I talk a lot about the cybersecurity problems organizations face, so I thought I’d end 2017 with some hope. What changes will we see in security solutions in 2018?
Perhaps not surprisingly, one solution that popped up frequently was biometrics. The experts at F-Secure expect biometrics as a form of identity authentication will become more mainstream in the coming year. On our smartphones and tablets, we’re moving from fingerprints to facial recognition features. That’s why F-Secure’s Security Advisor Sean Sullivan thinks more organizations and users will be more open to the idea of biometrics as a security tool.
I thought I’d see a lot of positive information about artificial intelligence and machine learning as a security tool. After all, I was hearing the hype all year about how AI and ML will assist with some of the most important but more mundane tasks of security monitoring, like scanning networks for anomalies. But Brian NeSmith, CEO and co-founder at Arctic Wolf Networks, told me in an email that we are still aren’t quite there yet with AI as a security solution:
AI holds great promise, but in cybersecurity, it’s still more hype than reality. AI needs good data to learn and develop its predictive capabilities, so in many cases, bad data leads to false positives, which are still a huge problem in cybersecurity. Like the boy who cried wolf, too many false alarms lead to bad overall cyber posture and a team that is more likely to ignore warning signs when the threat is real. In 2018, AI will not be the magic bullet. Instead, we will see the growth of a more effective model which combines human touch with machine intelligence to reduce the number of false positives and improve time to detection.
Steve Grobman, CTO for McAfee, also sounded a warning about AI and ML, saying in a formal release that adversaries will also be using these technologies for nefarious practices. If we want to use AI and ML for good, organizations must effectively augment machine judgment and the speed of orchestrated responses with human strategic intellect. Only then will organizations be able to understand and anticipate the patterns of how attacks might play out, even if they have never been seen before.
So, it does sound like AI and ML as security solutions will be primed to move into place in the next couple of years, just not in 2018.
But, you know, our security solutions don’t have to be too complicated, as AlertSec CEO Ebba Blitz told me in an email comment. Let’s think of 2018 as the year we turn to easy-to-use security solutions:
Elaborate requirements and frequent password changes don’t work for users. Ease-of-use is where IT security is going. Clever companies will adopt security systems that are habit-based. For example, a system recognizes the user based on factors such as behavior patterns, typing speed, and websites typically visited. We are breaking ground on these technologies now, and they will soon be commonplace.
I hope that whatever security solution you choose for the coming year, it is successful and prepared for the threats and not-so-positive predictions out there for the coming year. Happy New Year and I look forward to sharing security news with you in 2018.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba