Redefining cyber security with man & machines
By Bill Chang, CEO of Group Enterprise, Singtel
Our digital economy is rapidly evolving with more enterprises introducing new and more efficient ways of doing business while building their innovation capabilities. As our digital footprint expands, the risk of cyber-attacks and breaches against many enterprises is fast rising. Take the worldwide cyber-attack in May this year, caused by the WannaCry ransomware which affected more than 230,000 computers in 150 countries. The ransomware disrupted healthcare providers and crippled emergency room operations at U.K. hospitals. A number of global logistics firms and shipping lines were also affected, causing them to go manual and use spreadsheets to run their businesses for weeks. That adversely impacted overall productivity. In September, Equifax, a US-based consumer credit scoring firm, lost the personal identifiable information (PII) of 143 million Americans. The unprecedented cyber-attack compromised the personal data of half the US population, triggering a management shake-up and calls for a Congressional inquiry.
All these alarming developments in cyber security breaches create significant challenges in cyber defence. Clearly, organisations can no longer depend on the traditional ways of handling critical information security that primarily rely on cyber security personnel. We currently lack more than one million cyber security professionals globally. This problem will worsen over the next few years as global demand outstrips supply of well-trained cyber security professionals. Cyber hackers also have much more sophisticated capabilities that utilise resources like advanced computing and automation which allow them to launch new malware strains at record pace and being introduced at more than a few hundred thousand strains a month globally.
With the fast-paced development of cyber malware, a number of legacy defences would prove ineffective against these attacks. Compounding this challenge, the amount of data and "surface area" that the cyber defenders have to secure are exponentially increasing as more and more businesses become digital and devices get increasingly interconnected.
With the fast-paced development of cyber malware, a number of legacy defences would prove ineffective against these attacks
Innovations in cyber defence now include the combined use of cyber analytics, automation and even the use of Artificial Intelligence (AI) to augment capabilities of cyber security defenders so they can stay ahead of the cyber attackers. The use of cyber analytics allow organisations to analyse billions of events every day to identify the key events that need to be investigated in-depth, real-time, and at a much quicker pace. That’s in contrast to the traditional way of relying on cyber professionals who manually analyse the volume of data that need to be investigated at regular intervals. The automation of cyber threat correlation and responses look promising, based on what has been uncovered through advanced data analytics. Being able to respond much faster to cyber threats is crucial as this will enable organizations to narrow the gap between identifying the threat and launching the necessary counter measures, thereby reducing the loss of critical information.
AI through machine learning holds great promise in the field of cyber defence. Machines that continuously learn from cyber attacker patterns, user behaviour anomalies and are able to launch rapid counter measures with greater speed and scalability with the use of AI will be one of the hallmarks of the cyber defence going forward. The rapid deployment of machines in cyber defence, whether be it in cyber analytics, automation and the use of AI, however, cannot replace the cyber professional, the key link at the heart of it all. The key question is what are new skill sets needed by cyber professionals to stay relevant in the world where cyber threats evolve so rapidly? There definitely is a continuous need to upgrade the skills of the cyber defenders while machines take on a number of tasks traditionally done by humans. Companies have to continuously develop and hone the skills of their cyber defenders to higher value added areas like incident response, consulting, smart automation development, and analysis of the big data gathered.
In 2016, the average time when cyber defenders identify a cyber-breach within their companies was about 200 days with another 90 days to put in the necessary counter measures in place. This is still too slow as significant critical data would have already been lost within days between the time the breach is detected and the mitigation response is made. In the case of Equifax, the company lost the PII data of half the US population in about 60 days. It is hoped that with well-trained cyber professionals using global threat telemetry, cyber analytics, automation, and AI as "force multipliers" would help reduce the cyber threat detection and response time to minutes, strengthening overall cyber defences, and giving the industry a more sustainable approach to combating future cyber-attacks.