The ubiquity of high-profile cyberattacks in the last few years have highlighted the importance of online security, and AI and machine learning (ML) might be the antidote against cybercriminals.
Almost every organisation in the world, regardless of what industry or sector, is at risk of suffering a crippling cyberattack at any given moment. With the rapid digital shift during the pandemic, threats from online scams are only getting worse and the scale and severity of incidents have escalated. The Colonial Pipeline attack has shown no one is immune as online threat actors continue to employ a suite of sophisticated methods for hacking. Compliance Solutions Strategies (CSS) Director, Cyber IT Services E.J. Yerzak said, “Every company is now a data company, increasing the target on the backs of all of them.”
Figures clearly indicate that cyberattacks are on the rise and are becoming more damaging for companies. Dealing with the fallout of breaches isn’t cheap. The average cost for a firm to recover from a ransomware attack jumped to $1.85m in 2021, per research by Sophos. Attacks are increasingly causing consequences to be felt beyond the perimeter of an organisation, as demonstrated by Colonial Pipeline being forced to shut down operations causing fuel prices along the East Coast to soar.
According to Yerzak, cyberattacks by nation states have grown in complexity and sophistication impacting critical national infrastructure. The SolarWinds attack, for instance, infiltrated organisations across the world via seemingly legitimate software updates. What these kinds of stealthy supply chain attacks have made startlingly clear is the capacity for a cyberattack to cripple enormous sections of national infrastructure and have the potential to cause substantial damage.
Tellingly, it is no longer an option for government cybersecurity policy and technical strategy to be reactionary when attackers are already employing ransomware to sabotage critical systems. Yerzak said, “The key to moving from an ad hoc, reactive cybersecurity program to a mature, proactive program is well-documented processes. Formal cybersecurity policies and procedures establish a strong risk governance framework, providing for ownership of risks by relevant business units.”
Along with causing hurdles for governments, incumbent enterprises like Ashley Madison, Microsoft, Facebook and Netflix have too fallen prey to the malicious intent of digitally savvy offenders. SMEs aren’t left unscathed either; the Federation of Small Businesses estimates that small British firms annually spend £5.26bn dealing with cyberattacks.
Additionally, the ongoing Covid-19 has exacerbated the threat of attacks. “Remote and traveling workforces expand the risk footprint of a business to every single device and app used by the business. Containing these threats requires a strategic approach to processes, people, and technology,” Yerzak opined.
The key reason for companies becoming increasingly vulnerable to cybercriminals is that these attacks have become commoditised. Yerzak said, “Malware and ransomware as a service have made it possible for anyone with a few dollars to add a cyberattack and a target to one’s shopping cart and launch it against a company.” Online fraud could be in the form of bot attacks, false invoices, money laundering, phishing attempts and ransomware.
Pointing out the main concern for companies, Yerzak said there is a lack of experienced staff. He said, “Many companies are hard-pressed to find qualified, competent cybersecurity expertise and talent needed to take a holistic, proactive approach to cybersecurity.” Frost & Sullivan predicts that the growing gap between available qualified cybersecurity professionals and unfulfilled positions will reach 1.8 million by 2022. In addition, the 2020 Cybersecurity Workforce Study conducted by (ISC)2 found that employment in the field needs to grow by circa 41% in the US and 89% worldwide to fill the present talent gap. “Until nations do a better job of educating workforces for the skills of tomorrow’s security jobs, firms will be in a defensive posture when it comes to cybersecurity,” he continued.
The challenges don’t end with lack of qualified cybersecurity professionals. Those working as security professionals are under constant pressure as they need continuous training and professional development to keep up with evolving technologies and the threat landscape. Yerzak continued, “What tends to happen is that those firms who are able to hire cyber staff in house end up spending most of the time putting out fires instead of fireproofing the house. Cyber teams are stretched thin, creating opportunities for more vulnerabilities to remain unmitigated for too long.”
Is AI the “Mjolnir” to combat cybercriminals?
Having robust cybersecurity encompasses multitudes of subdomains – from malware analysis, penetration testing and code review to forensics, threat intelligence and risk assessment. It also entails regulatory compliance, cryptography, network monitoring, and timely incident response. Traditional security tools lack the ability to detect a potential cyberattack that may threaten to destabilise a company’s or even a city’s entire infrastructure.
Moreover, the most qualified human security teams can be easily outsmarted by complex lines of code with attacks capable of disabling several components of a system at once, Yerzak detailed. Consequently, the solution is to deploy technologies that can respond autonomously when humans cannot. This is where AI and machine learning comes in.
By analysing data from millions of cyber incidents and using it to identify potential threats – from an employee clicking on phishing links or a new variant of malware – AI can be used to improve human analysis.
Yerzak believes that AI is the shield which can be essential to protect one against online danger. He said, “Knowledge is power, and as data volumes continue to increase exponentially, AI and machine learning will play ever-increasing roles in helping firms filter out the relevant threat intelligence from all the cyber noise.”
AI – bane or boon?
It takes no expert to see that instead of waiting for the inevitable, companies must start reassessing their basic cyber hygiene practices, updating the patches and accounting for human error and shortcomings.
For Yerzak, while the golden nugget has been the use of AI and machine learning, he added that it might be a double-edged sword. By using advanced technology, cybercriminals have tried to tweak their malware code so that security software no longer recognises it as malicious. A report by Europol warned that AI is one of the emerging technologies that could make cyberattacks more dangerous and more difficult to spot than ever before.
Yerzak said, “AI and ML capabilities will further the cat and mouse game, making it easier and easier for cybercriminals to create convincing deep-fakes and to launch sophisticated attacks with minimal interaction, while simultaneously increasing the ability of threat hunters to find and detect relevant risks.”
How CSS can help in fighting back
Clearly, as technologically connected cyber-physical environments become more prevalent, so does advanced attacks targeted against them, therefore making risk prevention and mitigation increasingly essential. Companies must deploy measures to proactively stop threats before they are able to release malicious software throughout a digital ecosystem. And according to Yerzak, CSS can help firms “to elevate the strength and maturity of their cybersecurity programs from reactive to proactive.”
CSS’s AI-based risk management database has proven capable of increasing visibility across all environments, Yerzak continued. Essentially, CSS’s solution specialises in threat identification with end-to-end encryption for communication and collaboration of vulnerabilities and remediation with relevant stakeholders. Building on the operation of CSS’s cybersecurity technology, he detailed, “The CSS solution provides a risk management dashboard and data warehouse for tagging and tracking issues through to resolution and offers the ability to interact with our cybersecurity experts with the click of a button for detailed explanations of technical concepts.”
The surveillance software is even able to detect the silent and stealthy attacks that slip under the radar, as well as monitor the dark web for compromised credentials “to supplement the research and threat analysis of our cybersecurity experts,” Yerzak added.
Alongside detecting anomalous activity that appears, CSS’s AI solution autonomously distinguishes between malicious and benign. “Our cyber solutions enable firms to sift through the noise to quickly see which risks are worth worrying about and should be prioritised, and which issues present a lower level of risk in the context of their particular business,” he said. “Partnering with a firm like CSS can help reduce your cyber risk, enabling you to focus on your core business.”
It’s no secret that the impending gravity of cyberattacks results in serious collateral damage. While it is impossible to guarantee complete protection against an attack, organisations must prioritise security to deter would-be attackers and enable recovery. In IBFS global chief information security officer Stephane Nappo’s words, “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”
Yerzak concluded, “Regardless of how far the technology itself advances, cybersecurity programs will continue to need the right combination of technology and strategic partners to be able to find risk and communicate risk in a meaningful, actionable way to the business itself.”