05 Feb 2019
Cybersecurity under the spotlight: AI-powered defences
Cyber-attacks and data breaches continue to increase in both incidence and intensity, so how can you protect your business?
Hackers do not discriminate. You could be the front of house or the head of a multinational corporation and still be a target. Cybersecurity has become such an issue in the UK that our government has earmarked a £1.9 billion investment to develop new technologies to protect our nation.
For Menny Barzilay, co-founder and CEO of cybersecurity firm FortyTwo Global, the problem stems from human error. “I have a lot of people come to me and say: ‘I’m not afraid. Nobody will hack me. No one cares about me. No one knows me. Why would anyone hack me?’ And this is not true. It’s very important to understand that everyone has personal information that can be monetised by crime.”
‘If a business has the ability to react to a breach within 24-48 hours, that’s often enough to prevent any kind of damage.’
According to the government’s 2018 Cybersecurity Breaches Survey, the average cyber-attack costs medium-sized businesses an average of over £16,000 per year. Scams range from identity theft to authorised push payment fraud, and those are just the common ones. So how can businesses protect their data when it seems like we’re fighting a losing battle.
The number one method for preventing hackers is deception. It means building fake databases and assets inside your network that store no real value or information. They are there to see if a person is trying to take your information and to protect your real information too.
“It’s a very interesting technique, because if you’re a hacker and you don’t know the network, you find a database that is vulnerable with a great deal of seemingly sensitive information,” says Barzilay. “What they don’t realise is that from the moment they enter the database, everything is recorded.”
“But it often takes hackers a few days or weeks to find the most valuable financial or personal data held on a network. Then, if a business has the ability to react to a breach within 24-48 hours, that’s often enough to prevent any kind of damage.”
Deception systems are an important tool. But you should only implement deception systems after you have taken care of the key controls such as Firewalls, Patch management, Siem systems, Permission management, Network segmentation.
Dwell time is the duration a hacker has undetected access to a network before they are removed. Deception is particularly good at reducing dwell time as it allows businesses time to detect potential hackers.
According to the Cyber Evolution: En Route to Strengthening Resilience in Asia, the average dwell time in Europe, the Middle East and Africa is approximately 106 days.
Another big challenge stems from the volume of data businesses store, which makes it difficult to monitor and protect. Even on a personal computer Firewalls or intrusion detection/prevetion systems bombard us with potential threats that are mostly innocent. To solve this problem, cybersecurity operations use a new generation of automatic incident response systems to identify genuine threats.
“These systems analyse your data, will enact some forensic automation and then give a human operator the end result,” says Barzilay. “It means you can ignore those 50,000 alerts from your anti-virus. This technology, for example Security, Orchestration, Automation and Response (SOAR), will highlight anything it flags as interesting and alert the end-user".
SOAR is becoming so popular that research and technology company Gartner predicts by the end of 2020 around 15% of businesses with a security team of more than five people will use SOAR.
It’s very important to understand that everyone has personal information that can be monetised by crime.
The artificial hacker
What we’re starting to seeing today is the virtual hacker, says Barzilay. Virtual hackers are artificially intelligent programmes designed to mimic the actions of a real hacker. They will try to attack everything in your network to show you the vulnerable paths real hackers might use to access your data.
“Instead of hiring a company that do penetration testing once or twice a year, the virtual hacker will do it 2000 times a year,” says Barzilay. “Those systems are not as sophisticated as real hackers, but they will become more and more sophisticated over time and will seriously help you identify potential threats.”
An experienced penetration tester can mimic the tools and techniques employed by criminals and leave a device unharmed.
The key thing to remember about cybersecurity is that it’s up to you to ensure your devices are secure. Many of these issues can be solved by traditional cybersecurity advice, with some being explored above. By ensuring you have a few systems in place you are closer to protecting your business' sensitve data and saving yourself time and money.