Digital Operation: AI-Native Cyber Resilience
Praveen Anantharaman
CX + AI + Data Strategy | Product & Program Leader | Digital Transformation pioneer | Cyber Security & SaaS Expertise | Strategy Design | Agile delivery | Ex-IBM, DXC, HireRight | Cloud 4x Salesforce 3X SAS ML
Digital Operational Resilience Act (DORA) is A European Union regulation that went into effect in January 2023 and will apply as of January 2025 (financial sector).?DORA aims to improve cybersecurity and operational resilience, so we would delve into details of how cyber resilience extends as a Risk management practice and can be built into the systems to minimize the impact of VUCA events. Companies now face VUCA challenges from Volatility, Uncertainty, arising from the inability to predict future events; Complexity, and Ambiguity. ?
Cybersecurity includes practices that ensure the safety of the Code, Cloud security posture, and workload security; However, these so-called zero-day attacks and some of the advanced threats ATP, introduce high levels of uncertainty. ?
"A famous quote by General Dwight D. Eisenhower states that “plans are worthless, but planning is everything,”
How can companies improve their cyber resilience? The ultimate goal is for the organization to continuously deliver its functions or services. We adopt an AI-first approach to identify the preparations, responses, recovery, and adaptation activities that enhance an organization's cyber resilience against adverse events.
We start with an obvious case, It has been demonstrated that?Artificial intelligence technologies can prove helpful in helping cybersecurity professionals cut through the endless noise of incidents, alerts, and risks to which their detection systems expose them, enabling them to handle more incidents more efficiently and to address weak signals before they transform into full-fledged crises.
Stage 1: Making the business case for data investments becomes compelling as business leaders experience the real-time implications of data gaps. Measuring the costs of producing cyber-resilience, trying to identify the optimal equilibrium between investments and effectiveness, and looking for low-cost but still effective practices. Monetizing data typically stems from key strategies:
Regular Cyber security operations are laden with latency in discovery from the event is triggered to Countermeasure taking effect, one of the key KPIs for the team would be MTTD / MTTM, Mean time to detect, and Mean time to mitigate, as well as Accuracy and focus.
now come AI enablers (Technologies) for cyber resilience: The diagram highlights the key technological elements essential for implementing resilience, categorized into four main groups (A, B, C, D). Each group represents a set of technologies that contribute to enhancing the efficiency, adaptability, and intelligence of processes. These technological elements are crucial for the successful implementation of Cyber resilience. They enhance the ability of systems to adapt to changes, optimize operations, and make data-driven decisions, leading to improved efficiency, productivity, and innovation.
Stage 2: Along with AI Technologies, the systems need to adapt involves embracing change and being nimble to mitigate threats, developing situational awareness, and adjusting to evolving conditions. The goal of resilience is not just survival but adapting to reach a new state of equilibrium. These are Complex Adaptive Systems CAS need
领英推荐
How sensemaking intricately shapes cyber-resilience practices, which in turn attempt to ease these tensions to improve the quality and reduce the uncertainty of decision-making. Feedback loops allow agents to measure, sense, and adapt, ensuring continuous system improvement and driving innovation. Agents within CAS respond to signals, learn from changes, and recommend innovations. They ensure the system adapts and evolves.
AI-native SOCs (Security Operations Centres) with adaptive capabilities and Next Generation SIEM (Security Information and Event Management) solutions require continuous customization and improvement based on business context. When implemented appropriately systems help reduce toil and alert fatigue, allowing employees to focus on long-term strategic and preventive harm.
Further maturity can be achieved with Tabletop exercise and Simulation with emulators / Digital Twin, a closed-loop system,?where data from the physical world is used in the digital world for analysis and simulation. This integration between the real, model and your business environment using the digital twin definition model DTDL model ML over Knowledge graphs,?and digital worlds facilitates continuous improvement, optimization, and informed decision-making in various applications. Digital Twins is well-adopted for digital manufacturing,?cybersecurity, supply chains, smart cities, etc.
A cyber-resilience program that aims to be effective should be seen as a complex adaptive system, being nimble to threats, and adapting to optimize to minimize disruptions and maintain trust and stability in the digital environment.
References:
https://crefnavigator.mitre.org/navigator : Cyber resilience framework by MITRE
Intrapreneur & Innovator | Building Private Generative AI Products on Azure & Google Cloud | SRE | Google Certified Professional Cloud Architect | Certified Kubernetes Administrator (CKA)
2 个月DORA seems to be a more interesting name for an Act , some one there seems to be a cartoon fan . Great to know about this
Founder and Managing Director @ Recloud Consulting | IT Services
2 个月Hi Praveen, I did sent you a LinkedIn Mail, please check and reply