It’s already been a busy year for cybersecurity, as U.S. President Barack Obama warned NATO allies last weekend to closely monitor their impending elections for the kind of suspected Russian hacking that afflicted the latest U.S. presidential election. And last week top U.S. intelligence directors testified about those hacks at a Senate hearing, where topics included ever more sophisticated cyber-attacks and the growing need to fortify American cybersecurity strategy.
“Criminals are fighting a 21st century war, attacking our critical infrastructure and financial systems using unconventional techniques, while we defend ourselves with antiquated methods,” The Hill stated last week. “All the passwords, tokens and other forms of strong authentication are meaningless if a person is tricked into handing over their credentials, inadvertently installs rogue software on their device that performs certain actions, or unwittingly gives a criminal access to their machine or account.”
These cybersecurity fundamentals have certainly become a failure point, and the unrelenting escalation of cyber-attacks has prompted the Federal Reserve, FDIC and others to propose new standards for cyber-risk management, according to The Hill. In the meantime, some organizations are turning to technology for protection.
Machine learning -- along with solid fundamentals -- will likely be a key component of reliable cybersecurity in 2017.
Machine Learning to the Rescue
High-tech cyber-defense will place a new emphasis on detecting attacks, as opposed to simply preventing them, according to Nextgov, which tracks how technology and innovation transform government agencies. Machine learning could see a lot wider adoption -- and greater success against cyber-attacks -- this year.
“It’s clear [that] hackers have refined their art, and are outpacing enterprise security defenses,” Nextgov stated last month. “Machine-learning based solutions ... will become more mainstream in 2017, as companies seek to become smarter -- and faster to identify and respond to threats.”
Behavioral analytics, for instance, could help organizations use their own data to identify suspicious behavior within automated processes, such as verifying identities and machine-to-machine interactions, according to Nextgov. Based on successful interdictions, machine learning would then improve flexibility and efficiency in managing, investigating and responding to new threats.
But today’s machine learning won’t be enough.
Machine Learning New Tricks
To maximize detection efforts, technology must move beyond the common pre-execution machine learning, which only analyzes files before they run, according to the Government Technology Agency of Singapore. In contrast, high-fidelity machine learning analyzes files before andduring execution, when malicious code often reveals itself.
“This allows systems to study malicious files in greater detail to better anticipate future threats,” security software provider Trend Micro’s Dhanya Thakkar stated in GovTech last month. “To reduce false positives, high-fidelity machine learning utilizes noise-cancellation techniques ... [that] identify known data and applications so that detection technologies can divert precious IT resources into scanning for unknown threats.”
This forward-looking technology has a lot of potential when employed alongside other measures to secure e-mail, mobile and other assets, according to Thakkar. But, as high-fidelity machine learning goes mainstream, cyber-criminals will continue looking for ways to defeat it -- and they’re also turning to machine learning.
Up in Arms Race
“Security is an arms race, and cybercriminals are fine-tuning their methods with the help of machine learning,” McAfee Labs’ 2017 Threats Prediction stated. “It is clear that a considerable amount of research is conducted before the attacks are initiated ... [and] we believe that cybercriminals are leveraging machine learning to target victims for BEC and similar scams.”
Business Email Compromise (BEC) “and similar scams” involve social engineering, in which cyber-criminals trick their victims into handing over confidential or private information -- or money. These cyber-scams are increasingly sophisticated in order to improve the likelihood of their success; this includes timing attacks to correspond with the mark’s business travel.
“Tools to perform the complex analysis behind target selection are readily available, and there are a plethora of public sources of data required to build and train malicious machine learning algorithms,” McAfee stated. “Looking to 2017 and beyond, we might even see purveyors of data theft offering ‘Target Acquisition as a Service’ built on machine learning algorithms.”
High-tech security solutions can only protect organizations to a point. Likewise, passwords, tokens and other measures only work when users are savvy.
Back to Basics
The fundamentals haven’t changed much.
“If you have anything of value, you have been penetrated,” former CIA and NSA director Michael Hayden said at the SAP Retail Forum 2013. “You’ve got to survive while penetrated -- operate while someone else is on your network, wrapping your precious data far more tightly than your other more ordinary data.”
Going back to the basics won’t solve everything. But it can be a big help.
“Most incidents are not the result of a sophisticated, never-before-seen, unpreventable attack,” Data Privacy Monitor stated last month. “[Often] paying better attention to basic security measures would have prevented the issue.”
In short, there’s still no substitute for good cybersecurity fundamentals, “the passwords, tokens and other forms of strong authentication” that The Hill mentioned. So, as we rightly focus on machine learning and other high-tech forms of protection, we must also remember that diligent, savvy people are often still our best line of cyber-defense.