For anyone reading the news regularly, it’s not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider’s perspective, I can add that tackling them is a fast mounting challenge for the millions of businesses that come under attack daily.
Modern cybersecurity technologies – assuming you have already put in place the right professionals, policies, and processes − are a must. But organizations deploying them need to look beyond the boxes that sit on their racks.
What underpins your security appliances is invisible, but plays a pivotal role in ensuring that those boxes block the threats that imperil your business. Threat intelligence − or more specifically, the security appliances’ ability to know the ins-and-outs of the evolving threat landscape and then respond to them appropriately – is the fuel that powers your cyber defenses.
Getting timely, accurate and predictive threat intelligence is much tougher than it sounds. It calls for a robust security team that includes a focus on threat intelligence. This encompasses several components:
But the future belongs to technologies like big data analytics and artificial intelligence. A mature AI system will be able to constantly adapt to the growing attack surface, automate complex tasks such as correlating and analyzing raw threat intelligence, and then make autonomous decisions at digital speeds.
No matter how advanced AI becomes, however, full automation – or the passing of 100% of the control to machines to make all the decisions all the time – is not currently attainable. Human intervention will still be needed for some time. For example, while big data and analytics platforms allow malware progression to be predicted, malware mutation is still beyond the scope of current technology. Only a skilled and intuitive human mind could currently foresee that a ransomware attacks like Wannacry would embed the National Security Agency’s vulnerability exploits to allow it to propagate on unpatched systems.
But the patterns are there to see. Malware evolution, for example, will intrinsically follow technological evolution, such as how people blend new technologies into their everyday life. If in the coming years, for instance, self-driving cars and wearable IoT find widespread adoption, cybercriminals will – as they have always done – find ways to ride the wave and exploit those cars and devices. Likewise, cryptocurrencies, if they continue to grow at their current rates, will attract herds of hackers.
The concept of automation is opening up many new possibilities for cybercriminals, and turning up the heat on organizations. As hackers step up the amount of automation in their malware, attacks will not only come at organizations faster, they will also reduce the time between breach and impact, while learning how to avoid detection. Increasingly, firms will need to respond in near real time − in a coordinated fashion across the distributed network ecosystem, from IoT to the cloud. This means not only implementing and integrating effective security tools, but building a security team of highly skilled professionals. Not many enterprises have the capability to do this today, and that’s something CIOs should start worrying about.