The Threat Landscape
Cyber criminals, or adversaries, are no longer limited to individual actors. They are highly developed and sophisticated organizations that leverage integrated tools and capabilities with artificial intelligence and machine learning. The scope of the threat is growing, and no organization is immune. Small, mid-sized, and global enterprises, municipalities, and state and federal governments face the constant threat from adversaries of being victims of a targeted attack. Even today’s most sophisticated cyber-controls, no matter how effective, will soon be obsolete, unless very large investments are made to create smart and intelligent solutions for a future-proof cyber security and defence. But this is not enough. It requires an awareness, insights and understandings within companies and organizations. How can I as an individual develop and contribute my knowledge to protect a company's assets? We must bring cyber defence into everyday life, as part of products and offers. We must be able to maintain a consistent and controlled cyber sustainability regarding processes, people, and technology. And we must be flexible to counter cyberattacks based on changed methods among adversaries.
Management must answer key questions among their teams, such as: “Are we prepared for accelerated digitization in the next three to five years?” and, more specifically, “Are we looking far enough forward to understand how today’s technology investments will have cybersecurity implications in the future?”
Every hacker and malware attacker, regardless of motivation, uses one of these exploit methods to gain initial access:
- Social Engineering
- Programming Bugs (patch available or unavailable)
- Malicious Instructions/Scripting
- Human Error/Misconfiguration
- Channel/Information leak
- Brute Force/Computational
- Data Malformation
- Network Traffic Malformation
- Insider Attack
- 3rd Party Reliance Issue (supply chain/vendor/partner/etc.)
- Physical Attack
Being Data Driven
Machine learning (ML) in cyber security performs extremely well where we have lots of data either on the cloud or on the endpoint, working in combination with big data and analytics.
ML might prove very helpful in detecting issues of a higher complexity and do so faster and more accurately than the human analyst.
In the unfortunate case of an attack, an automated response is critical to minimize the impact, conduct forensics and to defend effectively.
From a defensive perspective we need to be able to respond in computer or machine time versus human time to stop some of the attacks. Defence against intelligent cyber weapons can only be achieved by intelligent software.
Machine learning is increasingly being introduced to fight adversaries. There is currently access to lots of information about suspect adversaries, including their purchase activities and profile, online browsing activities, social networks, and fake identification they submit to get their orders approved. The real challenge is how we can make sense of this unstructured data and then make good approve/decline decisions for thousands of merchants in real time.
Here are examples of candidates to adapt ML and AI to increase the level of automation:
- Data-driven cyber threat and incident analysis
- Data-driven software testing
- Data-driven threat anticipation
- Data-driven security architecture
- Data-driven security incident management or response
- Cybersecurity data analytics and visualization
- AI for cybersecurity
Act Before the Attack
This is very much about methodically and in a fact-based way constantly improving capabilities and characteristics in a modern cyber defence. The most basic prerequisite is a sound cyber hygiene. It should be simple in order to make sure that everyone feels involved in it and can take responsibility for it, and to ensure that it can be followed up on when it is applied in practice.
- Often, cyber-attacks happen because your systems or software aren’t fully up to date, resulting in weaknesses. So, cybercriminals exploit these weaknesses to gain access to your network. Once they are in, it’s often too late to take preventative action.
- Endpoint protection protects networks that are remotely bridged to devices. Mobile devices, tablets and laptops that are connected to corporate networks give access paths to security threats.
- There are so many different types of sophisticated data breaches and new ones surface every day and even make comebacks. Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyber-attack.
- Backup and protect data and configurations to avoid serious downtime, loss of data and mistrust by clients.
- It’s essential to control who has access to your computers. Protecting your PC and login credentials is necessary to avoid misuse by an adversary.
- Securing Wi-Fi networks and hiding them is one of the safest things to prevent unauthorized access. With wireless technology becoming more and more developed everyday there are thousands of devices that can connect over Wi-Fi and potentially compromise applications and systems
- Move away from traditional identification methods with passwords and implement a “Zero Trust”-based approach to verify the user and the way to a resource. This can be an application or a system.
Culture and Awareness
One of the most common ways cyber criminals get access to your data is through your employees. Adversaries send fraudulent emails impersonating someone in your organisation and will either ask for personal details or for access to certain files. Links often seem legitimate to an untrained eye and it’s easy to fall into the trap. Therefore, employee awareness is vital to build a sustainable culture about cyber security.
Summary and SEB Position
SEB works methodically and fact-based through analyses, modelling, insights, and know-how regarding the cyber threat landscape and the methods and goals of adversaries. That is used and translated into capabilities that underpin a modern and effective cyber defence. SEB validates and follows up on this through very extensive tests in accordance with ethical simulated cyber-attacks against critical processes and infrastructure.
Listen in to Ulf Larsson and other amazing speakers at “Let’s talk tech: Cyber security – the foundation for modern banking”- live on LinkedIn March 30 11:30 CEST!