Instances of global cyber crime continue to increase, in some cases threatening a company’s very existence. “We are on the verge of cyber attacks causing real physical damage and hurting the foundation of our civilization,” Noam Rosenfeld, senior vice-president of Cyber Intelligence Solutions at Verint Systems and previous head of the Cyber Defense Department in the Israel Defense Force told a Gordon Institute of Business Science (GIBS) Forum recently.
Augmented cyber security, combining human intuition and judgment with computer processing capabilities, would be essential in fighting the battle against increasingly sophisticated cyber threats.
Cyber security is constantly evolving, bringing with it new complex challenges and a host of new priorities for governments, organisations, and the private sectors. Rosenfeld outlined three emerging trends in cyber attacks:
- Attacks targeting essential infrastructure such as electricity, financial and communications infrastructure, and attempts to undermine democracy.
- Evidence of real growth in the co-operation between attackers. Whereas in the past certain attack methods could only be used by nation states, they can now be used by simple attackers through co-ordination on the dark web.
- New kinds of sophisticated attack methods such as those using artificial intelligence and remote access takeovers through Internet of Things (IoT) devices. This method uses the processing power of the devices to create a denial of critical services. “Defending IoTs is complicated. Every device has different protocols, and you need a defense for each protocol. The development of IoT is going to be a huge challenge,” Rosenfeld said.
Ransomware, malicious software or malware attacks were likely to continue, as many organisations had not updated their networks to deal with the threat, he said.
Creating threat awareness
Rosenfeld said there needed to be a major paradigm shift in the way organisations approach cyber, and move from a cyber security mindset to one of cyber defense. “The problem is that we are not taking the threat of attack seriously. Until you are hacked, you are okay.”
“The challenges in the cyber arena can be compared to real world terror attacks. While we are looking at two different types of warfare, they are both experiencing similar challenges. It is not a mistake to adapt some methods from other domains.”
The most important factor is the awareness that a threat is imminent. Simple defense mechanisms include treating the organisation as if somebody is already within the network, breaking routines and minimising the number of administrators.
CEO or leadership understanding of cyber security issues is also important: “The competition to win and gain market share is important, but the competition to win in the cyber battle is critical,” Rosenfeld said.
A cyber security strategy
Cyber security was often perceived as an IT issue; something technical that IT was expected to manage. However, “cyber threats continue to grow. Most organisations have an unstable security structure built layer upon layer according to an IT perspective without any strategy which can be breached easily.”
Rosenfeld said by trying to defend everything, companies often ended up defending nothing, and should invest in cyber security solutions to defend critical areas. Without a cyber strategy, dozens of security tools may not help to defend the network. A cyber security strategy can help the organisation to identify relevant threats, mitigate and sometimes stop attacks before they enter the network.
Such a strategy should be built on a combination of intelligence, technology and operational ability with the right processes to manage them.
AI and augmented cyber security
Leveraging artificial intelligence and big data analytics may become crucial in the future as the frequency of attacks increase.
“We are going to see an emergence of threats that analysts cannot deal with alone. They need machines to help them. This means there is a need to build a solution based on the mutual empowerment between the man and the machine to dramatically improve the efficiency of human analysts and harness the power of technology to make the world safer. There are a lot of things that computers can do instead of man. And there are a lot of things they cannot do. Let’s do a mutual empowerment between these two.”
Rosenfeld explained that a combination of human intuition, value judgment and common sense, together with the automation and processing capabilities of computers could beat humans working alone at almost every task. Such solutions would give the ability to shorten the time between threat detection and response. “It’s as if you have a team of virtual analysts working 24/7 to investigate every alert in the system,” he said.
“I don’t think the situation is going to improve,” Rosenfeld said in conclusion. Protecting organisations from cyber threats means having a strategy for defending the network; the right awareness in the organisation and assuming there is already an attacker in the network who needs to be found.
“The work of the defender is going to be very hard. But, if we don’t adopt automation we don’t have a chance to deal with this - we need the power of automation to reduce false alarms. We are going to see a lot of events, and augmented cyber security will help us to choose what to deal with.”