In this interview, Laurens discusses whether AI-driven cyber security can be a complete replacement for human security staff, the human element in cyber security, and his cyber security predictions for the upcoming 5 years.
Laurens Binken is the General Manager Information Risk Management Strategy and Transformation at Shell. Laurence has been working in the field of information security for over 20 years in various roles in risk management, cyber operations, monitoring, investigations, and response.
Laurens was a panelist in a session entitled “Security incident management: Key lessons from industry leaders” together with Shawn Bowen, VP and CISO at World Fuel Services, and Stuart Seymour, Head of Global Cyber Security Incident Response and Continuity at BAT at the Global Cyber Conference 2022.
The human element plays a central part in most cybersecurity incidents. To which extent do you consider that people are often the problem?
The human element is quite important as many of the attack vectors from external threats originate from human mistakes, either by becoming the first entry point to a breach (e.g., phishing or social engineering) or by creating vulnerable systems, by not implementing the basics or cutting corners.
The surge in remote working has created concerns for cybersecurity specialists, exposing companies to many cyber threats. What major preventive measures would you recommend a company takes to close those gaps?
There are several key steps to take:
1) harden the endpoints, lock access to USB/Bluetooth, etc., and implemented technology that enables Detect and Response capabilities that do not rely on being connected to the corporate networks
2) implement a cloud-based policy engine to allow selective open internal apps to vanilla Internet-connected devices
3) train your staff – what are the cyber behaviors you want staff to adhere to
Artificial intelligence (AI) and machine learning (ML) are playing an increasing role in cyber security. Can AI-based cyber security be a complete replacement for human security staff?
It cannot. The cyber realm will continue to grow and the need for specialized staff will remain. AI/ML will enable these staff to keep up with the expanding space and increased complexity. They will become the custodians of the AI/ML that is driving cyber security.
What trends do you foresee in the cyber security landscape over the upcoming 5 years?
1) quantum cryptography may become a threat to crypto
2) dissolving of on-prem networks and moving to zero-trust concepts
3) tight integration between business and IT and therefore cyber as a key differentiator (DevSecOps)
4) pervasive use of ML/AI and automation
5) war on talent will continue