According to a recent survey by Mcafee, 82% of respondents reported a shortage of cyber-security skills, while 75% believe that it is making them a more desirable target to hackers. The shortage of cyber-security professionals is hardly surprising, given that they must fill a role that requires a lot knowledge, experience, patience, and offers little in the way of intrinsic rewards.
You’re not going to get a pat on the back when security incidents don’t happen, yet if one does, who do you think they are going to blame? It is unlikely that this situation is going to change, and so we need to focus our attention on automation.
The Role that Automation Can Play
Every organization will use automation in some form or another. For example, anti-virus tools and Firewalls provide a basic level of automation, in that they are able to detect and respond to suspicious entities, without any human intervention. Some organizations use solutions which can automatically discover and classify sensitive data.
Some use sophisticated DCAP (Data-Centric Audit & Protection) solutions to detect, alert, report and respond to changes made to their sensitive data, as well as monitor access privileges. They can also detect and respond to events that match a pre-defined threshold condition, such as multiple failed login attempts or bulk file encryption. Likewise, Data Loss Prevention (DLP) solutions can automatically block/quarantine unencrypted sensitive data as it leaves the network.
Data deception strategies are also a lot more effective when used in conjunction with automation. Such strategies are often referred to as “honeypots” and are used to trick hackers into accessing dummy data that appears to be valuable. In order for a honeypot to be effective, there needs to be many of them spread across the network. And while they might be relatively simple to setup, monitoring these honeypots would be an arduous process, if done manually.
Automation not only makes it easier to identify, correlate and respond to suspicious events, but when used in combination with machine learning, it enables us to compile and analyse patterns of behaviour and make predictions about what an attacker might do next. This enables us to initiate a more sophisticated response. Such tools are invaluable for simple, repetitive and relatively low-risk tasks. They work around the clock performing crucial tasks in a fast and efficient manner, which in turn enables security teams to focus on more complex and pressing issues.
The Issues with Automation
While AI and machine learning will inevitably play an important role in the future of cyber-security, these technologies can also be seen as a double-edged sword. According to the following article published by TechRepublic, 91% of cybersecurity professionals fear that hackers will use AI to attack their company.
AI is already being used to scrape personal data, such as email addresses and phone numbers, which can be used to facilitate social engineering attacks. Hackers are already seeking ways to use AI/machine learning to launch even more sophisticated attacks. For example, security experts have found a way to use AI to modify malware so that it can bypass antivirus software and machine learning algorithms.
Imagine a form of AI that could continuously spawn a large number of different malware strains, determine which ones were the most effective, and then spawn a large number of variations of that strain, and so on. Through a process of (un)natural selection, hackers could create very sophisticated attack vectors that constantly evolve without the need for human intervention.
Beating cyber-crime is hard, but not impossible. After all, Bitcoin and other blockchain-based technologies have so far proven to be immune from cyber-attacks, and similar technologies are evolving that have a much wider scope. For example, the SAFE network, which is still under development, is an essentially a new internet, built with privacy and security in mind.
As it currently stands, these technologies are either not ready for mainstream adoption, provide limited scope for securing our networks and data, or are yet to be officially released. In the meantime, the only way to get around cyber-security skills shortage is to automate as many tasks as we can, using the technology that is currently available to us.