These days, AI is everywhere. IBM’s Vikas Arora navigates the complex landscape of cybersecurity and tells us why AI security tools are vital to keep pace with growing threats.Debolina Biswas
When it comes to Artificial Intelligence (AI), there have always been two schools of thought. On one hand, Elon Musk, Founder of SpaceX and Co-founder of Telsa, believes that "AI could create an 'immortal dictator'" and that AI is a fundamental risk to the existence of human civilisation.
On the other hand, Google billionaire, Eric Schmidt, believes that Elon is “exactly wrong” about AI and that the technology will make humans smarter.
Vikas Arora, IBM Cloud and Cognitive Software Leader, IBM India/South Asia, is of the opinion that there is an absolute necessity to have cognitive or AI security tools to keep pace with the advancing threats and growing workforce shortage facing the industry today.
According to Institute of Business Value's survey, adoption of cognitive security solutions is currently at 7 percent and is expected to grow to 21 percent in the next two to three years.
In a conversation with YourStory, Vikas, who now leads IBM's cloud and congnitive software business and key transformation projects, talks about the complex landscape of cybersecurity today and why AI is a smarter solution for it.
YourStory: Tell us about the cybersecurity landscape in India.
Vikas Arora: Essentially, there is a lot of focus on cybersecurity right now. The regular industries began this journey some time back, and cybersecurity is now evolving and maturing.
Starting with end point security and vulnerability management, it has now moved on to incident management. Response management, governance, and financier management are the next levels.
Enterprises are already going into the next phase which is why we are starting to bring technology like cognitive applications on cybersecurity. There is another big focus around having risk in governance and tightening the processes.
We are also seeing that it (cybersecurity) is increasingly becoming a board-level issue. Now we are getting requests from the CEOs and CIOs. There are companies with guidelines that say that cybersecurity is mandated to be a board-level discussion - not just awareness but how you train yourselves for cyber incidents. The level of seriousness and visibility has definitely gone up several notches.
The other part is skills. We are seeing a lot of efforts is being put into training people on cyber security.
YS: What is the need for AI security rules?
VA: In most organisations, we have a mix of conventional system and modern (security) systems --that have come up as a part of digital transformations. Still, there is a large IT footprint on legacy systems. The biggest problem with some of these systems is that they are unable to scale to the size or requirements of a modern organisation.
Modern organisations are connected to their customer and partners in many different ways than before. The boundaries are blurring.
A few years ago, organisations could basically put themselves and their IT behind a firewall and it was thought they were protected. But now since the digital outreach is so multifaceted, you can't firewall a system as you could before. This makes security very tough.
The complexity has increased since organisations are connected to their partner system and customer systems. Then there is mobility and IoT (Internet of things). This makes the landscape of what one has to protect, very complex.
Despite organisations having analysts, cyber experts, and defenders, they need a heightened sense of cybersecurity, which can aid some of these resources or expertise that exist, to be able to be more alert towards threat. That's where AI comes in.
AI provides that heightened sense. AI, as a system, learns from sources that are much bigger than what an analyst can possibly learn from.
Today, there is a lot of focus on incident management and response management. In incident management, you are tracking thousands of incidents in a single day and it is not always possible to keep track of and analyse everything. There has to be a fool-proof defence mechanism in the system.
This is where we say AI becomes important. It can provide that complementary capability that will aid organisations to look more comprehensively at the cybersecurity landscape and avoid threats.
YS: Why is AI a smarter way for cybersecurity?
VA: Several years ago, organisations were still thinking of perimeter security, tax management, anti-viruses, and firewall. The threat has become a lot more sophisticated.This is why earlier systems had to evolve with the changing times. AI is not addressing the weakness of the traditional systems, AI is only making the systems stronger because the threat environment has become very complicated.
YS: What are the trends around companies adopting AI security tools?
VA: We have a system that tracks and monitors events on a daily basis. AI has been able to extract knowledge from across millions of articles and blogs --it is sort of able to co-relate things and provide a better analysis or assessment that then an expert can take into account as they are looking into security posture or a threat.
YS: Does India need to look at AI as a national security strategy?
VA: AI will become more and more predictable to the security strategy and you can apply it into any context. Whether it is an organisational strategy or a national strategy -- what needs to be understood and needs to be corrected is that AI is not taking over, it is complementing.
In this world where cybersecurity is going to become paramount and the whole threat has evolved and become sophisticated, technology will have to be seen as coming to the aid to complement the effort. That's the reason why I will not be surprised if it plays a role in any security strategy, including national strategy.
YS: Piyush Goyal, at the interim budget, said the government of India was launching a national programme for AI. Your comments on that?
VA: We have been engaged in projects that are 'AI complementing'. AI, as a field, is something that IBM has been associated with for the longest time and what we have to do is embed AI in several of our products and several use-cases across industry. It could be healthcare, agriculture, financial services, or manufacturing.
Our endeavour has always been to make AI work for an industry or sector problem. The application of the technology is our most important consideration.