Article

Why innovation is central to cybersecurity

Constant and rapid evolution of cyberthreats means cybersecurity providers and organisations must continually innovate their technology and processes

By Tim Ferguson

Fri 23 Nov 2018 @ 10:52

It’s widely acknowledged that cyberthreats are constantly and rapidly evolving. Cybercriminals are working harder than ever to overcome both the increasing sophistication of cybersecurity defences and the fact that employees and consumers are generally becoming more savvy when it comes to security.

The evolution of distributed denial of service (DDoS) attacks to include ‘burst attacks’ and the increasing proliferation of account takeover fraud are just two examples of how cyberthreats are constantly changing.

Then there is the rise of targeted ransomware attacks, in which crime gangs go after specific organisations, along with mobile and zombie ransomware, in which strains of malware thought to be extinct are resurrected and equipped with new methods of attack. Ransomware-as-a-service, where criminals purchase and customise existing ransomware, is also becoming more prevalent.

At the same time, the technology used by organisations is changing, opening up new risks. Take the Internet of Things, for example, in which thousands of new devices – from security cameras to smart meters – are being connected to the internet and company networks. These connected devices all present additional routes for cyberthreats to penetrate corporate networks.

Cybersecurity has to evolve – and at pace – if it is to keep up with these changes taking place. This means making use of emerging technology to minimise the damage resulting from compromises. And the cybersecurity industry is doing just this.

If new threats are to be countered, a degree of anticipation is needed, something that artificial intelligence (AI) can help with.

Using real-time analytics, AI prevents attacks from known sources or those with recognised software signatures by autonomously isolating systems or users that have been compromised. AI can also be used to spot threats that are sitting on company networks before they are activated, saving many hours of work to restore systems and mitigate any damage done.

AI is complemented by machine learning, which allows security systems to be taught context. With this context in place, AI enables systems to use various types of data to create a ‘whitelist’ of normal behaviour for individual organisations. Any activity that falls out of the norms can then be responded to.

Both AI and machine learning feed into automation technology, which can automatically contain threats by shutting down systems or locking down user accounts to allow security analysts to investigate them properly. Automation helps security teams deal with the sheer number of threats, reducing the likelihood of alarm fatigue and missed threats.

The potential for data lakes to boost cybersecurity is also being investigated. These enable a vast range of raw data to be pulled together and stored in its original format. Analytics tools can then work across data that may not have been associated before, generating new insights for security teams. Data lakes can also be quickly scaled to accommodate a rapid influx of data from a corporate network if, for example, a cyberattack is taking place.

Similarly, cloud computing is likely to play greater role by providing storage and processing power to make sense of the ever-growing volume of security data being produced.

The cybersecurity industry is working hard to evolve its products and services to keep up with the rapidly-changing cyberthreat environment. This, in turn, ensures that organisations are more able to defend themselves from the onslaught of cyberthreats.

But the industry can’t afford to take its foot of the gas in this continuous battle to try and prevent cybercriminals gaining the upper hand.