The Invisible Enemy?

By Peter Boyle, CTO, Burning Tree

Two weeks before WannaCry crippled the NHS, halted car production in Japan, and disrupted rail systems in Germany; IDT had been attacked with a degree of sophistication not seen before. Golan Ben-Oni, Global CIO for IDT – recently featured in a very thought-provoking article in the NY Times because of this attack – was determined enough to defend his company. The question is, did the attackers go after other companies? And if so, were they successful?

My guess is that we’ll know more in the coming months.

But the key message for me is, “are we ready to deal with a set of security threats and techniques that are bound to evolve at an ever-increasing pace?” We’re used to dealing with patterns and signatures and a lot of our security protection is based on spotting and preventing those patterns. Inevitably we can never rely 100% on that approach, and the industry has pretty much accepted that determined attackers will find a way in.

Taking a different approach to data security

No one is truly safe from potential ransomware, malware or other forms of cyber attack. They spread too rapidly across networks that have to be increasingly dynamic to meet the core business requirements for Digital Transformation.  Data is valuable, both to the organisation and the cyber criminal. As we gear up for GDPR it will be interesting to see how companies deal with requirements around the management of data. We have to expect that in some cases the criminals will get there first.

Digital transformation is indeed partly responsible. New Business Models, the Internet of Things (IoT), mobile, and Infrastructure Transformation are all making it easier for potential malevolent access to sensitive customer and corporate data. Software is everywhere. Most of it helps businesses improve processes, thereby saving time and money, making communicating and collaborating easier. Unfortunately, we continue to see a significant element of early-to-growth stage software and IoT companies under-invest in cyber security. Some see growth at any cost as a higher priority.

Instead, software vendors place their trust in cloud service providers and the infrastructure their services are hosted within. That isn’t the same as them doing everything they reasonably can to protect customer data. This means that software providers are vulnerable, which leaves you, the end-user and your customers at greater risk of cyber attacks and data breaches.

WannaCry, Petya and other attacks have raised the recent profile of Cyber Security, and there is no doubt that data breaches can cripple companies.

At the same time, too many of us – including those in the cyber security industry – are too reliant on information from software vendors and cloud providers. As a result of a trend towards, “Better, Faster, Cheaper” security tools and software, we expect more from the investment in our security capability. A lack of resources and skills means that we can’t simply throw more people at this problem.

As attacks become more complex, organisations cannot afford to wait 100 – 200 days before a breach is discovered and In May 2018, once GDPR is in force, that sort of delay would most certainly incur a fine for failing to notify data subjects within 72 hours.

Although there is no one-size-fits all solution, we believe that smarter detection is part of the answer. Organisations need smarter detection across and within every aspect of your systems and networks. Leave nothing beyond the reach of your detection grid.

Beyond enhanced detection capabilities, Artificial Intelligence (AI) is going to take data and cyber security to the next level. But watch out for vendors that are all talk and short of a few processors. Make no mistake, security AI algorithms are complex and take time to develop and enhance.

An AI in a security capacity needs to learn and adapt to evolving human and computer threats. Vendors who understand evolving threats and are involved in fine-tuning an AI should demonstrate that their product is built with data science in the core, with a proven team of data scientists that have been working together on this problem and in this space, for a number of years.

You need to ask a few key questions when assessing security AI providers:

  • Is the AI truly proactive and self-learning, autonomous, creative, embedded in the internal and external environment?
  • Can it operate without any manual intervention, tuning or configuration?
  • How are the algorithms themselves protected?
  • How does the AI recognise and respond to attacks?
  • What techniques are used to reduce the number of false positives?

Staying safe and protecting data is increasingly going to be in the hands of artificial intelligence. This is the future of cyber security and more companies are switching to this approach. Getting this right means we can spot attacks and breaches earlier, security costs will reduce and cyber security teams can stop focusing on everyday threats and start to contribute to operational growth and long-term security objectives.

If you would like to have a chat about any of this in more detail, please get in touch. Call 01252 843014 or email info@burningtree.co.uk