According to the Cisco 2018 Annual Cybersecurity Report, presented in Bucharest today, an increasing number of security leaders rely on and invest in automation, Machine Leaning and Artificial Intelligence to counter cyber threats.
Increase in traffic encryption poses security threats
While encryption is meant to enhance security, the report shows, the expanded volume of encrypted web traffic (50 percent as of October 2017) — both legitimate and malicious — has created more challenges for defenders trying to identify and monitor potential threats. Cisco threat researchers observed more than a threefold increase in encrypted network communication used by inspected malware samples over a 12-month period.
Automation, ML and AI can counter modern cyber attacks
Applying machine learning can help enhance network security defenses and, over time, “learn” how to automatically detect unusual patterns in encrypted web traffic, cloud, and IoT environments. Some of the 3,600 chief information security officers (CISOs) interviewed for the Cisco 2018 Security Capabilities Benchmark Study report, stated they were reliant and eager to add tools like machine learning and AI, but were frustrated by the number of false positives such systems generate. While still in its infancy, machine learning and AI technologies over time will mature and learn what is “normal” activity in the network environments they are monitoring.
The findings of the report show that 39 percent of organizations are reliant on automation, 34 percent are reliant on machine learning and 32 percent are highly reliant on AI.
“We want to warn that, because increasingly more traffic is encrypted, we need tools that can integrate metadata based on technologies such as ML identify cyber threats. Static tools are less efficient when it comes to today’s attacks,” Dorin Pena, general manager Cisco Romania said.
“We believe that it is becoming increasingly important to use methods that can take on data, analyse it and conclude whether it is malware or ransom ware,” Pena added. “The intelligent network we created, that can send data and integrate it in a machine learning mechanism and can identify deviant behaviours. It is a very well performing network that performs ‘real time forensics’,” he explained.
E-mail remains vulnerable
According to the Cisco Romania head, the report shows that e-mail remains the most used source to spread attacks. “We made an analysis on the type of files that spread attacks. And we noticed that 38 percent come from the Office area, such as Excel and Power Point files. Next, 37 percent are archives and 14 are PDF files. In total, 80 percent of all types of attacks are sent from three types of files,” Pena warned.
Use of cloud services for cyber attacks in increasing
There is an increase in the offer and use of cloud services, the Cisco report warns. “When you have only one application in cloud it is easy to secure. But when you have multiple and multiple users, there is a need to secure all services. The challenge comes from the grey area,” Pena explains. “Who should provide the security services? The user or provider? This is something the cloud access security broker (CASB) does – an app that allows for the monitoring of cloud services, does an analysis of the rights of the user and allows for their visualisation. As a conclusion we have noticed an increase in the use of cloud services and demand for security. In Romania, a lot of companies use hybrid systems. The use of cloud services for cyber attacks in increasing an use fake accounts or by exploiting the authentication credentials. In social engineering you can get access to unauthorised areas by exploiting vulnerabilities,” the Cisco Romania head explained.
Eye on the IoT
Due to programming errors of weak security, attackers can take over equipments as IoT bot nets, not for an immediate attack, but to take advantage for an impending attack that will be orchestrated later, the Cisco report warns.
“Household users must understand the risks of using or introducing in their network the IoT object. Not necessarily that it will be used in an attack against them, but as a bot net. And companies must understand do handle the management,” Dorin Pena said.
Patching driven by crisis
Apps are developed increasingly faster. Maybe before the launches were less frequent, but now every month there is something new. According to data presented by Pena, attacks increased the awareness of clients and the adoption rate of the patch increase. However, in time they tend to return to previous levels, meaning that the main event that pushes users or security systems managers continues to be a crisis, and not a proactive attitude. This is reflected in costs for companies, Pena explains. “We can measure the effect of attacks in losses. 57 percent of attacks result in damages of USD 500,000 upwards, and it involves lost clients, revenues and costs to unblock the data. A lot of companies must be aware on the cost of attacks,” Pena concluded.