Raconteur

cybersecurity-2019

Issue link: https://raconteur.uberflip.com/i/1084979

Contents of this Issue

Navigation

Page 1 of 11

C Y B E R S E C U R I T Y 2 Fighting fi re with fi re: the dark side of AI Use of artifi cial intelligence (AI) in cybersecurity is enabling IT professionals to predict and react to emerging cyberthreats quicker and more eff ectively than ever before. So how can they expect to respond when AI falls into the wrong hands? magine a constantly evolving and evasive cyberthreat that could target individuals and organisations remorselessly. This is the reality of cybersecurity in an era of artifi- cial intelligence. AI has shaken up the cybersecurity industry, with automated threat preven- tion, detection and response revolution- ising one of the fastest growing sectors in the digital economy. However, as is so often the case, there's a dark side. What if cybercriminals get their hands on AI, and use it against pub- lic and private sector organisations? "The edge in cyberdefence is speed. AI is transforming cyberdefence, allow- ing businesses to detect evermore com- plex threats from evermore sophisticated attackers," says Andre Pienaar, founder of C5 Capital. Nevertheless, the more AI security solu- tions, the more cybercriminals will adopt the technology; it's a case of fighting fire with fire. New ton's Third Law describes the situation aptly: for every action, there is an equal and opposite reaction. Before the advent of AI in cyberattacks, the security landscape was already chal- lenging. But the use of AI in targeted criminal attacks has made cybersecurity more treacherous. Not only are attacks more likely to be successful and personal- ised, but detecting the malicious piece of intelligent code and getting it out of your network is likely to be much more diffi- cult, even with AI security in your corner. Adoption of AI by cybercriminals has led to a new era of threats that IT leaders must consider, such as hackers using AI to learn and adapt to cyberdefence tools, and the development of ways to bypass secu- rity algorithms. It won't be long before a continuous stream of AI-powered mal- ware is in the wild. "In the short term, cybercriminals are likely to harness AI to avoid detection and ma ximise their success rates," says Fraser Kyne, Europe, Middle East and Africa (EMEA) chief technology officer at Bro- mium. "For example, hackers are using AI to speed up polymorphic malware, caus- ing it to constantly change its code so it can't be identified. This renders security tools like blacklisting useless and has given old malware new life." What about some particular threats? AI-based malware, such as Trickbot, will begin plaguing organisations more regu- larly. This particular Trojan, a piece of mali- cious code that can enter a network in a way Nick Ismail I A R T I F I C I A L I N T E L L I G E N C E not dissimilar to Homer's Trojan Horse, is able to propagate and infect systems auto- matically. Changes can be made by the mal- ware's authors on the fl y, so it is very diffi - cult to detect and remediate against. The autonomous benefits of AI secu- rity apply to cybercriminals and their nefarious activities, enabling them to analyse large stolen datasets in the blink of an eye and in turn create personalised emails or messages to target unsuspect- ing individuals. AI trumps human every time as was shown in an experiment conducted by two data scientists from security firm Zer- oFOX. The AI, called SNAP_R, sent spear phishing tweets to more than 800 users at a rate of 6.75 tweets a minute, captur- ing 275 victims. The human, by contrast, sent malicious tweets to 129 users at 1.075 tweets a minute, capturing only 49 indi- viduals. It's no contest and another reason why hackers are adopting AI as it takes less effort and yields greater rewards. "Traditionally, if you wanted to break into a business, it was a manual and labour-intensive process," says Ma x Heinemeyer, director of threat hunting at Darktrace. "But AI enables the bad guys to perpetrate advanced cyberattacks, en masse, at the click of a button. We have seen the first stages of this over the last year with advanced malware that adapts its behaviour to remain undetected." To cope with this emerging AI security threat, organisations need to adapt their security strategies to not only accommo- date AI and innovation, but also priori- tise protection of the corporate gold: data. In the digital economy, the main aim of hackers is to exploit data; it's where the money is. Also, crucially, AI does not rep- resent a silver bullet. "Organisations should use data-centric security models underpinned by informa- tion assurance to protect data, as well as continue all the innovations surrounding AI, while continuing to adopt a prevent, detect and response strategy," says Dan Panesar, vice president and general man- ager, EMEA, at Certes Networks. "This combination is the best way for organ- isations to protect themselves in this digital world." Cybersecurity, while not the only con- sideration, must be front and centre in the minds of IT leaders. The consequences of a breach are certainly great enough to keep any chief executive awake at night. Make no mistake, we're engaging in cyberwar, when AI is both the weapon of mass destruction and part of the sophis- ticated solution. And the AI arms race is just beginning. Hackers are using AI to speed up polymorphic malware, causing it to constantly change its code so it can't be identifi ed Ponemon Institute/IBM 2018 Ponemon Institute/IBM 2018 85% of organisations have not fully deployed automation in their cybersecurity processes Application isolation, developed by Bromium, is a unique technology that renders malware harmless by allowing it to execute fully in a completely isolated, contained environment. As the malware is trapped in a micro virtual machine, it has no means of escape and no data to steal, ultimately preventing damage to the enterprise. This helps to protect against the most common attack vectors, such as malicious downloads, plug-ins and email attachments. It also provides unique threat data. By allowing malware to run, security teams can track the full kill chain to see what it is trying to do or steal. As this data is captured in the virtual machine, AI can then be applied to spot patterns, identify gaps and recommend next best actions for response. Knowing how an attack works enables organisations to deal with it in minutes and mitigate the threat. However, it is important this solution is used alongside other protection tools to secure an organisation. Isolating the threat TOP BENEFITS OF AI IN CYBERSECURITY Percentage of cybersecurity professionals who agreed with the following Ink Drop/Shutterstock franckinjapan/Unsplash C Y B E R S E C U R I T Y rowth of the internet in the 1990s fuelled an era of glo- balisation defined by a rapid pace of innovation, open trading and cross-pollination of technol- ogy across borders. However, popu- list movements in recent years have sought to reverse this tide and return to more protectionist postures. Fracturing trust among world leaders last year resulted in a rising number of trade sanctions and embargoes between nation states. These trade disputes restrict nation states from acquiring technologies and intellectual property (IP) vital to their local industries and security, while enterprises in affected coun- tries also risk losing access to new innovation and information. The result is the emergence of a cyber cold war reminiscent of the late-1940s to early-1990s when nation states frequently acquired technolo- gies and IP via espionage. But rather than sending in spies to physically steal information, the difference this time is the theft will be carried out through targeted data breaches launched remotely. It 's not only governments and secu- rity agencies that should be worried about these attacks because busi- nesses are likely to be caught in the cyber-crossfire, according to Luke Somerville, head of special investiga- tions at Forcepoint Security Labs. "It 's often IP supplied to govern- ments by private organisations that other nation states want to get their hands on, such as the designs for components, which may make their way into critical tools and infrastruc- ture," he says. "If they're no longer able to access that expertise on the open market, they will target those companies with a high calibre of cyber-attack to steal them instead. "Even if your company has no direct link with a target, you could still be affected. Beyond the general risk of collateral damage – the malware used on the 2017 cyber-attacks on Ukraine, for example, spread globally – you may be a target if you supply a government supplier or are even further down the chain. Compromising your systems may make it easier for the attack to flow up the supply chain and reach the real target." The cyber cold war means enter- prises must ensure they have the right security in place to protect them- selves from these kinds of cyber-at- tacks and prevent theft of their IP. Businesses certainly can' t be accused of not trying to do this as worldwide spending on information security products and services will exceed $124 billion this year, according to Gartner, but established approaches appear to be failing. The number of vulnerabilities, data records, new malware samples and malicious programs continue to grow each year, and large-scale data breaches are covered in the media on a regular basis. Executives are kept awake at night worrying about the impact a cyber-attack could have on their business and are well within their rights to ask why the extensive funding they're putting into secu- rity is not providing the protection they need? "The current paradigm is broken," says Duncan Brown, chief security strategist, Europe, Middle East and Africa, at Forcepoint. "There are tonnes of technology deployed out there, which is effective to a degree, but not stopping the breaches. The paradigm is to constantly try to second guess the hackers, essentially by looking in the rear-view mirror, but it 's a fool's game. "The attack community is much more creative than that. The para- digm needs to change. We can't keep spending all this money where it is palpably not working. Broadly, there are two main ways to prevent theft of your critical data: hope and pray, or get on the front foot and organise yourself to expect an attack. Many are still in the former mindset." Forcepoint, a cybersecurity soft- ware provider, advises all compa- nies to expect to be breached and to plan accordingly with a full incident response plan in place. Often the worse damage comes not from the attack itself, but the way the organi- sation responds. Equifax and TalkTalk both suffered significant damage to their brands by responding to their respective data breaches in a poor and knee-jerk manner. In the world of cybersecurity, knowledge sharing is also crucial. While many organisations tend to prefer to isolate themselves and keep intelligence in-house, this can restrict the overall ability of businesses to prepare effectively. A competitor to your products and services is still an ally in a cyber cold war and should be seen that way. Most of all, however, companies must now be prepared to switch their whole approach to security, focusing on understanding where their valua- ble assets are rather than on a phys- ical perimeter or stopping attacks from getting in. "The technology keeps being super- seded by new threats," says Mr Brown. "When a new threat vector is revealed, everybody scrambles around trying to fix it. We'll never have a 100 per cent view on the threat landscape, so we need to flip the paradigm and focus on what we can control." The answer lies in understanding the points at which people and data interact. Human interactions with data underpin every organisation, so tracking and analysing those interac- tions in detail enables companies to understand what 's abnormal. Once they know what 's abnormal, they can quickly and accurately detect when something is wrong. Forcepoint calls this approach human-centric behaviour analytics. Downloading a certain file may be normal for one employee, but abnor- mal for another. Understanding that context enables organisations to know what it is in control of and, by estab- lishing a base line, determine what is safe from what is unsafe. It puts them on the front foot. "We're trying to orientate the secu- rity strategy in an organisation around behaviour of people and their inter- action with critical data, then use the technology to provide the teleme- try that informs the model," says Mr Brown. "By understanding what the normal behaviour pattern is you can apply different risk assessment to each user. "Lots of companies really can't pre- dict how they're going to be attacked, but they worry about it a lot and this vulnerability stops business from doing what needs to be done. By understanding user behav- iour and the key data assets, you can free up that business. Human- centric behaviour analytics is the core engine that gathers the telemetry, and by gathering all of the telemetry from our various security systems, we can get a very accurate sense of how users are behaving on a network and interact- ing with data." For more information please visit www.forcepoint.com Companies must prepare for 'cyber cold war' The burgeoning global trade war is set to trigger a series of cyber-espionage attempts between nation states, and enterprises are likely to be caught up in the crossfire. With current security approaches failing to prevent breaches, a paradigm shift is required Commercial feature G The answer lies in understanding the points at which people and data interact 2 CAUGHT IN THE CYBER CROSSFIRE INDUSTRIES AFFECTED 2017 attacks on Ukraine showed a domino effect of damage into enterprise networks worldwide of all computers in Ukraine were wiped An estimated to spread across over 2,000 companies Cybersecurity Ventures TechValidate. TVID: 900-9BB-779 >$1trn 88% to be spent on cybersecurity over the next seven years of surveyed Forcepoint customers are concerned about potential attacks on the critical infrastructure their organisation relies on countries affected in damages Shipping Pharmaceuticals Financial Energy Health services Transportation 64 $10 bn 10% 5hrs AI-based technologies provide deeper security than what humans alone can provide AI-based security technologies simplify the process of detecting and responding to security threats and vulnerabilities AI-based security technologies will decrease the workload of IT security personnel 60% 59% 34%

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - cybersecurity-2019