There are a number of challenges that need to be addressed before AI can be widely deployed in production environments

In my opinion, the most overrated trend in cybersecurity is the use of artificial intelligence (AI) to detect and prevent cyberattacks. While AI has the potential to be a powerful tool in cybersecurity, it is still in its early stages of development. There are a number of challenges that need to be addressed before AI can be widely deployed in production environments.

Sultan Altukhaim is the General Manager, Cybersecurity and Data Governance for the Communications, Space and Technology Commission in Saudi Arabia. He currently leads all regulatory affairs regarding cybersecurity and data governance in the ICT and Telecom sector in Saudi Arabia. He has also worked with many pioneering organizations, such as the Saudi Central Bank (SAMA) and Saudi Telecom Company (STC). Samir Aliyev, CEO and Founder of the Swiss Cyber Institute has been talking with Sultan Altukhaim. In this interview, Samir has been discussing with him, amongst other things, what the most overrated and underrated trends in cybersecurity are.

Many CISOs see their role as a blend of both technology and business. How do you see the CISO’s role evolving so that they can keep up with or ahead of the threat landscape?

The role of CISOs has evolved due to multiple reasons such as the rapid advancement in technology, rapid changes in the threat landscape, management expectations, and amount of Cyber and Data regulations, besides others. In the past, the CISO used to talk technology language only, so they were barely understood by non-technical people. Nowadays, CISOs must talk business and have the ability to talk about everything from technical challenges and cyber risks to business risks in order to get the right support from management.

Common ways to assess the value of a senior executive to an organization’s business is to look at any identified impact they have had on the top and bottom line. How should an organisation measure the value of a CISO?

One of the common philosophies about this subject is for the management to assess the potential fiscal business damage that the CISO has helped the organization to avoid. One can consider some scenarios such as reputation impact, legal consciences due to personal data exposure, fines due to data leakage, customer loss impact due to service unviability, etc. Additionally, we can consider the business attractiveness side, which brings more opportunities and partnerships as CISOs ensure robustness and trust in services their organisation provides.

The visibility of a CISO often boils down to how much the business values security. How important is it for a CISO to have a seat on the board and does it matter who a CISO reports to?

It is crucial that a CISO holds a senior position or a C-level reporting line so they can make the top management aware of the cyber risks, like any other business risks. They should also get the needed support from top management by helping them have greater clarity of the cyber threats and the potential business impact.

What are the key steps an organisation should take to ensure that it is well prepared to effectively respond to and recover from a potential cyber-attack, and how should one prioritise and allocate resources towards achieving and maintaining an effective state of cyber resilience?

Here are some key steps an organization should take to ensure that it is well prepared to effectively respond to and recover from a potential cyber-attack:

Identify your assets and risks. What are the most important assets that you need to protect? What are the most likely threats to those assets?
Implement appropriate security controls. This includes things like firewalls, intrusion detection systems, and data encryption.
Monitor your environment for suspicious activity. This includes using security tools to track network traffic and user activity.
Train your employees on cyber security best practices. This includes things like how to spot phishing emails and how to create strong passwords.
Have a plan for responding to a cyber-attack. This plan should include steps for containing the attack, restoring your systems, and notifying affected parties.

Here are some additional tips for prioritizing and allocating resources towards achieving and maintaining an effective state of cyber resilience:

Start with a risk assessment. This will help you to identify the most critical assets and threats that you need to protect.
Set clear goals and objectives. What do you want to achieve with your cyber resilience program?
Develop a plan and budget. This will help you to track your progress and make sure that you are allocating resources effectively.
Implement the plan and monitor its effectiveness. You should regularly review your plan and make adjustments as needed.
Get buy-in from senior management. Cyber resilience is a top-down issue, so it is important to have the support of senior management.

In your opinion, what is the most overrated trend and/or technology in cybersecurity and why?

One challenge is that AI systems are often trained on historical data, which may not be representative of the latest threats. This can lead to false positives, where the AI system incorrectly identifies benign traffic as malicious. Another challenge is that AI systems can be computationally expensive to run, which can make them impractical for use in resource-constrained environments.

Despite these challenges, there is no doubt that AI has the potential to revolutionize cybersecurity. As AI systems continue to develop, they will become more accurate and efficient at detecting and preventing cyberattacks. However, it is important to be realistic about the current state of AI in cybersecurity and to avoid overhyping its capabilities.

On the obverse, what do you consider to be the most underrated trend and/or technology in cybersecurity and why?

I believe that the most underrated trend and/or technology in cybersecurity is user education. While many organizations focus on technical security measures, such as firewalls and intrusion detection systems, user education is often overlooked. However, user education is essential for preventing cyberattacks.

Here are some reasons why user education is so important:

Human error is the leading cause of cyberattacks. According to a study by Verizon, human error is responsible for 85% of all data breaches.
Cyberattackers are increasingly targeting employees. Attackers know that employees are often the weakest link in the security chain.
User education can help to prevent cyberattacks. By educating employees about cybersecurity risks and best practices, organizations can help to reduce the likelihood of a cyberattack.

While most business leaders are more aware of their organization’s cyber issues than they were, would you say that achieving management consensus on how best to address cyber risks remains a challenge?

Yes, I would say so. There are a number of factors that can contribute to this challenge, including:

Different priorities: Different business leaders may have different priorities when it comes to cybersecurity. For example, some business leaders may be more concerned about protecting customer data, while others may be more concerned about protecting intellectual property.
Lack of understanding: Some business leaders may not have a good understanding of the risks and threats associated with cybersecurity. This can make it difficult for them to make informed decisions about how to address those risks.
Cost: Cybersecurity can be expensive. This can be a barrier for some businesses, especially small businesses.
Resistance to change: Some business leaders may be resistant to change, especially if they are not convinced that the benefits of cybersecurity outweigh the costs.
Despite these challenges, it is important for businesses to achieve management consensus on how best to address cyber risks. A lack of consensus can lead to a fragmented approach to cybersecurity, which can make it more difficult to protect the organization from attack.

The nature of recent cyberthreats has tended to focus on business disruption and reputational damage. Is this what you have experienced and if so, how does this impact your organisation?

Yes, I have seen that the nature of recent cyberthreats has tended to focus on business disruption and reputational damage. This is because these two things can have a significant impact on an organization’s bottom line.

For example, if a cyberattack disrupts an organization’s ability to operate, it can lead to lost revenue, productivity, and customer trust. Similarly, if a cyberattack damages an organization’s reputation, it can lead to lost customers, partners, and business opportunities.

I know an organization that has experienced these types of cyberthreats in the past. In one case, a cyberattack disrupted their ability to process payments, which led to a loss of revenue. In another case, a cyberattack damaged their reputation after customer data was compromised.

Adding emerging technology to legacy IT increases the complexity of an organization’s digital environment. What are the key elements required to balance the value of new technology with the potential for increased cyber risk that comes with it? When adding emerging technology to legacy IT, there are a few key elements that organizations need to consider in order to balance the value of new technology with the potential for increased cyber risk. These elements include:

Risk assessment: The first step is to conduct a risk assessment to identify the potential risks associated with adding new technology to the environment. This includes assessing the security posture of the legacy IT systems, as well as the security features of the new technology.
Security controls: Once the risks have been identified, organizations need to implement appropriate security controls to mitigate those risks. This may include things like firewalls, intrusion detection systems, and data encryption.
Employee training: Employees need to be trained on how to use the new technology securely. This includes training on how to identify and report suspicious activity.
Vulnerability management: Organizations need to have a process in place to identify and patch vulnerabilities in their IT systems. This is especially important for new technologies, which may have vulnerabilities that are not yet known.
Continuous monitoring: Organizations need to continuously monitor their IT environment for suspicious activity. This includes monitoring network traffic, user behaviour, and system logs.

Amongst many challenges, CISOs are up against talent shortage and staff retention in the field of cybersecurity. What do you consider CISOs should do to identify and develop a diverse talent pool to meet an organization’s needs?

The cybersecurity talent shortage is a real challenge for CISOs. In order to identify and develop a diverse talent pool, CISOs should consider the following strategies:

Broaden their search: Don’t just look for candidates with traditional cybersecurity backgrounds. Consider candidates with skills in other areas, such as data science, engineering, or risk management.
Reach out to underrepresented groups: There are many talented people from underrepresented groups who are interested in cybersecurity careers. Make sure to reach out to these groups and let them know about your open positions.
Create a positive work environment: Cybersecurity can be a stressful job. Make sure to create a positive work environment where employees feel valued and supported.
Offer training and development opportunities: Cybersecurity is a constantly evolving field. Make sure to offer your employees training and development opportunities so they can stay up to date on the latest threats and technologies.
Promote from within: Look for talented employees within your organization who may be interested in a cybersecurity career. Offer them training and development opportunities so they can move into cybersecurity roles.

According to several surveys, cybersecurity professionals would rather work from home (WFH). Do you feel WFH is a blessing or a curse for CISOs?

I believe it depends on work environment and culture. If the CISO prefers WFH, he or she should consider a few factors:

Implement strong security measures: CISOs need to implement strong security measures to protect their organization’s data and systems when employees are working remotely. This includes using strong passwords, encrypting data, and using secure remote access tools.
Provide training: CISOs need to provide training to their employees on how to stay safe when working remotely. This training should cover topics such as phishing, malware, and social engineering.
Monitor employee activity: CISOs need to monitor employee activity to ensure that they are using company resources appropriately. This includes monitoring network traffic, system logs, and employee behaviour.
Build a culture of trust: CISOs need to build a culture of trust with their employees so that they feel comfortable reporting security incidents. This includes being open and transparent with employees about security risks.

What do you look forward to most at this year’s Global Cyber Conference?

Meet great minds and learn from them!

July 07 - 2023