he regularly shares the latest happenings and updates from the cybersecurity industry.

He was named The Top 5 Tech People to Follow on LinkedIn. He’s among the world’s 10 Best Cyber Security and Technology Experts, by Best Rated; in the Top 50 Global Influencer in Risk, Compliance, by Thomson Reuters; the Best of The Word in Security, by CISO Platform, and IFSEC’s #2 Global Cybersecurity Influencer.

Chuck was featured in the 2020 and 2021 Onalytica Who’s Who in Cybersecurity as one of the top Influencers for cybersecurity issues and risk management. He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic; the Top Leader in Cybersecurity and Emerging Technologies by Thinkers360, and Top Global Top 50 Marketer by Oncon in 2019.

Chuck has an MA in International Relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Edited excerpts from the interview follow:

You’ve been named the Top Tech Person to Follow by LinkedIn. Would you like to tell our readers how you joined the cybersecurity industry and what your journey has been like as a leading influencer?

My journey as a cybersecurity expert and an influencer has been concentrated on four pillars: government, industry, media, and academia. In government, my journey in security first began as a senior legislative advisor to the late Senator Arlen Specter on national security, international, tech, and other issues. Next, I joined the Department of Homeland Security (DHS), where I was one of the first people brought on to help form the new agency. In my DHS role in government affairs, I had to keep abreast of policies, programs, budgets, and issues. But I also had to understand technologies to counter chemical, biological, radiation, and explosive threats (CBRNE), and learn about cybersecurity and interoperable communications. Back then, CBRNE was the prevailing concern, but homeland security quickly morphed into understanding cybersecurity threats from being digitally connected. I dove right into learning as much as I could on the subject matter and worked closely with leading experts from both government and industry from the outset.

After I left DHS several years later for the private sector, I kept my government networks active and continued to build my subject matter expertise on cybersecurity, technology, and policy. I served in executive roles relating to security for several major global corporations, including Xerox and General Dynamics Mission Systems.

The world of media has also been a passion for me as cybersecurity and emerging tech evangelist. I serve as a contributor to FORBES and a Cybersecurity Expert Advisor to Yahoo and The Washington Post. I am also the Visiting Editor at Homeland Security Today. In the last couple of years alone, I have written well over 200 articles and have been a featured speaker at dozens of conferences, events, and podcasts on homeland security, cybersecurity, and emerging tech.

In academia, I serve as Adjunct Faculty at Georgetown University’s Graduate Applied Intelligence Program and the Graduate Cybersecurity Risk Management Programs, where I teach courses on risk management, homeland security, and cybersecurity. I was an Adjunct Faculty Member at Johns Hopkins University, where I taught a graduate course on homeland security for two years. Teaching students who will be future leaders about cybersecurity is particularly gratifying.

In all, I enjoy being an influencer and sharing knowledge and insights on key issues, concepts, and policies relating to cybersecurity to everyone interested. What I want to accomplish as an influencer is to continue writing and speaking about the varied aspects of the topic and especially in educating others on how to help protect themselves. My advisory and board director roles with organizations and companies, and my role as a professor at Georgetown University are reflections of that passion and interest.

Cybersecurity has been a priority for most businesses; however, attack sophistication was amplified in 2021, and organized cybercrime groups profited due to the new normal of distributed work environments. Could you stress on some of the traditionally organized cybercriminal activities and their long-term impacts?

Several factors have transformed the cyberthreat landscape. Certainly, COVID-19 usurped the digital landscape and forced organizations to adapt to a remote working paradigm with little notice and preparation. Cybercriminals took advantage of security gaps and launched many successful attacks, and the number of breaches in 2021 has already surpassed the previous years.

Also, although it has been around for almost two decades, ransomware became a weapon of choice for hackers in the expanding digital landscape. The transformation of so many companies operating in a primarily digital mode had created more targets for extortion. And with the ability to get compensated in cryptocurrencies that are hard to trace, organized hacker gangs have taken advantage of the low-hanging fruit by exfiltrating data and holding it hostage to hospitals, municipalities, and critical infrastructure operators.

Another factor is the cooperation of cybercriminal gangs. They are being more collaborative and sharing both targets and sophisticated hacker tools on the dark web and dark web forums. There has been a consolidation of smaller hacker affiliates into larger hacker criminal families for a wide mix of attacks, including exploit kits, malware, and other coordinated activities, including hacking-as-a-service, and money laundering.

Also, threat actors, especially state-sponsored and criminal enterprises, have been investing some of their resources in emerging tech such as machine learning to employ more sophisticated means for discovering target vulnerabilities, automating their phishing attacks, and finding new deceptive paths for infiltrating malware.

Exploiting vulnerable supply chains has also been trending. Cyberattackers will always look for the weakest point of entry, and mitigating third-party risk is critical for cybersecurity. Supply chain cyberattacks can be perpetrated by nation-state adversaries, espionage operators, criminals, or hacktivists. Their goals are to breach contractors, systems, companies, and suppliers via the weakest links in the chain.

The bottom line is that as internet connectivity exponentially expands, so will the opportunities for attacks. Hybrid work environments, although more fortified, will likely still be successfully targeted by hackers who are collaborating and using sophisticated hacking tools. In the future, businesses and government must ramp up their capabilities to discover, monitor, and mitigate attacks, but that will not be an easy task.

Humans play a critical role in cybersecurity, and they’re often termed the “weakest link.” Cisco’s 2021 Cyber Security Threat Trends report reveals an alarming dominance of phishing attacks, accounting for 90% of data breaches. How can employers raise the bar in avoiding the exploitation of human behavior or psychology? And how can we have a better-integrated approach to security?

Humans certainly are the weakest link in cybersecurity. Usually because of negligence, but sometimes because of insider threats. The one consistent statistic I encounter every year is that phishing attacks account for most successful breaches. It is because phishing is easy to do for hackers, and it works. It used to be that you would get an email from a prince in a faraway land saying that he needs your bank account number to deposit funds. Now, a phish may appear to be a message from your boss, from a store where you shop, a bank, or even a friend. Hackers have come a long way in being able to mimic graphics and logos; they use social engineering to gain knowledge of your work, interests, and friend groups on social media platforms.

Companies can raise the bar by doing regular training with employees on how to recognize a phish. They need to teach the psychology of human behavior and where the vulnerabilities may lie in networks and devices from people. Gamification is a popular tool for that kind of training. Corporate programs need to include cyber hygiene to include strong passwords, multi-factor authentication, and incident response as a part of their operational mission. Also, if they must, they can restrict who has access to databases and sites on the interest via identity and access management tools. For insider threats, monitoring aberrant behaviors can work, but it is a challenge.

While on the topic, do you think businesses should assess employees’ security performance/awareness while evaluating other KRAs/goals? And would it help reinforce the human firewall?

I am a strong believer in accessing security performance awareness because a breach may have major consequences to a business legally and operationally. For many small and medium businesses, a breach could be fatal to their flow of commerce, reputation, and ultimately their future. Reinforcing the human firewall through access controls is also sensible. The more that your security team can control and monitor, the better the likely outcome.

What are some of the emerging technologies in security? Would these generate opportunities and create challenges?

We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.

Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.

Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools. SolarWinds was more than a wakeup call for those realities.

Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints.  Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

In addition to my previous question on emerging technologies, what are some of the AI and ML trends in cybersecurity that we can expect in 2022?

The core of AI smart capabilities is rooted in its subcomponent of machine learning, ML. AI is largely used to protect networks as well as increase data security and endpoint security. There are some specific areas where AI technology will contribute to making cybersecurity smarter include:

  • AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
  • AI will impact Incident Diagnosis and Response capabilities.
    While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
  • AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.

AI and ML will be an enabler for cybersecurity for the foreseeable future. As the computational capabilities and digital complexity of global enterprises continue to grow, AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Tell us your top three cyberthreat predictions for 2022.

  • Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks. CI is a high-profile target for both geopolitical and economic considerations for hackers. This CI includes defense, oil and gas, electric power grids, health care, utilities, communications, transportation, education, banking, and finance. Protecting CI Industrial Control Systems (ICS), Operational Technology (OT), and IT systems from cybersecurity threats is a difficult endeavor. They all have unique operational frameworks, access points, and a variety of legacy systems and emerging technologies. Protecting the CI supply chain in IT and OT systems will be a public and private sector priority. A special concern for the supply chain is Third Party risk and visibility of partners in the chain. Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
  • Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring. 
  • The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices. IoT incorporates physical objects communicating with each other, including machine to machine and machine to people. It encompasses everything from edge computing devices to home appliances, from wearable technology to cars. IoT represents the melding of the physical world and the digital world.  They differ from conventional computers as they are highly specialized and usually small, both in physical size and computing capacity. A cybersecurity challenge of IoT is the lack of visibility and the lack of ability to determine if a device has been compromised and not performing as intended. The increased integration of endpoints combined with a rapidly growing and poorly controlled attack surface poses a significant threat to the internet of things. Protecting such an enormous attack surface is no easy task, especially when there are so many varying types and security standards on the devices. It will only get worse in 2022 as connectivity grows. 

Lastly, is there anything you’d like to add?

Thank you for allowing me to share some of my cybersecurity perspectives with your readers.

About the Author

Pooja Tikekar is the Sub Editor at CISO MAG, primarily responsible for quality control. She also presents C-suite interviews and writes news features on cybersecurity trends.

More from the author.