Elizabeth Kolade on How AI Is a 'Double-Edged Sword' & the Challenge of Harmonizing Cyber and Physical Security

An analyst at the Defence Space Administration, Nigeria, Elizabeth Kolade was named in the list of 'One to watch: Security' for the IFSEC Global Influencers in Security and Fire 2021. Julian Hall put some quickfire questions to her on the trends and issues she's witnessing in the sector.

Elizabeth Kolade is a cybersecurity analyst with the Defence Space Administration, Nigeria. She has expertise in incident handling and response, open source intelligence, and cyber diplomacy, and has been involved in the strategy, creation and implementation of security measures and the delivery of cybersecurity awareness across critical organizations. She has embarked on numerous campaigns to promote end-user security education in and outside Nigeria.

Elizabeth is a Fellow of the Young African Leaders Initiative (YALI) and has been a part of several multistakeholder engagements on cybersecurity within and beyond Africa. In 2020, Elizabeth was listed as one of the Top 50 Women in Cybersecurity in Africa. She is a long-serving member of the Cyber Security Experts Association of Nigeria (CSEAN) and remains an avid advocate for the education of women in technology.

Elizabeth Kolade

Julian Hall (JH): What are the most pressing issues in the cybersecurity sector right now?

Elizabeth Kolade (EK): The rise of ransomware. Ransomware has become somewhat lucrative, as we have witnessed an increased willingness on the part of victims to pay demands. While end-user awareness is increasing, attacks are still on the rise. This may be as a result of the relevant staff not implementing measures to tackle the problems they have faced.

Other issues include cyberwarfare, adoption of cloud technology and the decentralized nature of networks, which has widened the threat landscape and spurred new attack vectors.

JH: What exciting trends should we be looking out for in security?

EK: The next couple of years will feature the development of exciting trends such as artificial intelligence, blockchain technology, and quantum computing. We will start to see how these will influence security, both as attack vectors and as instruments in the development of cybersecurity solutions.

JH: How is AI being used in the cybersecurity sector?

EK: As more digital devices and services are added to our technological infrastructure, the threat landscape widens and attacks become more sophisticated. This obviously impacts heavily on the responsibilities of security teams. Artificial intelligence (AI) has, therefore, become a very handy phenomenon in helping security teams cope with the constantly rising rate of cybersecurity incidents. AI is being used to automate security tasks and improve threat detection, prevention procedures, and threat intelligence. It also carries out analysis, among other functions. Security vendors have also improved their products by developing AI-based solutions, helping security teams to perform tasks more quickly and efficiently.

However, we must also recognize that AI is a double-edged sword. While it is used to enhance security operations, it is also employed by threat actors to increase the complexity of their attacks. It is, therefore, imperative that we constantly explore ways to use AI and related emerging technologies to give security the edge.

JH: How has the pandemic affected security? And do you see it having a lasting effect?

EK: The pandemic has influenced work as we know it. While we had employed some measure of remote working pre-pandemic, we were forced to embrace it to a much greater extent. This has resulted in a rapid adoption of infrastructure — including cloud services — with security as an afterthought. If action is not taken in the near future, some of the choices and configurations made during this period will result in security vulnerabilities.

We have also witnessed, and will continue to witness, more attacks focused on users rather than organizations.

JH: Can you tell us more about the campaigns to promote end-user security education in and outside Nigeria?

EK: There are several initiatives that promote end-user security education in Nigeria. Some of them include Cybersecurity Awareness Campaigns by the Cyber Security Experts Association of Nigeria (CSEAN) Safe Online by CCHub and NoGoFallMaga Campaign by the CyberSafe Foundation. These nonprofit organizations use infographics, video skits, radio and television shows, and public discussions to demystify cyber security safe practices to the everyday user of digital devices and services in Nigeria. Additionally, one of the key initiatives of Nigeria's National Cybersecurity Policy and Strategy (NCPS) 2021 is raising end-user awareness in conjunction with all relevant stakeholders. This initiative aims to complement existing initiatives by leveraging social media and mainstream media to initiate public discussions.

A number of organizations in Nigeria have also adopted the National Cyber Security Awareness Month (NCSAM) initiative in October, and are hosting several programs, workshops, and initiatives to educate the people on safe use of the Internet and digital services.

JH: Are you witnessing a more collaborative approach between physical and cybersecurity teams?

EK: We have had many discussions on the convergence of physical and cybersecurity and published various reports on it. While we are yet to experience a full harmonization of the two, organizations are realizing the importance of cybersecurity, and this is influencing their approach to harmonization.

Though some convergence has been achieved at the technical level, it is yet to be achieved at the organizational level. Effective cybersecurity is harmed when physical security is compromised and vice versa. Therefore, in order to achieve a more effective, integrated, and secure system, there is a need for convergence to happen at both levels.

—Julian Hall is a freelance journalist and copywriter, Textual Healing.

This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos, and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms, and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things, and more.