How artificial intelligence can fight cyberattacks
Source – https://www.fortuneindia.com/
Traditional network security tools have become outdated in the face of sophisticated cyberattacks. Our cybersecurity strategies should embrace latest technologies, such as A.I. and machine learning.
For many years, traditional network security tools such as firewalls, anti-virus software, web proxies etc. have been the go-to defences for organisations. While these tools were effective to a certain extent in the past, the dramatic changes brought to the digital world by “Industry 4.0,” over the last decade, has seen a dynamic shift to the cyber-threat landscape thereby reducing the effectiveness of these traditional tools.
As we continue to embrace digital revolution in all aspects of our life, the threat to the cybersecurity landscape is only increasing with each passing day. Cybercriminals, today, are using cutting-edge technologies to launch destructive cyberattacks on large corporations that have far-reaching consequences as was seen in the case of Adobe and Equifax, and India being at the forefront of digitization has become the prime target for cyber criminals. In fact, as per the Acronis Cyber Readiness Report of 2020, India is reporting more cyberattacks than any other country in the world.
From an organisational perspective, apart from loss of critical information, financial losses, reputational damages and disruption in operations, in most cases, it becomes impossible to identify the intensity of the cyberattack, and the amount of data that was actually compromised often remains unknown. This was witnessed even recently when hackers launched attacks on multiple Indian pharmaceutical companies where, till date, there is no visibility on the degree of attack and the nature of data that was compromised.
Cybersecurity is a critical aspect for all organisations today. Unfortunately, most businesses are not adequately equipped to handle these complex cyber threats simply because they continue to rely on traditional techniques. They do not possess the high-end tools required to quickly identify and recover from threats which, if adopted, can go a long way in ensuring cybersecurity. For instance, a study conducted by Cisco in 2019 revealed that A.I. based tools can identify up to 95% of threats faced by an organisation. That being the case, for a country that thrives on information technology, it is critical that organisations transition from traditional solutions to technologically advanced solutions at the earliest.
While talking about technologically advanced solutions, organisations should start depending more on artificial intelligence (A.I.) based tools. Unlike traditional techniques that neutralize the effect of vulnerabilities only upon the identification of the same, the approach becomes very different with the aid of A.I. and machine learning enabled tools. A.I.-based systems are proactive in detecting vulnerabilities since they can analyse patterns and discover loose ends beforehand thereby enabling organisations to take preventive action before they are even affected with a security incident.
For instance, A.I. techniques like “User and Event Behavioural Analytics” can be used to analyse baseline behaviour of accounts and identify anomalous behaviour that might signal a zero-day cyberattack. This can protect organizations even before vulnerabilities are officially reported. An A.I. vendor named ‘Darktrace’ provides a software that utilises A.I. to understand the behaviour of each user, and the software automatically sends out an alert if there is a vital deviation from the normal baseline behaviour. Additionally, apart from using A.I. enabled solutions, organisations should also adopt simple measures like the use of a multi-factor authentication (M.F.A.) process to secure their systems. MFAs can help prevent some of the most common types of cyberattacks, including phishing, brute force and man-in-the-middle attacks.
It is important to remember that hackers are only becoming sophisticated by the day. It is not sufficient to simply introduce tools that ensure cybersecurity. It is equally important that organisations constantly understand the loopholes in their security systems and take measures to fix the same. For this purpose, organisations such as Tesla, Google etc. are increasingly turning to crowdsourced security measures, such as bug bounty programs, to find loopholes in their security systems, by hiring ethical hackers. In fact, many organisations are substituting their traditional penetration testing efforts with crowdsourced security measures since they offer a plethora of benefits including the ability to identify and fix vulnerabilities faster, paying for valid results rather than effort or time and varied expertise of hackers.
However, these techniques, be it A.I. enabled tools or crowdsourced security measures, can never work in isolation no matter how advanced they are. The effectiveness of the cybersecurity architecture of an organisation ultimately depends on the over-arching security model. This security model, thus, should not focus on tools that are merely reactive in nature. Instead, the overall security model should comprise of tools that prevent, predict, detect, and respond to threats in an efficient manner, and this is where the concept of adaptive security architecture comes to play.
Adaptive security, the buzz word in recent times, is an approach that analyses behaviours to protect against and adapt to threats even before they happen. Adaptive security architecture (ASA) is a concept and there are no pre-defined techniques on what constitutes ASA. Thus, organisations have the flexibility to introduce curated techniques (such as A.I.-based tools) so long as such techniques are able to predict, prevent, detect and respond to threats (elements of ASA) in a timely manner. For example, an implementation of ASA is the Emsisoft anti-malware that monitors the behaviour of all active programmes and sends out an alert if suspicious behaviour is detected. As opposed to focusing on preventive measures, ASA is built on the foundation of a more responsive, receptive and real-time outlook when protecting an organisation’s security systems.
While organisations can enforce technologically advanced protocols for ensuring cybersecurity, the role of personnel can never be ignored. Human error has a well-documented history of causing data breaches. This was seen when Equifax’s system was compromised for two whole months simply because of an oversight by the IT team. According to the UK Information Commissioner’s Office, human error was the cause of approximately 90% of data breaches in 2019. This only implies that cybersecurity is a top-down approach. Every single employee, from the CEO to the supervisor, plays an important role. That being the case, it is important that employees understand what they can do to protect the company’s digital assets, how to avoid falling for cybersecurity attacks, and who they should report potential incidents to.
On a concluding note, as India moves towards a five trillion dollar economy and with the IT sector leapfrogging through multiple stages of development faster than many western economies, there is an imminent need for organisations to invest in advanced technologies and personnel training to ensure a watertight cybersecurity architecture.
Views are personal. Bhushan is Partner and Chennai head, Shardul Amarchand Mangaldas & Co and Viswanat is Associate, Shardul Amarchand Mangaldas & Co.