Whenever a major cyber-attack creates a media storm, the technology community inevitably engages in a lot of hand-wringing and soul-searching, wondering just how safe the digital assets are. Now, following the recent WannaCrypt ransomware campaign, organizations find themselves back in the scare zone, asking: ‘are we doing enough to keep our corporate data safe?’ And we second-guess all kinds of ICT policies, such as internal training, perimeter protection, credentials theft mitigations, hardening, incident response and recovery, and cloud migration.
This kind of introspection is not only inevitable, but understandable. However, the best-practice approach to getting our houses in order remains the same – tailor security policy to the current threat landscape. Considering that some 91% of advanced persistent threats begin with an old-fashioned phishing con, the training of staff on basic cyber-sanitation is, of course, an indispensable arrow in your security-quiver. Avoiding untrusted websites; not clicking on a link within an email from even a trusted source; not allowing external storage media to cross corporate boundaries – these are all sensible policies and should be encouraged.
But human slip-ups will occur and some of these may lead to breaches. And given that some of these threats can remain undetected for up to 146 days, according to a recent study, I would like to discuss how technology solutions can help your team and processes to reduce that residence drastically.
The role of artificial intelligence in cyber security
The answer partially lies in the technique of user and entity behavior analysis (UEBA), a machine-learning method that automates monitoring of your information system at the network and host layers, using advances in pattern-matching and cognitive reasoning. Cutting-edge algorithms are used to baseline an organization’s network activity so that future anomalies can be detected. Some of these anomalies will be dealt with automatically; others will be quarantined so that human analysts can triage activities for further action.
Of course, most organizations cannot afford the level of R&D required to facilitate full UEBA-based cyber security, despite often facing stringent compliance obligations that cry out for such solutions. This is where migration to the cloud can help, rather than hinder, adequate protection measures. Cloud service providers know that their very business models hang on their ability to protect hosted client environments. Microsoft alone invests round $1 billion annually into cyber security, as we are acutely aware of the risks Indeed, on an average day we fend off about 1.5 million attempts to compromise our systems, so machine-learning plays a huge part in our current cyber-security strategy. In addition, we sink significant R&D funds into developing other tools using various branches of artificial intelligence (AI).
Strength in scale
But the very scale of large technology companies has become their strength, as has their attractiveness to cyber-miscreants. They learn from each and every attack, accumulating data from them, combining it with customer reports, and funneling all of it into intelligent security graphs. The more they are attacked, the more they learn. And the more services they provide, the more relevant they get by understanding the wider context. Because the information store is so extensive, future real-time analysis can allow, for example, an email phishing scam out of Nigeria to be linked with a denial-of-service attack originating in Eastern Europe. Machine-learning-fed, forensic dot-joining like this allows instant mitigation of a malicious campaign while allowing the service provider to share the knowledge gain across its other platforms and services.
Between state-actor, hacktivist and money-minded attacks, today’s CISOs face a seemingly impossible challenge. In 2015, a particularly vicious incursion compromised the systems of more than 100 banks across 30 countries, with estimated losses in excess of $1 billion. Meanwhile, politically motivated cyber-cabals such as STRONTIUM and Red October target government bodies, diplomatic missions, journalists and military institutions.
The shift in concerns
But the very fact that CISO has become such a common role in the industry is indicative of a fundamental shift in board-room attitudes. Where five years ago, decision-makers were avoiding cloud migration because of security concerns, they are now increasingly embracing it because of those same concerns. They are now – because of commonplace, alarming headlines – reaching the obvious conclusion that cyber-crime does not take holidays. Consumer choice in Internet-connected devices (phones, tablets, TVs and others) and their preference of living in smart cities that are more connected, means more and more people are living their lives online. And that means an expanding attack surface, which is fertile ground for attackers.
It is worth noting that the analyst firm Gartner projects the public cloud services market to reach around $385 billion in 2020, as more organizations recognize the cloud as a security haven. The vast information pool accumulated by cloud providers is fed on by a host of algorithms, modeled on frameworks such as neural networks, heuristics, data science and machine-learning. These algorithms identify attacks, spot and remove malware, and come up with detections and possibly bug fixes faster than human could. While more complex scenarios require that the system raise a red flag to a human analyst, R&D teams still pursue an end game where software takes care of every remedial step and delivers a worry-free environment.