If you’re struggling to figure out how to protect against cyber attacks in an age of increasingly deadly threats, try modelling your cybersecurity strategy on the human body’s immune system.
That’s the advice Nabil Zoldjalali, Senior Cybersecurity Technology Manager at Darktrace, gave to attendees at the recent iTech Conference in Toronto. Zoldjalali helps mid- to large-sized organizations secure networks experiencing “chaotic growth,” so he understands all too well the challenges of meeting security needs in today’s world of expanding network perimeters. While growth is a healthy sign of business success, it often leads to a proliferation of IT, and as a result, legacy security is constantly outpaced.
You’re probably nodding your head, because you know it’s not easy tracking what’s on your network, which is now connected not only to servers, virtualized infrastructure, and the public cloud but also a myriad of unsecured IoT devices—from cameras to smart coffee machines. “All of a sudden you have a massive network and you don’t know where the boundaries are,” Zoldjalali said. It’s nearly impossible to get complete visibility, and you can’t protect what you can’t see.
Scarier still is how quickly threats are evolving. The latest trend is toward trust attacks, according to Zoldjalali. That’s when the bad guy doesn’t simply steal your sensitive data but changes it—moving some decimal places on a financial spreadsheet, for example. The bad data is then replicated, making the usual security safeguards ineffective. Amid all these complications, it’s time to look for new ways to bolster your network’s immune system. Otherwise, it may get infected by an attack you can’t fight off.
Watch out—the bad guys have best practices, too
Most organizations follow some best practices as part of their cybersecurity strategy—perhaps not using easy-to-guess passwords or training users to watch out for phishing attempts. But attackers have their own best practices, too, and those practices include proactively coming up with new tools and tricks you don’t know how to fight yet. In that same vein, hackers are now using artificial intelligence (AI) to crack into networks.
They aren’t the only ones who can use AI, though. AI and machine learning are now part of the cybersecurity toolbox. Recent years have seen a rise of products that can monitor entire networks—even those with fuzzy perimeters. These products watch for suspicious activity by comparing it to the norm instead of monitoring for known threats. Just as your own immune system will fight off a disease even if your body has never encountered that particular virus before, AI cybersecurity tools have the potential to fight off cybercrime even if it comes through an attack vector you don’t recognize.
Make sure your cybersecurity strategy factors in the unknown
Traditional network security looks for activity it knows is bad, as do traditional endpoint security tools, but firewalls can’t monitor the full breadth of IoT traffic, and you can’t install anti-virus software on something like a videoconferencing camera. If your network has its own AI-powered immune system, it can instead learn what’s normal in your network and watch for any deviations from the norm. This is especially valuable, because AI can detect scenarios people wouldn’t consider looking for, such as a breached videoconferencing camera that records people talking in the boardroom—something Zoldjalali said happened to one of his clients. This is an example of the huge surge of IoT-related attacks organizations have barely begun to prepare for.
Other normally undetectable but increasingly common attacks include cryptojacking, in which a threat actor puts a cryptocurrency algorithm on a device and hijacks your computer power to mine cryptocurrency for their own gain. Insider threats, too, can be especially hard to track down by normal means, and they remain one of the biggest challenges to security. All these attacks involve difficult-to-detect abnormalities that AI-driven security tools would likely pick up on—even when other security tools don’t.
Recognize that not all AI is created equal
AI is popping up everywhere, both in security and other areas of IT. How can you know what type of AI or machine learning security tool is the real deal? Zoldjalali suggests avoiding ones offering AI as a bolted-on feature—you want something with AI at its core. Think about usability, too—will you need a mathematician to interpret the data? Finally, find out how far the tool goes and how much of your network it’ll truly protect.
If you’re not sure your organization is completely ready to embrace AI at this level of sophistication, you can still take advantage of smarter devices to support your cybersecurity strategy. For example, modern printers are intelligent endpoints that can thwart attackers who try to gain entry to your network by continuously monitoring for unusual code and automatically restarting if they detect any.
Technology is evolving rapidly, and hackers are getting their hands on advanced technologies almost as fast as they come out. The good news is innovative technology can be utilized by the good guys, too. AI is one of many technologies poised to change the way IT approaches security for the better. By staying up to date on how to protect against cyber attacks with cutting-edge tech, you can ensure your organization won’t be taken unawares.
Looking for more coverage of the iTech Conference in Toronto? Stay tuned for a follow-up piece on Tektonika, coming soon, and click “subscribe” at the top of the page to be kept in the loop on more IT insights.