Why Cybersecurity is More Important than Ever Before

Published in Security

The threat of cybercrime to businesses is rising fast. According to one estimate, by McAfee, the damages associated with cybercrime now stands at over $400 billion, up from $250 billion two years ago, with the costs incurred by UK business also running in the billions. In a bid to stave off e-criminals, organisations are increasingly investing in ramping up their digital frontiers and security protocols, however, many are still put off by the costs, or by the bewildering range of tools and services available. The following is a list of reasons why investing in cybersecurity is a sensible decision to make.

1. Rising cost of security breaches

The fact is that cyberattacks can be extremely expensive for businesses to endure. Recent statistics have suggested that the average cost of a data breach at a larger UK firm is £20,000. But this actually underestimates the real expense of an attack against a company. It is not just the financial damage suffered by the business or the cost of remediation; a data breach can also inflict untold reputational damage.

Suffering a cyberattack can cause customers to lose trust in a business and spend their money elsewhere. Additionally, having a reputation for poor security can also lead to a failure to win new contracts.

2. Increasingly sophisticated and organised hackers

Almost every business has a website and externally exposed systems that could provide criminals with entry points into internal networks. Hackers have a lot to gain from successful data breaches, and there are countless examples of well-funded and coordinated cyber-attacks against some of the largest companies in the UK. Ironically, even Deloitte, the globe’s largest cybersecurity consultant, was itself rocked by an attack in October last year.

With highly sophisticated attacks now commonplace, businesses need to assume that they will be breached at some point and implement controls that help them to detect and respond to malicious activity before it causes damage and disruption.

Why Cybersecurity is More Important than Ever Before

3. Widely available hacking tools

While well-funded and highly skilled hackers pose a significant risk to your business, the wide availability of hacking tools and programmes on the internet also means there is also a growing threat from less skilled individuals. The commercialisation of cybercrime has made it easy for anyone to obtain the resources they need to launch damaging attacks, such as ransomware and cryptomining.

4. A proliferation of IoT devices

More smart devices than ever are connected to the internet. These are known as Internet of Things, or IoT, devices and are increasingly common in homes and offices. On the surface, these devices can simplify and speed up tasks, as well as offer greater levels of control and accessibility. There proliferation, however, presents a problem.

If not managed properly, each IoT device that is connected to the internet could provide cyber criminals with a way into a business. IT services giant Cisco estimates there will be 27.1 billion connected devices globally by 2021 – so this problem will only worsen with time. With use of IoT devices potentially introducing a wide range of security weaknesses, it is wise to conduct regular vulnerability assessments to help identify and address risks presented by these assets.

5. Tighter regulations

It is not just criminal attacks that mean businesses need to be more invested in cyber security than ever before. The introduction of regulations such as the GDPR means that organisations need to take security more seriously than ever, or face heavy fines.

The GDPR has been introduced by the EU to force organisations into to taking better care of the personal data they hold. Among the requirements of the GDPR is the need for organisations to implement appropriate technical and organisational measures to protect personal data, regularly review controls, plus detect, investigate and report breaches.


The Role of AI in Cybersecurity

Published in AIaaS

The growing and evolving cyber security risk facing global businesses can be stemmed by the integration of AI into security systems 

 The Role of AI in Cybersecurity

Hyper-connected workplaces and the growth of cloud and mobile technologies have sparked a chain reaction when it comes to security risks. The vast volume of connected devices feeding into networks provide a dream scenario for cyber criminals — new and plentiful access points to target. Further, security on these access points is often deficient.

For businesses, the desire to leverage IoT is tempered by the latest mega breach or DDoS attack creating splashy headlines and causing concern.

However, the convenience and automation IoT affords means it isn’t an ephemeral trend. Businesses need to look to new technologies, like AI, to effectively protect their customers as they broaden their perimeter.

The question becomes, how can enterprises work with, and not against, artificial intelligence?

>See also: How AI has created an arms race in the battle against cybercrime

The emergence of AI in cyber security

Machine learning and artificial intelligence (AI) are being applied more broadly across industries and applications than ever before as computing power, data collection and storage capabilities increase. This vast trove of data is valuable fodder for AI, which can process and analyse everything captured to understand new trends and details.

For cyber security, this means new exploits and weaknesses can quickly be identified and analysed to help mitigate further attacks. It has the ability to take some of the pressure off human security “colleagues.” They are alerted when an action is needed, but also can spend their time working on more creative, fruitful endeavours.

A useful analogy is to think about the best security professional in your organisation. If you use this star employee to train your machine learning and artificial intelligence programs, the AI will be as smart as your star employee.

Now, if you take the time to train your machine learning and artificial intelligence programs with your 10 best employees, the outcome will be a solution that is as smart as your 10 best employees put together. And AI never takes a sick day.

It becomes a game of scale and leveraging these new tools can give enterprises the upper hand.

AI under attack

AI is by no means a cyber security panacea. When pitted directly against a human opponent, with clear circumvention goals, AI can be defeated. This doesn’t mean we shouldn’t use AI, it means we should understand its limitations.

AI cannot be left to its own devices. It needs human interaction and “training” in AI-speak to continue to learn and improve, correcting for false positives and cyber criminal innovations.

This hybrid approach already has proven itself to be a valuable asset in IT departments because it works efficiently alongside threat researchers.

Instead of highly talented personnel spending time on repetitive and mundane tasks, the machine takes away this burden and allows them to get on with the more challenging task of finding new and complex threats.

Predictive analytics will build on this by giving security teams the predictive insight needed to stop threats before they become an issue as opposed to reacting to a problem. This approach is not only more cost effective in terms of resources, but also is favourable for the business due to the huge reputational and financial damage a breach can cause in the long term.

Benefits of machine learning

Alongside AI, machine learning is becoming a vital tool in a threat hunter’s tool box. There is no doubt machine learning has become more sophisticated in the past couple of years and will continue to do so as its learnings are compounded and computing power increases.

Organisations face millions of threats each day, so it would be impossible for threat researchers to analyse and categorise them all. As each threat is analysed by the machine, it learns and improves. This not only helps protect organisations now, but compiles this valuable data for use in predictive analytics.

However, just staying ahead of the hackers and the threats they pose is not enough to protect organisations as the new vulnerabilities and new devices that come online will make this more and more difficult.

The continued and enhanced standardisation on data formats and communication standards is crucial to this effort. Once data flows and formats are clearly defined, not just technically but also semantically, machine learning systems will be far better placed to effectively police the operations of such systems.

The industry needs to work towards finding the sweet-spot between unsupervised and supervised machine learning so that we can fully benefit from our knowledge of current threat types and vectors and combine that with the ability to detect new attacks and uncover new vulnerabilities.

Much like AI, machine learning in threat hunting must be guided by humans. Human researchers are able to look beyond the anomalies that the machine may pick up and put context around the security situation to decide if a suspected attack is truly taking place.

The future

For the security industry to get the most out of AI, they need to recognise what machines do best and what people do best. Advances in AI can provide new tools for threat hunters, helping them protect new devices and networks even before a threat is classified by a human researcher.

Machine learning techniques such as unsupervised learning and continuous retraining can keep us ahead of the cyber criminals. However, hackers aren’t resting on their laurels. Let’s give our threat researchers the time to creatively think about the next attack vector while enhancing their abilities with machines.


Bring the noise: How AI can improve cyber security

Published in AIaaS

‘Researchers are now modelling how a malevolent AI system could develop, and have concluded that current cyber security practices are woefully inadequate’ 

Bring the noise: How AI can improve cyber security

Beleaguered enterprises are struggling to keep pace with cyber threats, and small and medium-sized businesses are hit hardest of all due to limited resources.

A recent survey by the Federation of Small Business (FSB) found 66% of those questioned had been a victim of cybercrime over the past two years, and only 4% had an incident response plan in place in anticipation of an attack.

For many, cyber security takes them into unfamiliar territory and depletes the time spent on core business activities.

This has seen an over-reliance upon point solutions, poor attention to patching and updates, and a failure to apply strategic business-specific security controls.

To make matters worse, the potential attack surface is only set to widen as the Internet of Things sees sensors and IP-enabled tech insinuate themselves into every niche of society, even the small business.

A badly configured humble kettle could open up a conduit onto a business network, for instance. Yet the current situation finds many SMEs ill-prepared for any change in the threat spectrum, being unable to monitor, detect and respond to an attack – begging the question, how will they cope with yet more holes in the network?

What is needed is some form of automation coupled with artificial intelligence; a system that has visibility of the network and can monitor activity and alert the business to enable security resources to be focused as and where needed, thereby conserving spend, but which is specific to the business.

High-level data processing has been available for some time in the form of security incident and event management (SIEM) systems that, when combined with a security operations centre (SOC), can correlate data and issue alerts.

But these systems can be costly and complex to deploy and manage, with reports estimating it takes up to six personnel to run a SOC 24/7.

Even then, the information derived from these tools needs to be correctly interpreted and actioned upon. And few SMEs have data scientists on the pay roll.

For this reason, AI is beginning to receive more attention. It takes complex event processing and performs pattern analyses, using machine learning, to improve success rates.

In the context of a SOC, AI can be used to extract hidden correlations and detect complex attack vectors, as well as by assisting analysts looking for traditional attack patterns by offering multiple filtering options.

It can then assess the potential for these events to scale-up and evolve into attacks. Threat feeds are assessed in the context of the business, so that criteria such as geography, sector and compliance requirements are used as parameters externally, while internal elements, such as business strategy and the risk profile, are included to create an overarching view –allowing the threat to be assessed against the risk appetite of the business before determining a response.

As opposed to a traditional SOC, an AI SOC demonstrates machine learning and uses deep threat intelligence. It can drill down further for data and use advanced penetrative techniques to mine information from dynamic data sources such as those associated with social media and even off-grid in the dark web.

This can give the business advance warning of an impending attack in real-time as data can be collated, sifted and interpreted using predictive data analytics to forecast likely event outcomes.

The FSB survey found that the most common form of attack against the SME were phishing attacks experienced by 49% of respondents, with 37% experiencing the more targeted spear phishing attack.

These can readily be spotted and filtered using automated software. Trickier and more difficult to anticipate are denial of service attacks, aimed at crippling websites, and ransomware attacks, which use DDoS attacks or malware to demand a release fee.

Both are on the increase in the SME sector, with the FSB survey reporting five percent of respondents had experienced a DoS attack and 4% ransomware.

By the time a DoS has been executed, the business is already caught off guard and is potentially in a capacity war, forced to scale up resource to fend off the attack.

Yet, with sufficient warning, the SME can use a DoS solution to throttle the attack. The key is getting that information in advance for it to become actionable intelligence and that can only be achieved by applying AI in the form of complex algorithms that can spot rogue activity.

For instance, DoS attacks are highly organised in nature and are often planned on forums hosted on the dark web. Tap into those conversations by using the parameters referred to above and you can create a window into underground activity that can trigger an alert when the noise merits it.

Real-time SOC services are now emerging that can deliver this type of capability to the SME and it doesn’t need to cost. Outsourcing can provide the SME with access to the technology, the AI, and the personnel needed to man the operation, thereby giving the sector access to high-level security services using economies of scale for the first time.

When selecting a supplier, it’s the intelligence that you need to look for, so in addition to the usual requirements such as SIEM, event logging and data analytics, it’s beneficial to look at the managed services on offer.

Ask how data is captured and correlated and analysed and by whom? Can it dovetail with your day-to-day business operations to provide business intelligence?

Finally, bear in mind that the threat spectrum is constantly evolving. Cyber security sees security solutions and attackers pitted against one another in a never-ending arms race.

If we now have AI security solutions, businesses should expect to see malicious AI systems in the future.

Researchers are now modelling how a malevolent AI system could develop, and have concluded that current cyber security practices are woefully inadequate.


The Rise of the Machine: AI and the Future of Security

Published in AIaaS

The need for a cyber security overhaul is necessary as IT professionals know signature matching is no longer an effective means to identifying current attacks. 

The Rise of the Machine: AI and the Future of Security

AI has impacted our day-to-day lives for years, whether that’s automated voice calls or virtual personal assistants – like Siri – or even self-driving cars.

The next step is to implement AI technology into personal and cyber security systems.

Currently, one or two guards will monitor a bank of security screens, and it is a successful method of security, but it is not full proof.

Eliminating human error is a key driver behind bringing Artificial Intelligence to security through intelligent video analytics.

Humans can easily get distracted, generally have short attention spans, and often find it difficult to focus on multiple things at once – a bank of security screens.

In an article written by Dr. Mahesh Saptharishi, Senior Vice President of Analytics and Data Science at Avigilon, he explains: 'While a security officer might miss a person sneaking into a poorly lit facility, a camera backed with intelligent video analytics is designed to catch a flash on the screen and recognize it as a potential threat.'

'It will spot a person loitering at the perimeter of a schoolyard and alert on-the-ground security officials to investigate and take action if necessary, all without missing a beat and keeping close watch on the many cameras and locations.'

Just as AI can be applied to personal security systems, so to can it with cyber security systems.

The need for a cyber security overhaul is necessary as IT professionals know signature matching is no longer an effective means to identifying current attacks.

Hackers can easily conceal their attacks from these signature matching security systems.

A rejuvenation of the current system is needed.

>See also: Bring the noise: How AI can improve cyber security

Yesterday, DB Networks announced its DBN-6300 and Layer 7 Database Sensor software, were being deployed to successfully implement AI in the cyber security environment – to automatically protect databases’ infrastructure.

"AI-based cyber security is truly a sea change in the security industry," said DB Networks' Chairman and CEO Brett Helm. "AI enables us to quickly and accurately…identify cyber attacks in progress. In future generations of product, DB Networks will use the output from AI to drive autonomous cyber security technologies that not only block attacks but also automatically heal the vulnerabilities."

Caution, as always, must be taken – a Skynet scenario (for those of you who have seen Terminator), while unlikely, is not beyond the realm of possibility given this is the direction human technology is heading.

But the integration of AI into personal and cyber security systems is a natural progression as technology develops. It is more efficient and not hindered by human error.

Artificial Intelligence will of make locations – physically and virtually – safer by making technology more efficient and adaptable.


Cybersecurity Myths You Should Stop Telling Yourself

Published in Security

Cybersecurity can be a magnet for myths. Attacks emerge and cripple systems availability or swipe data quickly and unexpectedly. It happens so fast that the myths so many of us hold onto as facts are only apparent in the aftermath of an attack.

While many cybersecurity myths persist, some are more damaging than others. Let’s examine four common cybersecurity myths and their impact on risk.

Myth 1: Small organizations are low-value targets for hackers.

Cybersecurity Myths You Should Stop Telling Yourself

Buying into cybersecurity myths can leave your company vulnerable to attack.
Learn about common cybersecurity myths and how they impact risk.

Thinking you’re not a target is one of the biggest mistakes your company can make. According to data collected from more than 2,200 confirmed data breaches, 58 percent of security event victims were small businesses. Why would malicious actors target small companies?

  • Compute resources are valuable – Malicious actors seek out available computing resources as network nodes to expand their bot networks, which they use to initiate DDoS attacks, for cryptojacking, to propagate ransomware and spam or for numerous other crimes. Malicious actors build their networks by leveraging free resources, and your systems might be among them.
  • Data is power  Every organization stores some data that’s critical to its business, but holds little value to others. Malicious actors exploit this by unleashing ransomware that cuts off data access, availability, or both, crippling the organization. Malicious actors then generate revenue through ransom payments.
  • You’re an easy target – Malicious actors use continually running, automated tools to target vulnerable organizations that allow them easy access. That increases their chances of a quick win, especially since vulnerable targets might not realize they were attacked for months.
  • Your access is valuable – Small businesses can be used as a “beach head” into other targets. Malicious actors might target seemingly innocent, low-risk third-party vendors to get to those vendors’ customers. A breach at customer service software company earlier this year gave malicious actors access to Delta Airlines, Sears, Kmart and Best Buy.

Myth 2: There’s no reason to invest in security when organizations with tight security controls still experience security breaches.

Some organizations rationalize a small cybersecurity budget by arguing that investing in security is a losing game. They hear about security breaches at large organizations, with presumably large cybersecurity budgets, and assume if these organizations can fall victim, then what chance does their organization have? Let’s look at a few reasons why this is not the case.

  • Tools are just one pillar of a solid security strategy  People and process are the two others. An organization allocating budget toward security might not be funneling it to the most effective areas. An organization can have a big budget for tools but if it lacks the right cybersecurity talent or its processes are faulty, it can still get hit.
  • Tools do help – Multiple breaches have illustrated how long it can take before an intrusion is detected. Malicious actors stole 880,000 payment cards from Orbitz in a data breach that occurred between October and December 2017, but the company didn’t spot the evidence until March 2018. Tesla only discovered a cryptojacking operation in a cloud account when third-party researchers tipped off the car maker. Organizations that invest in reactive security controls like SIEM tools, in combination with proactive security controls such as Intrusion Prevention Systems (IPS), may identify suspicious behaviors earlier and limit the damage. With such security controls, an organization can more quickly and easily identify when the breach occurred, the potential infiltration source and how the malware spread.
  • The cost of recovery can be higher than the cost of security – Organizations that shrug off tight security controls are focusing solely on the immediate effects of infiltration, not on the total cost of the security incident. Granted, security controls are not 100 percent effective at detection and prevention, but they can save significant time and money during each of the subsequent incident response stages: analysis, containment, eradication, recovery and post-incident activities.

Myth 3: Our organization has not been breached before, so we’re still safe.

Often, organizations incorrectly assume their security risks remain relatively static, when they don’t have a way to effectively evaluate those risks. Projecting future risks based on historical events can be dangerous, especially because people often underestimate the following:

  • What needs to be secured – Defining the scope of what to secure requires identifying exactly how many applications, servers, network devices, storage devices and more are within your organization. When faced with either insufficient or overwhelming amounts of data, the scope may be simplified and assumptions drawn that can lead to vulnerabilities.
  • Unexpected delays – An organization might not include adequate protection for an obsolete server that’s being decommissioned. Schedules slip, and vulnerabilities are introduced when the old, no-longer-patched Windows 2003 server remains connected to the environment months later.
  • Underestimated targets – Similarly, organizations might assume a particular server doesn’t contain sensitive data and is less likely to be the target of an attack. As we’ve discussed, it might not be data that malicious actors are after. Your servers might be valuable as a foothold into the environment, for example.
  • Human psychology – Lastly, people often underestimate risk due to future aversion – the problem of assuming that because the future is unknown it cannot be tested.

Myth 4: Security is an expense, not a revenue generator.

Organizations prioritize investment in services that generate revenue, especially when budgets are tight. This can leave cybersecurity, viewed as an expense, on the back burner. But cybersecurity can be a revenue generator – here’s how.

  • Security influences buying decisions – Organizations that store personal, financial and other sensitive data need to ensure it’s secure. Organizations can influence customers’ perception of security by proactively marketing the high level of security they adhere to, differentiating their organization from their competitors.
  • Lack of security impacts availability – Data breaches are only one impact from an adverse security incident. Another is downtime. Consumers can’t purchase products or pay for services if a web site, or the infrastructure that supports web transactions, is unavailable. When ransomware brought the City of Atlanta to a standstill, for example, it couldn’t accept payment from residents for common city services for six days. The lack of adequate security directly impacted core business operations.
  • Security can be a value-added service – For instance, a Software-as-a-Service (SaaS) provider may offer three tiers of service to its customers: gold, silver and bronze. It could bundle in a Service Level Agreement (SLA) with higher levels of availability and higher levels of security controls associated with higher service tiers. Whether your organization has the in-house tools and skill sets required to offer specific security services or you’re passing the costs of a Managed Security Service Provider onto the end customer, security can become a new revenue stream.

The bottom line

Whether it’s assuming you’re not a target or that security spend is only ever an expense, buying into these common cybersecurity myths can set your organization up for serious disruption, unhappy customers, a tarnished reputation, not to mention the cost of recovery.

What are some other cybersecurity myths you’ve encountered?

Subscribe to this RSS feed