Monday, 11 February 2019

The Business of Organised Cybercrime

Guest article by David Warburton, Senior Threat Research Evangelist, F5 Networks

Team leader, network administrator, data miner, money specialist. These are just some of the roles making a difference in today’s enterprises. The same is also true for sophisticated cybergangs.

Many still wrongly believe that the dark web is exclusively inhabited by hoodie-clad teenagers and legions of disaffected disruptors. The truth is, the average hacker is just a cog in a complex ecosystem more akin to that of a corporate enterprise than you think. The only difference is the endgame, which is usually to cause reputational or financial damage to governments, businesses and consumers.

There is no way around it; cybercrime is now run like an industry with multiple levels of deceit shielding those at the very top from capture. Therefore, it’s more important than ever for businesses to re-evaluate cybercriminal perceptions and ensure effective protective measures are in place.

Current perceptions surrounding Cybergangs

Cybergangs as a collective are often structured like legitimate businesses, including partner networks, resellers and vendors. Some have even set up call centres to field interactions with ransomware victims. Meanwhile, entry-level hackers across the world are embarking on career development journeys of sorts, enjoying opportunities to learn and develop skills. 

This includes the ability to write their own tools or enhance the capabilities of others. In many ways, it is a similar path to that of an intern. They often become part of sophisticated groups or operations once their abilities reach a certain level. Indeed, a large proportion of hackers are relatively new entrants to the cybercrime game and still use low-level tools to wreak havoc. This breed of cybercriminal isn’t always widely feared by big corporations. They should be.

How Cybergangs are using Technology to Work Smarter and Cheaper

Cybergangs often work remotely across widely dispersed geographies, which makes them tricky to detect and deal with. The nature of these structures also means that cyber attacks are becoming more automated, rapid and cost-effective. The costs and risks are further reduced when factoring in the fluidity and inherent anonymity of cryptocurrencies and the dark web.

The industry has become so robust that hackers can even source work on each link in an attack chain at an affordable rate. Each link is anonymous to other threat actors in the chain to vastly reduce the risk of detection.

IoT Vulnerabilities on the Rise
According to IHS Markit, there will be 125 billion IoT devices on the planet by 2030.  With so much hype surrounding the idea of constant and pervasive connectivity, individuals and businesses are often complacent when it comes to ensuring all devices are secure. 

Significantly, it is easier to compromise an IoT device that is exposed to the public Internet and protected with known vendor default credentials than it is to trick an individual into clicking on a link in a phishing email.

Consequently, it is crucial for organisations to have an IoT strategy in place that encompasses the monitoring and identification of traffic patterns for all connected devices. Visibility is essential to understand network behaviour and any potential suspicious activities that may occur on it.

Why Cybersecurity Mindsets must Change

IT teams globally have been lecturing staff for years on the importance of creating different passwords. Overall, the message is not resonating enough.

To combat the issue, businesses need to consider alternative tactics such as password manager applications, as well as ensuring continuous security training is available and compulsory for all staff.

It is worth noting that the most commonly attacked credentials are the vendor defaults for some of the most commonly used applications in enterprise environments. Simply having a basic system hardening policy that ensures vendor default credentials are disabled or changed before the system goes live will prevent this common issue from becoming a painful breach. System hardening is a requirement in every best practice security framework or compliance requirement.

Ultimately, someone with responsibility for compliance, audit, or security should be continually reviewing access to all systems. Commonly, security teams will only focus on systems within the scope of some compliance or regulatory obligation. This can lead to failure to review seemingly innocuous systems that can occasionally result in major breaches.

In addition to continual access reviews, monitoring should be in place to detect access attacks. Brute force attacks can not only lead to a breach, they can also result in performance impacts on the targeted system or lock customers out of their accounts. As a result, there are significant financial incentives for organisations to equip themselves with appropriate monitoring procedures.

Cybergangs use many different methods to wreak havoc, making it increasingly difficult to identify attacks in a timely manner. Businesses are often ignorant about the size of attacks, the scope of what has been affected, and the scale of the operation behind them. You are operating in the dark without doing the utmost to know your enemy. Failing to do so will continue to put information, staff and customers at risk by allowing cybergangs to operate in the shadows.
David Warburton, Senior Threat Research Evangelist with F5 Labs with over 20 years’ experience in IT and security.

Thursday, 7 February 2019

Is Huawei a Threat to UK National Security?

On 19th July 2018 the UK government, through the GCHQ backed Huawei Cyber Security Evaluation Centre, gave “limited assurance” that Huawei poses no threat to UK National Security. Since then the UK, EU, and NATO member government politicians and security services have all raised concerns about the nation-state cyber threat posed by the Chinese telecoms giant Huawei. 

There has been particular political unease around the Huawei provision of network infrastructure devices (i.e. switches and routers etc.) within the UK national infrastructure, devices which controls network traffic and capable of accessing the data that traverses them. Huawei has been operating in the UK market for 18 years, whether its their smart phones or a network devices, Huawei products are generally far cheaper than their competitors' equivalents. This has led to major telecoms providers such as BT, purchasing and implementing Huawei network devices within their telecommunications infrastructure and data centres, some of which are regarded as critical components within the UK national infrastructure. As such, Huawei has been subject to unfavourable security scrutiny, which has recently spilt out into political and media arenas. 


Huawei has always denied its products poses a threat, and there is no evidence of any malicious capability or activity publicly disclosure by any UK intelligence agencies or cyber security firms. But there is also the Chinese 2017 National Intelligence Law, which states that Chinese organisations are obliged to "support, cooperate with, and collaborate in, national intelligence work".

Three nations in the intelligence alliance ‘Five Eyes’, the United States, Australia, and New Zealand, have effectively prohibited the installation of Huawei equipment within their generation telecommunications equipment, namely 5G networks. The remaining two members of "Five Eyes", the United Kingdom and Canada, are expected to state their position within the coming months. The UK's National Cyber Security Centre has published warnings about the Chinese company's security standards. Elsewhere, nations including France, Germany and India have expressed their concerns about the use of Huawei equipment within their telecommunications 5G upgrades.


On 4th February, a leaked draft 'Huawei Cyber Security Evaluation Centre' 2019 report, said the issues and findings it had raised previously had not been fully addressed by Huawei, and was critical about the security of Huawei's technology.

Then on 6th February 2019,  a letter sent to MPs by Huawei was published. In it Huawei said it could take up to five years to address security issues raised by the Huawei Cyber Security Evaluation Centre, at a cost of $2bn (£1.5bn) of their own money. The president of Huawei's carrier business group also said the process of adapting its software and engineering processes to meet the UK's requirements was "like replacing components on a high-speed train in motion".

Huawei also made the following points in the letter to rebut the threat allegations,  "Huawei is a closely watched company.  Were Huawei ever to engage in malicious behaviour, it would not go unnoticed - and it would certainly destroy our business. For us, it is a matter of security or nothing; there is no third option. We choose to ensure security." The letter also addressed the Chinese 2017 National Intelligence Law, stating "no Chinese law obliges any company to install backdoors", a position they have backed up by an international law firm based in London. The letter went on to say that Huawei would refuse requests by the Chinese government to plant backdoors, eavesdropping or spyware on its telecommunications equipment.

The ball is now in the UK government's court, in the next couple of months we shall see if the UK Gov bans Huawei or continues to work with them to help assure the implied national security threat of their products. A ban could well result in Huawei pulling out of the UK market altogether, taking their billions of pounds of investment with them, and would likely negatively impact post Brexit trade deal negotiations between the UK and China, so we can expect the situation to become even more political in the short term.

Huawei Threat News Timeline

Who are Huawei?

  • Chinese multinational conglomerate which specialises in telecommunications equipment, consumer electronics and technology-based services and products.
  • HQ in Shenzhen, Guangdong
  • Founded in 1987 by Ren Zhengfei, a former engineer in the People's Liberation Army
  • Largest telecommunications-equipment manufacturer in the world
  • Overtook from Apple in 2018 as the second-largest manufacturer of smartphones in the world
  • 72nd on the Fortune Global 500 list
  • 180,000 employees
  • Chinese military remain an important customer for Huawei
  • Invests Billions into R&D around world
  • 3 Billions Customers Globally
  • Operating within the UK for 18 years
  • Made a five year commitment (2018 to 2023) to invest £3 billion in the UK.
  • Allegations its equipment may contain backdoors to allow unauthorised surveillance and/or data theft by the Chinese government and the People’s Liberation Army
The 5G Evolution
Mobile networks are changing with the arrival of 5G and the impact of this change will be felt across the industry. Adrian Taylor, regional VP of sales for A10 Networks, provides the follow insight about the impact of 5G on the market and how it will change the enterprise world.


5G and the Evolution of Mobile Networks
Fifth generation networks, just like the preceding 4G LTE and WiMAX networks, are expected to greatly increase available bandwidth, with improved end-to-end performance providing a better end-user experience. In the most basic of terms, 4G LTE was the long-term evolution of Radio Access Networks (RAN); 5G is the next iteration.
Wireless carriers have invested billions into their networks to support the ongoing demand for faster network speeds. They must look for ways to increase revenue while delivering more value to the end user. This continues to drive new devices into the hands of the consumer. The demand for increased efficiencies, bandwidth, and coverage has pushed carriers towards a decentralised deployment model.

Network Virtualisation Remains in The Early Stages
Service providers monitor and review technology for advancements that will help deliver faster and less expensive networks. Recently, they have looked into areas of Network Function Virtualisation (NFV) and automation to support their advancements. Mobile network operators are investing heavily in reducing delays and errors through repetitive processes as they build and add capacity to existing 4G networks.

Virtualisation and Software Defined Networks (SDN) improvements are driving a shift from hardware to software. SDN is promising, but it’s not an instant solution, as purpose-built hardware still remains the preferred choice. NFV and SDN have offered service providers an alternative to existing methods, including dedicated appliances sitting idle. However, it’s safe to say that the age of virtualisation remains in the early stages.

Hardware manufacturers and service providers are now betting on the acceptance and success of virtualised functions. Software development continues at breakneck speed to meet timelines and demands for more integrated solutions, which easily scale and reduce operational overheads at the same time.

The 5G Revenue Opportunity
5G’s impact is expected to extend beyond the typical mobile network carriers/operators such as Virgin Media, EE, O2, and Sky in the UK and overseas. It promises to enable increased connectivity and flexibility, that will drive additional functions throughout all supportive components of a mobile carrier’s network.
RAN access providers face the question of how to support the ever-increasing appetite for cutting the cord. How can we use our mobile devices in more ways than previously thought, as the end user goes about their daily tasks? This mobility, whether it’s tied to a carrier’s technology or even a simple Wi-Fi home network, reaches all corners of our day-to-day life.
This reach extends from the cloud to the data centre environments and continues to drive capacity needs, supported by both legacy appliances and the ever-increasing virtual environments. This continued appetite for consumption has opened up opportunities for all facets of technology and associated vendors.

5G Mobile Network Evolution
The continued expansion of 5G networks will have a revolutionary impact upon every mobile subscriber and business in the world.
The fundamental market forces of network evolution are not based on wired or wireless infrastructure. Companies are currently focused on upgrading existing mobile networks. Whereas at the exact same time, NFV, SDN and the global IoT industry are all preparing to utilise the next generation of mobile networks.
Software solutions are easier to move from concept to production and frequently offer a lower up-front investment cost. This all adds up to help drive increased functionality for all service providers, including the wired infrastructure.
5G and IoT will be demand-driven. As a result, the more the infrastructure expands to meet that demand, the more opportunities will be uncovered. It’s a positive feedback loop that will revolutionise how we think of the internet.
Get ready for a world that will be changed forever with the next generation mobile networks on the horizon.

Wednesday, 6 February 2019

Customers Blame Companies not Hackers for Data Breaches

RSA Security latest search reveals over half (57%) of consumers blame companies ahead of hackers if their data is stolen. Consumer backlash in response to the numerous high-profile data breaches in recent years has exposed one of the hidden risks of digital transformation: loss of customer trust.

The RSA Data Privacy & Security Survey 2019 identified that companies have lost the trust of customers as a disconnect has formed between how companies are using customer data and how consumers expect their data to be used.

Despite the fact that consumers harbour heightened concerns about their privacy, they continue to exhibit poor cyber hygiene, with 83% of users admitting that they reuse the same passwords across many sites, leaving them more vulnerable.

Key takeaways from the RSA Data Privacy study, include:

  • Context matters: Individuals across all demographics are concerned about their financial/banking data, as well as sensitive information such as passwords, but other areas of concern vary dramatically by generation, nationality and even gender. For example, younger demographics are more comfortable with their data being used and collected than older survey respondents. 
  • Privacy expectations are cultural: Consumers respond to data privacy differently based on their nationality due to cultural factors, current events and high-profile data breaches in their respective countries. For example, in the months of the GDPR being implemented, German attitudes shifted in favour of stricter data privacy expectations, with 42% wanting to protect location data in 2018 versus only 29 percent in 2017.
  • Personalisation remains a puzzle: Countless studies have demonstrated that personalised experiences increase user activity and purchasing. However, the survey results showed that respondents do not want personalized services at the expense of their privacy. In fact, a mere 17% of respondents view tailored advertisements as ethical, and only 24% believe personalisation to create tailored newsfeeds is ethical. 
“With a growing number of high-profile data breaches, questions around the ethical use of data and privacy missteps, consumers increasingly want to know how their data is being collected, managed and shared,” said Nigel Ng, Vice President of International, RSA. “Now is the time for organisations to evaluate their growing digital risks, doubling down on customer privacy and security. Today’s leaders must be vigilant about transforming their cybersecurity postures to manage today’s digital risks in a way that ensures consumer trust and confidence in their business.

Tuesday, 5 February 2019

Automotive Technologies and Cyber Security

A guest article authored by Giles Kirkland
Giles is a car expert and dedicated automotive writer with a great passion for electric vehicles, autonomous cars and other innovative technologies. He loves researching the future of motorisation and sharing his ideas with auto enthusiasts across the globe. You can find him on Twitter, Facebook and at Oponeo.


Automotive Technologies and Cyber Security
Surveys show that about 50% of the UK feel that driverless vehicles will make their lives much easier and are eagerly anticipating the arrival of this exciting technology. Cities expect that when driverless car technology is fully implemented, the gridlock which now plagues their streets will be relieved to a large extent. Auto-makers predict that the new technology will encourage a surge in vehicle purchases, and technology companies are lining up with the major auto manufacturers to lend their experience and knowledge to the process, hoping to earn huge profits.



Delays to Driverless Technology
While some features of autonomous technology have already been developed and have been rolled out in various new vehicles, the full technology will probably not be mature for several decades yet. One of the chief holdups is in establishing the infrastructure necessary on the roads themselves and in cities, in order to safely enable driverless operation.

The full weight of modern technology is pushing development along at a breakneck pace. Unlike safety testing of the past, where some real-life scenarios were simulated to anticipate vehicle reactions, high-powered simulators have now been setup to increase the rapidity at which vehicle software can 'learn' what to do in those real-life situations. This has enabled learning at a rate exponentially greater than any vehicle of the past, which is not surprising, since vehicles of the past were not equipped with 'brains' like autonomous cars will be.

The Cyber Security aspect of Autonomous Vehicles
Despite the enormous gains that will come from autonomous vehicles, both socially and economically, there will inevitably be some problems which will arise, and industry experts agree that the biggest of these threats is cyber security. In 2015, there was a famous incident which dramatically illustrated the possibilities. In that year, white-collar hackers took control of a Jeep Cherokee remotely by hacking into its Uconnect Internet-enabled software, and completely cut off its connection with the Internet. This glaring shortcoming caused Chrysler to immediately recall more than one million vehicles, and provided the world with an alarming illustration of what could happen if someone with criminal intent breached the security system of a vehicle.

Cars of today have as many as 100 Electronic Control Units (ECU's), which support more than 100 million coding lines, and that presents a huge target to the criminal-minded person. Any hacker who successfully gains control of a peripheral ECU, for instance the vehicle's Bluetooth system, would theoretically be able to assume full control of other ECU's which are responsible for a whole host of safety systems. Connected cars of the future will of course have even more ECU's controlling the vehicle's operations, which will provide even more opportunities for cyber attack.


Defense against Cyber Attacks
As scary as the whole cyber situation sounds, with the frightening prospect of complete loss of control of a vehicle, there is reason for thinking that the threat can be managed effectively. There are numerous companies already involved in research and development on how to make cars immune from attacks, using a multi-tiered defense system involving several different security products, installed on different levels of the car's security system.

Individual systems and ECU's can be reinforced against attacks. Up one level from that, software protection is being developed to safeguard the vehicle's entire internal network. In the layer above that, there are already solutions in place to defend vehicles at the point where ECU's connect to external sources. This is perhaps the most critical area, since it represents the line between internal and external communications. The final layer of security comes from the cloud itself. Cyber threats can be identified and thwarted before they are ever sent to a car.

The Cyber Security Nightmare
If you ask an average person in the UK what the biggest problem associated with driverless cars is, they’d probably cite the safety issue. Industry experts however, feel that once the technology has been worked out, there will probably be less highway accidents and that driving safety will actually be improved. However, the nightmare of having to deal with the threat which always exists when anything is connected to the Internet, will always be one which is cause for concern.

Monday, 4 February 2019

Cyber Security Roundup for January 2019

The first month of 2019 was a relatively slow month for cyber security in comparison with the steady stream of cyber attacks and breaches throughout 2018.  On Saturday 26th January, car services and repair outfit Kwik Fit told customers its IT systems had been taken offline due to malware, which disputed its ability to book in car repairs. Kwik Fit didn't provide any details about the malware, but it is fair to speculate that the malware outbreak was likely caused by a general lack of security patching and anti-virus protection as opposed to anything sophisticated.

B&Q said it had taken action after a security researcher found and disclosed details of B&Q suspected store thieves online. According to Ctrlbox Information Security, the exposed records included 70,000 offender and incident logs, which included: the first and last names of individuals caught or suspected of stealing goods from stores descriptions of the people involved, their vehicles and other incident-related information the product codes of the goods involved the value of the associated loss.

Hundreds of German politicians, including Chancellor Angela Merkel, have had personal details stolen and published online at the start of January.  A 20 year suspect was later arrested in connection to this disclosure. Investigators said the suspect had acted alone and had taught himself the skills he needed using online resources, and had no training in computer science. Yet another example of the low entry level for individuals in becoming a successful and sinister hacker.

Hackers took control of 65,000 Smart TVs around the world, in yet another stunt to support YouTuber PewDiePie. A video message was displayed on the vulnerable TVs which read "Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!" It then encourages victims to visit a web address before finishing up with, "you should also subscribe to PewDiePie"
Hacked Smart TVs: The Dangers of Exposing Smart TVs to the Net

The PewDiePie hackers said they had discovered a further 100,000 vulnerable devices, while Google said its products were not to blame, but were said to have fixed them anyway. In the previous month two hackers carried out a similar stunt by forcing thousands of printers to print similar messages. There was an interesting video of the negative impact of that stunt on the hackers on the BBC News website - The PewDiePie Hackers: Could hacking printers ruin your life?

Security company ForeScout said it had found thousands of vulnerable devices using search engines Shodan and Cenys, many of which were located in hospitals and schools. Heating, ventilation, and air conditioning (HVAC) systems were among those that the team could have taken control over after it developed its own proof-of-concept malware.

Reddit users found they were locked out of their accounts after an apparent credential stuffing attack forced a mass password invoke by Reddit in response. A Reddit admin said "large group of accounts were locked down" due to anomalous activity suggesting unauthorised access."

Kaspersky reported that 30 million cyber attacks were carried out in the last quarter of 2018, with cyber attacks via web browsers reported as the most common method for spreading malware.

A new warning was issued by Action Fraud about a convincing TV Licensing scam phishing email attack made the rounds. The email attempts to trick people with subject lines like "correct your licensing information" and "your TV licence expires today" to convince people to open them. TV Licensing warned it never asks for this sort of information over email.

January saw further political pressure and media coverage about the threat posed to the UK national security by Chinese telecoms giant Huawei, I'll cover all that in a separate blog post.


BLOG
NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS

Thursday, 31 January 2019

Information Security no longer the Department of “NO”

The information security function within business has gained the rather unfortunate reputation for being the department of “no”, often viewed as a blocker to IT innovation and business transformation. A department seen as out of touch with genuine business needs, and with the demands of evolving workforce demographic of increasing numbers of numbers Millennials and Centennials. However, new research by IDC\Capgemini reveals that attitudes are changing, and business leaders are increasingly relying on their Chief Information Security Officers (CISOs) to create meaningful business impact.


The study bears out a shift in executive perceptions that information security is indeed important to the business. With the modern CISO evolving from that of a responder, to a driver of change, enabling to build businesses to be secure by design. The survey found CISOs are now involved in 90% of significant business decisions, with 25% of business executives perceive CISOs as proactively enabling digital transformation, which is a key goal for 89% of organisations surveyed by IDC.

Key findings from the research include: 

  • Information security is a business differentiator – Business executives think the number one reason for information security is competitive advantage and differentiation, followed by business efficiency. Just 15% of business executives think information security is a blocker of innovation, indicating that information security is no longer the ‘department of no’ 
  • CISOs are now boardroom players – 80% of business executives and CISOs think their personal influence has improved in the last three years. CISOs are now involved in 90% of medium or high influence boardroom decisions 
  • CISOs must lead digital transformation efforts – At present, less than 25% of business executives think CISOs proactively enable digital transformation. To stay relevant, CISOs must become business enablers. They need to adopt business mindsets and push digital transformation forward, not react to it. CISOs that fail to adopt a business mindset will be replaced by more forward-thinking players.
From NO to GO
CISOs have made great leaps forward
  • Focused on making security operations effective and efficient 
  • Engaged with the rest of the business 
  • Seen as key SMEs to the board 
  • Responding to business requests and enabling change
 

CISOs now need to pivot to because business leaders
  • Need to be part of the business change ecosystem
  • Must be seen as drivers rather than responders
  • CISO as entrepreneur and innovator

Monday, 28 January 2019

43% of Cybercrimes Target Small Businesses - Are You Next?

Cybercrimes cost UK small companies an average of £894 in the year ending February of 2018. Small businesses are an easy target for cybercrooks, so it little surprise that around about 43% of cybercrime is committed against small businesses. According to research conducted by EveryCloud, there is much more at stake than a £900 annual loss, with six out of ten small businesses closing within six months of a data breach.

Damage to a small company’s reputation can be difficult to repair and recover from following a data breach. Since the GDPR data privacy law came in force in May 2018, companies face significant financial sanctions from regulators if found negligent in safeguarding personal information. Add in the potential for civil suits the potential costs start mounting up fast, which could even turn into a business killer.  Case in point is political consulting and data mining firm Cambridge Analytica, which went under in May 2018 after being implicated with data privacy issues related to its use of personal data held on Facebook. However, most small businesses taken out by cyber attacks don't have the public profile to make the deadly headlines.

Most big companies have contingency plans and resources to take the hit from a major cyber attack, although major cyber attacks prove highly costly to big business, the vast majority are able to recover and continue trading. Working on a tight budget, small businesses just doesn't the deep pockets of big business. Cyber resilience is not a high priority within most small businesses strategies, as you might image business plans are typically very business growth focused.

Cyber resilience within small business need not be difficult, but it does involve going beyond installing antivirus. A great starting point is UK National Cyber Security Centre's Cyber Essentials Scheme, a simple but effective approach to help businesses protect themselves from the most common cyber attacks. You’ll also need to pay attention to staff security awareness training in the workplace.

Every employee must ensure that the company is protected from attacks as much as possible. It’s your responsibility to make sure that everyone understands this and knows what preventative measures to put in place.

It may cost a few bob, but getting an expert in to check for holes in your cybersecurity is a good place to start. They can check for potential risk areas and also educate you and your staff about security awareness.

We all know the basics, but how many times do we let convenience trump good common sense? For example, how many times have you used the same password when registering for different sites?

How strong is the password that you chose? If it’s easy for you to remember, then there’s a good chance that it’s not as secure as you’d like. If you’d like more tips on keeping your information secure, then check out the infographic below.


Friday, 25 January 2019

The Emergence of Geopolitical Fuelled Cyber Attacks

A new breed of cyberattack is emerging into the threat landscape, fuelled by geopolitical tension, there has been a rise in stealthy and sophisticated cyber attacks reported within recent industry reports. Carbon Blacks 2019 Global Threat Report, released on Wednesday (23/1/19), concluded global governments experienced an increase in cyberattacks during 2018 stemming from Russia, China and North Korea, while nearly 60% of all attacks involved lateral movement.

'Lateral Movement' is where an attacker progressively and stealthy moves through a victim's network as to find their targets, which are typically datasets or critical assets. This is an attack of sophistication, requiring skill, resources and persistence, beyond the interest of average criminal hackers, whom go after the lowest hanging fruit for an easier financial return.


Carbon Black concluded that as 2018 came to a close, China and Russia were responsible for nearly half of all cyberattacks they detected. 

The US and UK government agencies have publicly articulated their distrust of Chinese tech giant Huawei, which resulted in BT removing Huawei IT kit from their new 5G and existing 4G networks last month. UK Defence Secretary Gavin Williamson said he had "very deep concerns" about Huawei being involved with the new UK mobile network due to security concerns. At end of 2017 the UK National Cyber Security Centre warned government agencies against using Kaspersky's products and services, which followed a ban by the US government. Barclays responded by removing their free offering of Kaspersky anti-virus its customers. The UK and US also blamed North Korea for the devastating WannaCry attacks in 2017.

Another interesting stat from the Carbon Black Global Threat Report that caught the eye, was 2018 saw an approximate $1.8 billion worth of cryptocurrency-thefts, which underlines the cyber-criminal threat still remains larger than ever within the threat landscape.

Monday, 21 January 2019

Is AI the Answer to never-ending Cybersecurity Problems?

Paul German, CEO, Certes Networks, talks about the impact and the benefits of Artificial Intelligence(AI) driven cybersecurity. And how AI adoption is helping organisations to stay ahead in the never-ending game that is cybersecurity.

Artificial Intelligence (AI) isn’t going anywhere anytime soon. With 20% of the C-suite already using machine learning and 41% of consumers believing that AI will improve their lives, wide scale adoption is imminent across every industry - and cybersecurity is no exception. A lot has changed in the cyber landscape over the past few years and AI is being pushed to the forefront of conversations. It’s becoming more than a buzzword and delivering true business value. Its ability to aid the cybersecurity industry is increasingly being debated; some argue it has the potential to revolutionise cybersecurity, whilst others insist that the drawbacks outweigh the benefits.

With several issues facing the current cybersecurity landscape such as a disappearing IT perimeter, a widening skills gap, increasingly sophisticated cyber attacks and data breaches continuing to hit headlines, a remedy is needed. The nature of stolen data has also changed - CVV and passport numbers are becoming compromised, so coupled with regulations such as GDPR, organisations are facing a minefield.

Research shows that 60% think AI has the ability to find attacks before they do damage. But is AI the answer to the never-ending cybersecurity problems facing organisations today?

The Cost-Benefit Conundrum
On one hand, AI could provide an extremely large benefit to the overall framework of cybersecurity defences. On the other, the reality that it equally has the potential to be a danger under certain conditions cannot be ignored. Hackers are fast gaining the ability to foil security algorithms by targeting the data AI technology is training on. Inevitably, this could have devastating consequences.

AI can be deployed by both sides - by the attackers and the defenders. It does have a number of benefits such as the ability to learn and adapt to its current learning environment and the threat landscape. If it was deployed correctly, AI could consistently collect intelligence about new threats, attempted attacks, successful data breaches, blocked or failed attacks and learn from it all, fulfilling its purpose of defending the digital assets of an organisation. By immediately reacting to attempted breaches, mitigating and addressing the threat, cybersecurity could truly reach the next level as the technology would be constantly learning to detect and protect.

Additionally, AI technology has the ability to pick up abnormalities within an organisation’s network and flag it quicker than a member of the cybersecurity or IT team could; AI’s ability to understand ‘normal’ behaviour would allow it to bring attention to potentially malicious behaviour of suspicious or abnormal user or device activity.

As with most new technologies, for each positive there is an equal negative. AI could be configured by hackers to learn the specific defences and tools that it runs up against which would give way to larger and more successful data breaches. Viruses could be created to host this type of AI, producing more malware that can bypass even more advanced security implementations. This approach would likely be favoured by hackers as they don’t even need to tamper with the data itself - they could work out the features of the code a model is using and mirror it with their own. In this particular care, the tables would be turned and organisations could find themselves in sticky situations if they can’t keep up with hackers.

Organisations must be wary that they don’t adopt AI technology in cybersecurity ‘just because.’ As attack surfaces expand and hackers become more sophisticated, cybersecurity strategies must evolve to keep up. AI contributes to this expanding attack surface so when it comes down to deployment, the benefits must be weighed up against the potential negatives. A robust, defence-in-depth Information Assurance strategy is still needed to form the basis of any defence strategy to keep data safe.



Paul German, CEO, Certes Networks