The importance of prevention ahead of reaction in cybersecurity

3 Nov 2023

Carl Froggett. Image: Deep Instinct

Deep Instinct’s Carl Froggett discusses the various challenges and trends of the IT landscape, and how to combat sophisticated AI security threats.

Carl Froggett is the chief information officer and field chief technology officer of cybersecurity company Deep Instinct. In his role, he oversees the customer experience, IT and chief information security officer teams and acts as an adviser to the company’s partners and customers.

Previously, Froggett was the head of global infrastructure defence at Citi. He was responsible for delivering comprehensive cyber risk reduction capabilities and services aligned with the architectural, business and CISO priorities spanning Citi’s infrastructure, devices and networks across more than 120 countries.

“As the CIO of Deep Instinct, I help lead and execute the company’s operational activities for technology and services expansion – scaling internal systems, security and processes to keep pace with geographic expansion, as well as strategic customer partnerships and alliances worldwide.”

What are some of the biggest challenges you’re facing in the current IT landscape?

Cybercriminals are becoming more sophisticated and destructive with the help of AI. The technology is already being leveraged to create malware that continuously changes in order to evade detection from traditional cybersecurity tools. Existing security approaches and employee training are wholly inadequate due to this tectonic shift in the threat landscape. The only way to future-proof an organisation and its data is to prioritise the protection and security of data across endpoints, applications and storage – blocking attacks from ever landing in an environment. This is only achievable by leveraging the most advanced form of AI, deep learning, which has the ability to truly predict and prevent unknown threats.

General business strategies are centred around digitisation, bringing applications on all platforms to their customers and integrating services to drive a fast, frictionless customer experience. To achieve this, applications need to be re-factored (not just lifted and shifted) to take full advantage of modern technologies and integrations offered by public cloud, SaaS, IaaS and others. What this means is an ever-interconnected dependency on third parties and continuous questions about their security practices. From the customer experience perspective, IT has no control over the service levels and issues faced by these third parties. We’ve seen this play out when AWS, Google or Azure have a blip and thousands of extremely well-known sites and services stop working. With the changing threat landscape and recent breaches targeting the supply chain, such as those seen with SolarWinds and the Moveit vulnerability transfer, we face numerous challenges without straightforward solutions.

What are your thoughts on digital transformation?

Given today’s distributed workforce, organisations continue to migrate to multicloud environments. As a result, organisations and their security operations (SecOps) teams are faced with more complex IT infrastructures and more data to correlate from different sources, leading to an increased risk for threat actors to enter an organisation’s infrastructure and stealthily traverse it. More specifically, SecOps teams are experiencing a continuously escalating volume of data, making it extremely difficult for them to analyse the data and detect the needle in the haystack.

We’re also continuing to see conversations around ‘identity is the new perimeter’ when it comes to digital transformation. However, in reality, a defence-in-depth stack will always be required for organisations to avoid security gaps. Fortunately, we do not have legacy infrastructures and services that we built over the years; rather, we use modern platforms, public cloud, containerisation, APIs and integration. For our internal IT services, such as identity and device management, we’re focused more on buying a product or service rather than building our own. This allows for the most flexibility and support to business strategies – everything from product development and threat research to sales and marketing.

What are your thoughts on how sustainability can be addressed from an IT perspective?

There are so many different ‘footprints’ from a technology perspective – businesses that own their own data centres, businesses that own data centres to provide cloud services to others, and smaller businesses that don’t own any infrastructure and primarily use third-party cloud and SaaS providers – as there isn’t a one-size-fits-all approach to sustainability. At a high level, every business can look at its technology life cycle, especially when it comes to hardware, and extend the life cycle from about three to five years – which reduces the environmental impact on materials and precious metals. Given the types of hardware we purchase today, it’s incredibly reliable, and chipsets are extremely powerful, so they should be able to extend without a business impact or a significant impact on mean time between failure (MTBF).

What big tech trends do you believe are changing the world?

AI is an obvious one. However, some of the other trends I’m watching that I believe will have a significant impact on cybersecurity.

The intersection of quantum computing and AI. Specifically, how severely destructive quantum technology could be in the next few years in the hands of bad actors. While there are still a lot of unknowns, the intersection of quantum and AI will be a 180 for the industry and should blow traditional computing out of the water. Recently, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the National Institute of Standards and Technology published a quantum ‘factsheet’ to help industries prepare now for the inevitable future.

The regulator process for cyber insurance. The Securities and Exchange Commission (SEC) released new regulations that require any ransomware event to be reported within four days due to organisations failing to make timely disclosures in the past. These rules are designed to ensure investors and the public are more informed about security events more quickly and consistently. However, the insurance industry and regulators seem to be conflicted when talking to one another. Yes, regulations are becoming more informative and sophisticated; however, only having greater visibility into vulnerabilities isn’t enough. Since the rules went into effect in September, I’m keeping my eye on where the regulatory process goes and how the insurance industry changes.

The White House’s AI executive order. President Biden signed an executive order that hopes to further establish standards for AI safety and security through safety assessments during development, equity and civil rights guidance, and understanding AI’s impact on the labour market. With such a big move towards responsible and regulated AI, this will continue to be a major shift within the security industry for the coming months, changing the narrative that AI can be easily abused and misused by threat actors with little to no resistance.

What are your thoughts on how we can address the security challenges currently facing your industry?

In this new era of AI, the only way to combat increasingly sophisticated AI threats is by transitioning to a proactive, preventative approach to cybersecurity. We did not have the technology when we had our last shift from signatures, but now, with advancements in AI and deep learning, we can get back to a prevention-first mindset instead of being reactive.

Security teams won’t win the battle against AI with these legacy tools. Organisations require cybersecurity solutions that are natively built with deep learning models to mitigate the volume and velocity of evolving AI threats. By integrating advanced AI technologies into their cybersecurity strategies, leaders can proactively adapt to the ever-changing threat landscape, enhance security resilience and mitigate the likelihood of successful attacks.

AI will have a clear impact on IT and SecOps in different ways. For one, we’ll see generative AI automate everything from basic system administration tasks to level-one SecOps analysis and perform initial triage as we are seeing in the first wave of AI assistants – allowing IT and SecOps teams to focus on tasks that will have the greatest business impact. The knock-on impact of more lower-level skill automation, though, is talent. The talent crisis within the cybersecurity industry is focused less on available workers and more on a lack of skills in practices like cryptography, data leakage, threat prevention, risk control and auditing. Generative AI, coming in to help automate jobs, opens up an opportunity for upskilling and increased training at the entry-level position.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.