Justin Fier, Director of Cyber Intelligence and Analytics at Darktrace, explains why we need to augment the human response to defend against future threats
As a result of the COVID-19 pandemic, our digital environments have become more dynamic – and more complex – than ever before. The mass shift to remote working saw entire organizations flock to cloud-based platforms such as Zoom, Microsoft Teams and VPN services, which means critical business data is now spread well beyond the perimeter of traditional on-premise networks.
At the same time, the pandemic has fueled a major cybercrime wave. There’s been a huge increase in spoofing and spear-phishing attempts using COVID-themed emails, ransomware has become more prevalent than ever, and there seems to be a new high-profile data breach on an almost daily basis.
No corporation is immune to this new threat landscape we operate in, and as a result, CSOs are being forced to rethink their approach to cybersecurity. Static, legacy approaches have become redundant against sophisticated, fast-moving threats, and attackers that continue to evolve their techniques.
Speaking at CISO US Live, Justin Fier, Director of Cyber Intelligence and Analytics at Darktrace, says new technologies like artificial intelligence (AI), which can detect, investigate, and respond to cyber threats in real-time, are needed to protect workforces and data from attack.
The New Era of Cyber Attacks
With the COVID-19 pandemic fueling a rise in advanced cybercrime, and with organizations broadening their attack surface because of the shift to fully remote and hybrid working, we are entering the ‘new era of the cyberattack’, according to Fier.
This ‘new era’ has already witnessed the unprecedented SolarWinds attack, which saw hackers breach the IT monitoring firm’s ORION platform to spread malware to more than 18,000 companies and government agencies in the US. It has also ushered in a wave of attacks targeting healthcare organizations critical to the COVID-19 response, such as the catastrophic hack of the Irish health service that forced the organization to shut down its systems.
“The growth in cyber-attacks is exponential,” says Fier. “The rate at which zero-days are being dropped is almost daily at that point, and the attackers are getting smarter and faster.”
This brings with it uncertainty for CSOs, who can no longer rely on years-old tools and protocols to protect their organizations’ networks. No longer can historical data be used to predict what the future is, nor do organizations have the luxury of being able to withstand days of potential downtime.
“In some industry verticals, being down for an hour can cost millions in revenue and wipe entire businesses out,” Fier says. “So, we need to look at precise responses. If you’re doing security today, the same way you were doing it five years ago, you’re already far behind.”
Augmenting Human Response
To ensure networks are protected against the growing wave of cyber threats – along with the future threat of offensive AI, which 88% of businesses fear will become mainstream – we need to augment the human response, according to Fier.
“If you think you’re going to put humans up against AI, good luck. It needs to be AI against AI,” Fier says. “We need to start thinking of a new generation of tools and we can’t simply base our learning off historical attack data. Attackers change their tactics and they’ve automated that process.”
Fier believes that technology like autonomous cyber-AI will be critical for businesses to defend against both current and future cyber threats.
“Self-learning, unsupervised machine learning grows with the network, moves with the network, and adapts just as your network is,” Fier explains.
He continues: “You’ve got the enterprise immune system showing you all of these strange things that you didn’t know were happening; protocols being used in an insecure way, developers doing things they shouldn’t be doing, or IoT devices you didn’t even know you were installed.”
This is simply not something that can be done by human teams, as organizations need to react to potential threats faster than ever before.
“Autonomous response has got to act faster than human teams,” says Fier. “We can’t talk in terms of days or weeks anymore; we need to be talking in terms of minutes.”
“We get to free up the human teams to focus on what matters and get them back to the job that we hired them for,” he concludes. “Augmenting humans with platforms and tools that can do that is key.”