By Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet
Every year at this time I gather together my latest research in cybercrime trends, threat research, and technology development and pull together a white paper that projects what the cybersecurity landscape will look like, both near term as well as out into the future. I think this exercise is essential because much of the success of the cybercriminal community has been due to their ability to successfully predict and exploit networking and technology decisions made by their targeted victims.
Cybercriminals use a multi-pronged approach for their attack strategies. The most commonly understood is the development of increasingly sophisticated attack methodologies. For example, we have seen a rise in the use of Advanced Evasion Techniques (AETs) designed to prevent detection, disable security functions and devices, and operate under the radar.
However, two additional strategies are worth noting. First, like any enterprise, they don’t spend money when they don’t have to. The latest Threat Landscape Report from Fortinet, for example, shows that cybercriminals were more likely to target vulnerabilities from 2007 than they were from 2018/2019 – and the same holds true for every year in between. There is no reason to develop a new malware tool when organizations seem all too willing to leave the front door unlocked.
The other strategy is to target as many attack vectors as
possible. For example, in this same report, criminals are increasingly
targeting publicly facing edge services, perhaps in response to organizations
over-rotating on training personnel and upgrading their email security gateways
to combat phishing. Different attack vector, same outcome.
Interestingly, this same strategy undergirds the power of swarm-based attacks, a developing attack strategy I have been talking about for some time. Intelligent swarms of customizable bots, grouped by specific attack function and that can share and learn from each other in real time, could potentially target a network and, by attacking it on all fronts simultaneously, simply overwhelm the network’s ability to defend itself.
Who Has the Upper Hand?
These trends are important to understand because in the cyber arms race, the criminal community has often had a distinct advantage. And given the continued reliance on traditional point products and stovepiped security strategies used by many organizations, that looks likely to continue for some time – unless organizations make a complete paradigm shift as to how they think about and deploy security.
So far, however, some organizations continue to use the same failed strategies to secure new networked environments, such as isolating cloud instances with separate security tools – a strategy that adds additional complexity to already overburdened IT staff, while simultaneously reducing the visibility and control needed to identify and stop multi-vector attacks designed to exploit this specific vulnerability.
The adoption of 5G, however, may end up being the catalyst for a radical paradigm shift in security because it will be the perfect incubator for the development of functional swarm-based attacks. Because 5G-enabled edge networks will be able to create local, ad hoc networks on the fly that can quickly share and process information and applications, groups of compromised devices could work in concert to target victims at 5G speeds. Given the intelligence, speed, and localized nature of such an attack, few current security technologies would be able to effectively fight off such a persistent strategy.
We Can Turn the Tables with AI
To get out ahead of this cycle, organizations need to begin to use the same sorts of technologies and strategies to defend their networks that criminals are using to compromise them. That means adopting an intelligently integrated approach that leverages the power and resources of today’s enterprise.
AI represents one of our best hopes for being able to get out in front of this issue. The goal is to develop an adaptive immune system for the network similar to the one in the human body. In the body, white blood cells come to the rescue when a problem is detected, acting autonomously to fight infection, while sending information back to the brain for more processing – like marshalling additional resources or remembering to take an antibiotic.
As AI progresses from its current form, where it is used primarily to sift through mountains of data to solve a problem, it will be able to function more like a human immune system or neural network. AI will rely on interconnected, regionally deployed learner nodes to collect local data and then share, correlate, and analyze that intelligence in a distributed manner.
Interesting Developments Ahead
This article only touches on a few of the ideas, there are a number of interesting trends that business executives and IT teams alike should be familiar with. They include:
- Combining machine learning with statistical analysis to Predict Attacks by uncovering the underlying attack patterns of cybercriminals, thereby enabling an AI system to predict an attacker’s next move, forecast where the next attack is likely to occur, and even determine which threat actors are the most likely culprits.
- A deep look at how Deception Technologies can be used to create a virtually insurmountable layer of defense around your network, regardless of how far it has been distributed.
- Recent developments in Law Enforcement that will enable them get out ahead of cybercrime.
- And the rise of New Zero-Day Exploits that, when combined with AI-enabled systems, will enable cybercriminals to strike in ways and places that many organizations are simply unprepared to defend.
Start with an Integrated Strategy
These trends only further underscore the need to take a new approach to security, designed around the principles of integrated solutions, advanced AI and machine learning, and related techniques. Interconnectivity between machine learning systems will be especially critical so that localized machine learning nodes can adapt to a local environment’s unique configuration.
By shifting responsibilities to autonomous self-learning processes that function similarly to human autoimmune systems – such as hunting for, detecting, and responding to security events – valuable cybersecurity professionals will have the time and resources to adopt advanced security-driven network strategies designed for today’s continually evolving networks.