Bringing AI to the Security Fight: Augment the Security Team and Disrupt Machine-Speed Attacks
August 12, 2020
by Marcus Fowler*
Companies around the globe are increasingly facing the devasting impacts of cybersecurity breaches. Ransomware, which infiltrates companies without being seen and then locks down files incredibly quickly, is now a commonly used attack method. Ransomware attackers are evolving their tradecraft as well; some will stay on a victim’s network a little longer to snatch sensitive data that can be used as leverage, not to expedite payment, but to increase the amount demanded. The most recent attacks by different ransomware groups, against Garmin and Canon, are just the latest examples. Security teams are outpaced by automated threats like these, which require sophisticated defenses and artificial intelligence (AI) to respond instantaneously when they strike. The Wannacry ransomware in 2017 was an example of one such fast-acting attack – and it was consistently and successfully stopped for those using AI.
Another more recent example happened in May of this year. Blackbaud, a publicly traded software company providing management to academic institutions as well as other “social good organizations,” detected a data breach in May and in July, two months later, notified customers of the breach. They were forced to pay the cybercriminal’s demand and although Blackbaud has said the cybercriminals had provided confirmation that the stolen data was destroyed, criminals cannot be trusted to keep their word. Even if credit card and financial details were not stolen, the attackers could have accessed valuable personal information – including email addresses and passwords – that can be used in future spear-phishing attacks.
Ransomware’s efficacy is mostly due to its speed – once initiated it can simply move faster than security teams can respond. Combined ransomware losses totaled $381 million in the last year for just 350 firms according to Hiscox. To effectively combat ransomware attacks and other machine-speed attacks, organizations need machine-speed defenses as well. These defenses don’t need to wait for humans to step in and identify a ransomware attack – they will neutralize the attack at the earliest signs of the threat. Many groups of attackers will deploy ransomware over the weekend when the IT team is slowest to react and the company is least resilient to a cyber-attack. Factor in today’s realities, with all the anxieties and distractions, and attackers don’t even really need to wait until off-hours. If a security team is working alongside the right technology, it shouldn’t make a difference when or where an attack happens.
Thinking Differently About Defense and Security
We need to begin thinking differently about defense and security. Instead of focusing on predicting the threat, companies should be monitoring devices, users and data for the earliest signs of abnormal activity. This technique not only allows businesses to detect threats that have never been seen before, but also identify threats in their earliest stages before damage is done. Security teams are notoriously understaffed since there is a skills shortage in the industry, but even if security teams are properly staffed, humans fundamentally are not able to keep pace with the speed and scale of today’s attacks. Even an organization with a large, 24/7 security team can’t detect, investigate and stop an emerging ransomware attack within minutes like AI can.
Self-learning AI and response neutralizes emerging ransomware without relying on rules or threat signatures, so it can identify novel strains of ransomware. It can also respond to attacks in real-time, making it possible for human analysts to leave their desks and trust that the AI will take their place. AI has also proven that it can be trained to investigate ransomware incidents and pull together all the key information needed to remediate the situation, saving security teams time for more strategic operations.
The solution is clear: Organizations must bring AI to the fight against machine-speed attacks.
AI has already proven it can handle many of the processes involved in fighting cyber-threats: It can scan a computer network, investigate potential threats and produce human-friendly fully triaged written reports. AI is doing this nine times faster than any human could and investigating over 1 million security events per week. There are certain things that AI will never be able to do, like handle common-sense problems, think critically, understand leadership guidance and mission priorities, or use emotional intelligence. These tasks will always require a human touch, but there are certain things that AI can and should do. Security is a picture-perfect example of an industry where we should welcome machines to augment our critical, but limited, human experts.
* Marcus Fowler, Director of Strategic Threat at Darktrace, spent 15 years at the Central Intelligence Agency (CIA) developing global cyber operations and technical strategies, until joining Darktrace in 2019. He has led cyber efforts with various US Intelligence Community elements and global partners and has extensive experience advising senior leaders on cyber efforts. He is recognized as a leader in developing and deploying innovative cyber solutions. Prior to serving at the CIA, Marcus was an officer in the U.S. Marine Corps. Marcus has an engineering degree from the United States Naval Academy and a Masters’ degree in International Security Studies from The Fletcher School. He also completed Harvard Business School’s Executive Education Advanced Management Program.
Click here to continue to read Nonprofit & Government Times, August 2020.
