How AI is Changing the Face of Cyber Resiliency

By Dr. Wayne Ronhaar
Guest Columnist

In today’s cyber resiliency world, the key phrase is, “It’s not if you’re going to get hit – it’s when you’re going to get hit.” Cyber Terrorists are leveraging bleeding-edge technologies and automation to strike anywhere, anytime. Too often, oil and gas companies are bringing knives and swords to a fight with Storm Troopers with light sabres and laser guns – in their efforts to solidify their cyber preparation, protection, and responses.

Traditional methods do not work anymore. Old and current methods or signatures are not reliable. Industry reports say most attacks exploit known vulnerabilities that have available patches. The greatest urgency to this behavior is the statistics show hackers strike within minutes of vulnerabilities becoming public. The average life of a malware virus today is only seven hours. Then it either mutates or is abandoned for a new one. The usual amount of time it takes for a vulnerability to be patched is 150 to 240 days. The math here is sobering and intimidating.

And for those unknown vulnerabilities that hackers are the first to discover, the potential of rampant damage is massive and unchecked.

With the introduction and rapid growth of artificial intelligence (AI), cyber security technologies are starting to fight a fairer fight. Today it is leveling the playing field. The prediction is AI will reverse the fight giving it to those on the good side.

How is AI Changing the Environment?

AI can establish behavioral patterns, otherwise known as “profiles,” from largely unlabeled and unstructured data. These patterns provide the insights to businesses and security environments by using sophisticated algorithms to learn. The algorithms seek and identify anomalous – or irregular, abnormal — behaviour.

By establishing profiles and using behavioural analytics, intelligent anomalous behaviour and detection are performed to identify potential exploits or vulnerabilities. AI’s ability to identify and analyze personalities and behaviour makes it the next future generation of protection to replace old signatures, whitelisting, and passwords.

At the foundation of AI is data. However, this is a double-edged sword. The more data AI must work with, the deeper the analysis and intelligence, and the greater the accuracy of performance. But that increased and growing data also provides attackers more surface to seek vulnerabilities and attacks. More data provides both protectors and attackers more information to plan their strategies and actions against each other. A competitive field with a swinging pendulum of advantage and power.

According to Dave Palmer, director of technology for Darktrace, self-described as the world’s most advanced machine learning and AI platform for cyber security, there are vulnerabilities. “AI thrives on the data it from which it learns. We should anticipate attacks on underlying data targeted at subverting the decisions that machines make. An example of this could be falsifying market information to cause incorrect actions by investment (by AI) in financial institutions, or subverting geophysical data to cause rival oil & gas companies to bid for rights and drill in the wrong locations.”

While AI is the new future, it is not yet the savior of the moment. We must understand it is an exponentially growing and changing technology. It represents a new environment of “resiliency.” Until AI reaches greater levels of maturity, we still must be cognizant of today.

Employ Defense-in-Depth Strategies

Prudent energy companies ensure the following strategies are followed:

1. Emphasize multiple, overlapping, and mutually supportive defensive systems guard against single-point failures in any specific technology or protection method. This should include the deployment of regularly updated firewalls as well as gateway antivirus, intrusion detection or protection systems (IPS), website vulnerability with malware protection, and web security gateway solutions throughout the network;
2. Monitor for network incursion attempts, vulnerabilities, and brand abuse; and
3. Receive alerts for new vulnerabilities and threats across vendor platforms for proactive remediation. Track brand abuse via domain alerting and fictitious website reporting.

Antivirus on Endpoints Is Not Enough

Oilpatch executives need to understand on endpoints, it is important to have the latest versions of antivirus software installed. Deploy and use a comprehensive endpoint security product that includes additional layers of protection, including:

1. Endpoint intrusion prevention that protects unpatched vulnerabilities from being exploited protects against social engineering attacks and stops malware from reaching endpoints.
2. Deep Learning Browser protection for avoiding obfuscated web-based attacks.
3. File and web-based reputation solutions that provide a risk-and-reputation rating of any application and website to prevent rapidly mutating and polymorphic malware.
4. Behavioral prevention capabilities that look at the behavior of applications and prevent malware. Application control settings that can prevent applications and browser plugins from downloading unauthorized malicious content.
5. Device control settings that prevent and limit the types of USB devices being used.

Secure Websites Against Attacks and Malware Infection

Avoid compromising your trusted relationship with customers by regularly assessing your website for vulnerabilities and malware. Additionally, consider:

1. Choose SSL certificates with extended validation to display the green browser address bar to website users.
2. Display recognized trust marks in highly visible locations on your website to show customers your commit­ment to their security.

Protect Private Keys

Make sure to get your digital certificates from an established, trustworthy certificate authority that demonstrates excellent security practices. Symantec recommends that organizations:

1. Use separate test signing and release signing infrastruc­tures.
2. Secure all keys in secure, tamper-proof, cryptographic hardware devices.

Implement physical security to protect your assets from theft.

#AI #CyberSecurity #Security #Virus #malware #Protection #Digital #Antivirus