The landscape for security is constantly changing, often day to day, with organizations facing off against what can be overwhelming complexity.

Everyone from large multinational businesses to small organizations are going through some kind of digital transformation right now. When it comes to security, that translates into increased attack surfaces available to threat actors, according to Mark Hughes (pictured), president of security at DXC Technology Co.

“There’s complexity; there’s also increased demands often in terms of cost and becoming more cost-efficient in terms of how organizations need to operate,” he said. “Cost to serve is under pressure. Take that complexity, coupled with the factor of then needing to secure all of that in a cost-sensitive environment. [The] challenge, as you can see, gets even greater.”

Hughes spoke with theCUBE industry analyst Rob Strechay at the Cyber Resiliency Summit, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how to stay ahead of emerging threats and the impact of generative artificial intelligence moving forward. (* Disclosure below.)

Challenges stack up

In addition to complexity and cost, organizations must also operate in a situation with a tight squeeze on skills. Security, in particular, has a huge skills deficit.

“Against that new and emerging threats, ever-increasing complexity, cost sensitivity, you then really arrive at this place, which is quite tricky given also the fact that many organizations perhaps don’t work in a way in which they’re working together as much as they could,” Hughes said.

Given all those emerging challenges, how might one ensure one’s clients are well-protected against threat actors? The first thing to keep in mind is that there is often a degree of simplicity involved in how threat actors can gain access, according to Hughes.

“[There’s] that initial foothold, and then [they] often traverse around an organization, move laterally, without detection,” he said. “I’m going to start by saying that the first thing that [I see] when I talk to organizations is that there is often a set of security tooling available in the organization, but is it comprehensively applied?”

It’s essential to ensure that such security tooling is applied across the organization and implemented so that if a threat actor gains a foothold in an organization, it can be detected, according to Hughes. An organization’s toolset may be modern but isn’t deployed as it should be.

“The very first thing that I’ll talk to organizations about is, where are those key controls? There are often not many of them,” he said. “They’re really big things that, if you need to get those right, and if you don’t have those right, then things are going to be very challenging to get everything right.”

Moving forward, gen AI is expected to have a big impact on security. There are likely many different ways in which threat actors will utilize gen AI, according to Hughes.

“It’s really, how do we practically take that and use that in our defensive posture to give ourselves that advantage to swing that seesaw … or tilt that seesaw in our favor as defenders,” he said.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Cyber Resiliency Summit:

(* Disclosure: TheCUBE is a paid media partner for the “Cyber Resiliency Summit.” Neither Dell Technologies Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE