3 technologies that once sounded more at home in a fictional sci fi setting than in everyday business: Artificial Intelligence, Machine Learning and Automation.
And yet according to a recent Cisco survey, all three are being used by the majority of European businesses in order to protect themselves.
In our 2018 cyber security benchmarks study, security workers in Europe told us that:
Leading the way on automation is Spain, where 87% of companies are using automation in their security posture.
The Middle East and Africa currently lead the Machine Learning race with 78% of companies there using some sort of ML in their protections, closely followed by the United Kingdom with 77%.
The UK also leads in Artificial Intelligence cyber security, with 78% of security executives telling us they rely on it.
These figures are encouraging. They come at a time when cyber criminals are becoming more adept at evasion – and weaponising cloud services and other technology used for legitimate purposes.
Speaking to Channel Futures, Franc Artes, one of our security architects, said, “They [adversaries] are using what we use to hide in the cloud…We can’t just blacklist all Amazon Web Services or Azure. Criminals know that and are leveraging that by paying attention to what we’re using.”
Cyber criminals are also widening their embrace of encryption to evade detection. Encryption is meant to enhance security, but it also provides malicious actors with a powerful tool to conceal command and control (C2) activity – affording them more time to operate and inflict damage.
The fightback against such levels of sophistication will involve organisations using tools such as automation, AI and ML.
So how can these technologies be used to protect businesses?
Advanced capabilities in AI can enhance network security defences and, over time, “learn” how to automatically detect unusual patterns in web traffic that might indicate malicious activity.
Many security executives told us in the 2018 Security Benchmarks Capabilities Survey that they are frustrated by the number of false positives from their security infrastructure, since false positives increase the security team’s workload.
These concerns should ease over time as artificial intelligence technologies mature, and learn what is “normal” activity in the network environments they are monitoring.
Machine learning is useful for automatically detecting “known-known” threats—the types of infections that have been seen before. But its real value, especially in monitoring encrypted web traffic, stems from its ability to detect “known-unknown” threats (previously unseen variations of known threats, malware subfamilies, or related new threats) and “unknown-unknown” (net-new malware) threats.
The technology can learn to identify unusual patterns in large volumes of encrypted web traffic and automatically alert security teams to the need for further investigation.
That latter point is especially important, given that the lack of trained personnel is an obstacle to enhancing security defences in many organisations.
Tools for automation that provide network context can also give security analysts insight into potential leak path issues. In addition, implementing appropriate segmentation policies can help security teams quickly determine whether unexpected communication between networks or devices is malicious.
Such technologies are powerful tools for visibility, automation and insight, yet the advice is for organisations not to overlook traditional techniques, or the importance of people.
Self-propagating, network-based attacks like WannaCry and Nyetya could have been prevented (or at least had minimised impact) if more organisations had applied fundamental security practices such as patching, setting appropriate incident response processes and policies, and segmenting their networks.
Basic cyber hygiene is critical, and must not be ignored. In fact, in examining recommendation data from several Cisco Red Team assessments carried out in 2017, services team members identified three key defensive capabilities: people, policies, and technology.
If an organization were to use technology alone to remediate security vulnerabilities, it would only solve 26 percent of issues that were identified during Red Team attack simulations. That would leave 74 percent of issues unresolved.
Likewise, if organisations use only policies to address security issues, they would resolve just 10 percent of issues; with user training for people, only 4 percent of issues.
The three areas of defence need to be tackled in concert: People, processes and technology.
Download the Cisco 2018 Annual Cyber Security report for more threat intelligence insights and advice for organisations.
See more cyber security tips on our European Cyber Security Awareness Month page.
Listen to this Podcast *hyperlink* were it talks about Artificial intelligence (AI) and Machine Learning (ML) and how it can benefits people, businesses and countries.