In the heat of battle, it’s hard to separate the signal from the noise—a phenomenon that’s known as the “fog of war.” This is what’s happening in field of cybersecurity now. Amid all the noise of the presidential election, the actual and the rumored hacking, a vital signal is being missed: the fact that there is a dramatic shift in cyber attacks.
As a veteran of the cybersecurity market, I’ve worked with a lot of young and mature companies to help shape their security plans into battle-ready solutions. And it has been a busy few decades—because ever since the dawn of e-commerce, companies have been playing catch-up with ever more sophisticated, malicious and insatiable adversaries.
Fortunately, there are startups arising with cutting-edge security innovations to combat cyber attackers. Many are embracing a dual approach that includes using defensive technologies, as well as new offensive tactics like predictive AI technologies. We certainly need them.
Cyberwar: The Early Years
Early cyber attacks typically involved hackers writing viruses for fun and for the challenge of it. An employee gets a virus, his system freezes, a naughty message appears on his screen and IT has to come out and wipe the PC clean. Ha-ha, you got me. Fixing the glitch slowed work but these early attacks didn’t involve massive information theft. Solutions were simple: throw antivirus at the problem and let the good and bad geeks fight it out.
Attacks evolved significantly; hackers began using malware to steal credit card numbers, Social Security numbers and even medical data for a quick profit. Those breaches resulted in lost information as well as serious financial damage. In addition to the cost of IT fixes are credit monitoring costs, consultant fees, regulatory penalties and other charges. Here, the solution was actuarial: throw regulations and cyber insurance at the problem and tell the board you’ve managed our risk.
But now the game has changed and it will only get worse. It already has. Attacks now can cost tens of millions of dollars and even lead to ransom scenarios. More recently, breaches from nation-state attacks had potentially political and economic impacts. We can expect attacks to become more complex, and most companies aren’t ready to deal with them.
Here’s a recent example that sounds like science fiction but is becoming all too common: An attorney at a large law firm that services one of the largest global banks receives an email with a malware-infected attachment. He opens the document and the malware later steals his network credentials. The hacker immediately uses those to create several new accounts, and adds those to privileged system admin groups. Over the next few months, the hackers use those admin accounts to read files, emails, and other communications between the lawyers and the bank. The attackers can trade ahead of deals, and gather enough information to cause major damage. And yet, they are never detected, since all security technologies in place only see valid employees doing valid work activities. But billions of dollars in bank activities are at risk.
The stakes really are that high—and we need drastically improved security tools to take on modern cyber attacks, which are coming fast and furious. They’re hard to detect and may persist for years. At the end of 2015, Kaspersky Lab reported that a group of Russian hackers had stolen over $1 billion from global banks over a period of three years. In May 2016, hackers stole $13 million from ATM machines in Japan in the space of three hours.
An intelligent defense against cyberattacks
A December 2016 McAfee Labs Threats Report revealed that 93 percent of 400 security professionals said their organizations are overwhelmed by threat alerts and are not able to triage all relevant threats.
To address the blizzard of threats, companies need comprehensive and predictive approaches. These approaches need to handle shades of gray and evaluate risk along a spectrum. They need to learn and adapt by piecing together evidence that might not be self-evidently connected, an approach known as establishing the complete “attack chain.”
Accordingly, we’re now seeing a shift from defensive security practices to more predictive AI-powered security approaches. And while many companies claiming to have such advanced security techniques are still deploying static solutions, we are seeing some startups with more dynamic approaches to detection of and defense against cyber attacks. Companies like Exabeam are focusing on behavior and others like Shape focused on thwarting malicious automated attacks. This is the next generation of security companies, those that are leveraging automated machine learning and AI methods to combat the next level of breaches, spear-phishing and ransomware campaigns.
A Treatment, Not a Cure
New AI techniques give us methods to address a wide range of security concerns. AI-driven security is well equipped to handle probabilities, behaviors and connections. But AI isn’t a panacea on its own. It must be augmented with judgment.
AI plus human experts is the only path to success in this new phase of security. But it will not be a cakewalk. At the end of last year, the Cybersecurity Business Report, a Palo Alto-based research center, said 2016 saw 0 percent unemployment in the cybersecurity field and 1 million jobs unfilled. Translation: those already in the industry are overloaded and will become more so.
The best way to amplify this scarce and precious expertise is to combine it with AI and deep-learning capabilities to help make sense of the river of data flowing within every large organization. We should embrace, not fear, the machine when it comes to protecting our information.
A problem we face today in cybersecurity is that companies have been working within a set of rules for basic machine learning and automation, while hackers live and breathe the mantra that “rules are meant to be broken.” But the next generation of innovative security companies will, I hope, fulfill the promise of AI methods without limits. These will be the companies that will be able to battle and beat the new wave of attackers. And at the center of their success will be AI.
The views expressed by contributors are their own and are not the views of The Hill.