If you’re one of the many, many companies recently targeted by WannaCry, you’ve just been handed a harsh reality check in the importance of enterprise cybersecurity. Maybe you had ignored previous warnings or felt cybersecurity technology was unnecessary. Or maybe you actually had cybersecurity measures in place that failed.
Analysts have (so far) placed the number of corporate victims of WannaCry at 29,000 firms.
As reports have pointed out, the attack was great news for the cybersecurity industry, which saw spikes in share prices and experts predicting corporate spend on cybersecurity technologies.
Just days before the ransomware attack launched, Versive, a data science and analytics firm formerly known as Context Relevant, released a new product, Versive Security Engine (good timing for businesses able to deploy it before WannaCry). At the time, CEO Joe Polverari and CTO Dustin Hillard explained to PYMNTS why so many companies have failed to adequately protect themselves — commentary that takes on new weight today.
One of the largest problems, said Polverari, is that companies are too focused on their perimeters.
“The biggest challenge for folks running digital networks in the enterprise today is they don’t have visibility as to exactly what’s going on in their networks,” he said. “Firms have invested a lot of time, energy and resources on what I would call the edges, and on the perimeters, on just keeping adversaries outside their network. That has a limited level of efficacy, to be completely candid.”
Once an adversary understands what a company is using to protect its perimeter, he continued, then they can infiltrate it. And once they’re within the network, the defenses tend to lag.
Making matters worse, once a cybercriminal has entered a company’s digital network, they may be poking around in there for a long time undetected before they cause the real damage.
“These things actually play out over a period of months or years,” Polverari said. “It’s very infrequently that they use what we would call a ‘smash-and-grab’ activity.”
Someone may enter the network via a phishing scam, compromised credentials, malware or the like and, for a long time, simply just exist there. Slowly, the executive said, they’ll begin to “take inventory” of a firm’s data assets. Their activity is so minimal that human cybersecurity analysts may not even notice it — or, if they do, consider it a harmless anomaly.
Polverari and Hillard said this tactic is exactly why machine learning and artificial intelligence are critical to today’s cyber defenses.
“Where machine learning comes in and is particularly effective is because it takes months [for a cyberattack] to play out, and movements are so subtle that traditional cybersecurity methods aren’t effective at understanding what’s going on,” Polverari said. “They just look like little anomalies or, sometimes, not even that. But it’s actually the beginning of a long chain of behavior.
“Why artificial intelligence and machine learning are so effective is we can get across so much data so quickly to understand a profile and to understand a deviation from normal in a way human beings can’t.”
The CEO said each company’s network is like a fingerprint, each with its own definition of “normal.” AI can more accurately identify what might be considered abnormal in a network — and, further, understand whether that abnormality is the sign of a cyberattack or something of the like.
Not only can machines offer more accuracy, but, said Hillard, there is a major talent shortage in the enterprise cybersecurity space.
“It used to take a human months to learn a network,” he said, adding that artificial intelligence and machine learning can do it automatically.
As if the the cybersecurity mountain weren’t already high enough to climb, there’s another trend arising and harming corporates’ ability to protect themselves: Cybercriminals are beginning to understand AI and, in some cases, even use the technology themselves for malicious purposes.
“The most advanced adversaries are starting to use AI to discover vulnerabilities and understand the AI that’s in place,” he said. Whether using AI technology or not, he continued, companies often have cybersecurity tools in place that take a one-size-fits-all approach.
“Artificial intelligence can’t be a perfect defense if someone is able to look at it ahead of time and pick it apart,” he added. “It can provide a false sense of security. It’s important that it is constantly updating and adapting so adversaries can’t break a more static defense.”
Machine learning can give AI-based technologies that flexibility it needs, said Polverari.
“If someone knows you’re running those technologies, they know how to get around it,” he said. “What they don’t expect to encounter once they’re in a network is something that’s adaptive to behaviors. It knows what’s normal and abnormal. It can never be static and rigid. That’s what gives it an advantage in detection and mitigation of cyberattacks.”