The future evolution of AI and ML holds significant promise for enhancing cybersecurity. However, it is important to recognize them as part of a larger, multi-faceted approach that emphasizes continuous improvement and adaptation to evolving cyber threats.

Guido Salvaneschi is an Associate Professor at the University of St Gallen in Switzerland, as well as being a researcher and cybersecurity enthusiast. Currently he leads the Programming Group at the School of Computer Science at St Gallen. He holds a PhD. in Information Technology. His research has been supported by the German Research Foundation (DFG) and the Swiss National Science Foundation (SNSF) among others.

Samir Aliyev, CEO and Founder of the Swiss Cyber Institute has been talking Guido. In this interview, Samir has been discussing, among many things, how Guido views problems in the field of cybersecurity, such as what he considers to be the most underrated trend and/or technology in cybersecurity and why.            

What are the key steps an organisation should take to ensure that it is well prepared to effectively respond to and recover from a potential cyber-attack, and how should one prioritise and allocate resources towards achieving and maintaining an effective state of cyber resilience?

To effectively respond to and recover from potential cyber-attacks and achieve cyber resilience, organizations should perform risk assessments to identify critical assets, threats, and vulnerabilities. Based on this, they should develop a comprehensive cybersecurity strategy, which includes implementing robust security measures, employee training, and incident response plans. Regular testing, monitoring, and updating of systems are essential, as well as managing third-party risks to minimize potential points of entry. Establishing a backup and disaster recovery plan, considering cyber insurance, and continuously improving cybersecurity practices are also crucial components of a resilient strategy.

While these aspects are well known, their implementation in practice is not easy and can face numerous technical and social obstacles. Technical challenges may include integrating different security tools, managing complex IT environments, staying up to date with evolving threats, and addressing newly discovered vulnerabilities. Social obstacles may involve resistance to change, lack of security awareness among employees, or insufficient support from top management.

Allocating resources should focus on areas of highest risk and potential impact. Top management’s active engagement in cybersecurity decisions is vital to ensure adequate resource dedication and maintain a strong security posture. To overcome these challenges, organizations must foster a culture of security, invest in ongoing employee training, and continuously review and adapt their cybersecurity strategies to effectively navigate the ever-changing threat landscape.

In your opinion, what is the most overrated trend and/or technology in cybersecurity and why?

The integration of artificial intelligence (AI) and machine learning (ML) in cybersecurity is a highly discussed trend, with considerable potential to reshape the field. AI and ML have already demonstrated their value in enhancing cybersecurity measures, such as detecting unusual patterns, predicting potential threats, and automating response actions. As these technologies continue to evolve, their effectiveness in addressing cyber threats is expected to improve significantly.

However, it is essential to understand that AI and ML should not be considered as comprehensive, standalone solutions for every cyber threat.

Cybercriminals may also leverage advancements in AI and ML to create more sophisticated attacks. Therefore, it is crucial to combine these emerging technologies with traditional cybersecurity techniques like firewalls, intrusion detection systems, and regular software updates, as well as employee education and training.

In summary, the future evolution of AI and ML holds significant promise for enhancing cybersecurity. However, it is important to recognize them as part of a larger, multi-faceted approach that emphasizes continuous improvement and adaptation to evolving cyber threats. By integrating AI and ML advancements with other security measures, organizations can create a more robust defence against a wide range of cyber threats.

On the obverse, what do you consider to be the most underrated trend and/or technology in cybersecurity and why?

One aspect in the field of cybersecurity that is sometimes overlooked is the emphasis on human factors and security awareness training. While it may not be as attention-grabbing as cutting-edge technology, addressing the human element in cybersecurity is still an important consideration. In recent years, many organizations have made significant strides in increasing awareness and creating comprehensive training programs to improve their cybersecurity posture.

Security awareness training, which includes teaching users about potential threats and best practices, can help reduce risks associated with human error. Such training usually covers areas like recognizing phishing emails, password management, securing personal devices, and following company security policies.

While some organizations still prioritize investments in advanced technologies, it’s encouraging to see that many others are recognizing the value of comprehensive security training for their employees. This shift in focus helps to dispel the perception that training programs are less effective or less significant compared to high-tech cybersecurity tools.

A well-implemented security awareness training program can contribute significantly to an organization’s overall cybersecurity posture. By equipping employees with the knowledge and skills to identify and avoid threats, organizations can foster a more secure environment.

In conclusion, although human factors and security awareness training might not always receive the spotlight, they remain essential components of a well-rounded cybersecurity strategy. With an increasing number of organizations emphasizing awareness and training, the industry is taking important steps to strengthen security measures and better protect against various cyber threats.

While most business leaders are more aware of their organization’s cyber issues than they were, would you say that achieving management consensus on how best to address cyber risks remains a challenge?

Reaching consensus among management on addressing cyber risks can be challenging due to factors like conflicting priorities, varying understanding, the evolving threat landscape, ROI calculation difficulties, and organizational culture. Balancing cybersecurity investments with other business priorities can lead to disagreements on resource allocation and prioritization. The rapidly changing cyber threat landscape further complicates management’s ability to identify suitable defense tactics.

To overcome these challenges and foster consensus, organizations should emphasize the importance of cybersecurity as a strategic business enabler and prioritize cyber risk management. Educate business leaders on the economic drivers and consequences of cyber risks for informed decision-making. Align cyber risk management with business needs and adapt cybersecurity initiatives to support the organization’s specific goals. Encourage collaboration across departments and streamline sharing of cybersecurity-related information. Integrate cybersecurity expertise into board governance and foster systemic resilience and collaboration, promoting information sharing and cooperation within the organization and with external partners.

The nature of recent cyberthreats has tended to focus on business disruption and reputational damage. Is this what you have experienced and if so, how does this impact your organisation?

Recent cyberthreats indeed focuses on potential business disruption, with ransomware attacks becoming increasingly common. The growing prevalence of such attacks has resulted in a change in perception, making organizations less hesitant to admit that they have been targeted. This shift has helped to reduce the associated reputational damage that was once linked to ransomware incidents.

In the past, organizations might have felt a greater sense of embarrassment or stigma when disclosing ransomware attacks, which could have led to reputational harm. However, as these attacks become more widespread, there is a growing understanding that even well-prepared organizations can fall victim to such threats. Consequently, organizations are now more willing to share their experiences, which ultimately benefits the broader cybersecurity community.

This increased openness allows for better collaboration and information sharing among organizations, helping them to learn from each other’s experiences and improve their defences against cyberthreats. By discussing ransomware attacks and other cyber incidents, organizations can gain valuable insights into attack patterns, vulnerabilities, and mitigation strategies.”

In conclusion, the rise in ransomware attacks and subsequent shift in organizational perceptions has led to a more collaborative cybersecurity environment. This openness fosters knowledge sharing, helping organizations improve their defences and better understand the evolving threat landscape. As a result, the entire cybersecurity community benefits, paving the way for stronger and more resilient security measures across the board.