SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
AI helping businesses stay ahead of threats - LogRhythm
Mon, 15th Apr 2019
FYI, this story is more than a year old

As the frequency and severity of cyber-attacks and data breaches continue to increase, cybersecurity vendors and their customers need to ensure they're keeping ahead of cyber trends.

Hackers and cyber-criminals are nothing if not industrious.

They're working harder than ever to overcome organisations' increasingly sophisticated cybersecurity defences and combat the fact that employees and individuals have become wiser to their methods than once they were.

And they're enjoying a fair degree of success, here in Australia and elsewhere in the developed world, courtesy of a repertoire of scams, tricks and techniques designed to achieve unauthorised access to sensitive corporate and consumer information.

These include phishing, whaling, targeted ransomware and malware attacks, account takeover fraud and, more recently, infiltration of corporate networks via poorly secured Internet of Things devices which offer an easy ‘in' to core systems.

Soaring cyber-crime costs

Some reports put the global cost of cyber-crime at an eye-watering $US600 billion.

Here in Australia, the potential direct economic loss to businesses as a result of cybersecurity incidents may be as high as $29 billion a year, according to a Frost and Sullivan study commissioned by Microsoft in 2018.

Direct costs of a breach can include losses in revenue, decreased profitability, fines, lawsuits and remediation costs.

More than half the organisations surveyed by Frost and Sullivan had experienced a cybersecurity incident in the preceding five months.

The report noted incidents may be under-reported, given one in five companies did not perform a data breach assessment, following a suspected breach.

It's not just small players with less-than-rigorous cybersecurity regimes which are being caught on the hop.

Last year saw a string of well-known Australian organisations and entities, including News Limited, Marriott Hotels, PageUp People and the Australian National University, fall victim to data breaches.

Meanwhile, 2019 began with the New Year's Day announcement that 30,000 Victorian public servants had personal information stolen on December 22, after the state government's staff directory was downloaded by an unknown party.

Staying ahead with AI

With Australian businesses and organisations of all stripes under siege from a resourceful, innovative and relentless array of high-tech enemies, it's incumbent on cybersecurity firms to help them stay a step or several ahead.

Embracing emerging technology can make it easier to do so.

Artificial Intelligence (AI) has become the latest weapon in the battle to keep hackers and cybercriminals at bay, as they circle the enterprise and seek out new vulnerabilities in the vastly expanded perimeters mobile technology and the IoT have created.

AI is being used to anticipate new threats and mediate and minimise the damage caused by breaches before they lead to significant disruption and material loss.

The use of real-time analytics enables AI to prevent attacks from known sources or those with recognised software signatures, by autonomously isolating systems or users that have been compromised.

It can be deployed to seek out ‘sleeper' threats that are sitting on the company network, waiting to be activated when the moment is right.

Prevention is better (and cheaper) than cure

Being able to pre-empt attacks successfully can result in direct savings, in time and remediation costs.

Meanwhile, machine learning makes it possible to teach context to security systems.

This enables them to synthesise various forms of data to create ‘white lists' of normal behaviour for individuals and organisations.

Activities which fall outside these parameters can then be flagged and addressed.

These technologies are complemented by automation technology which can contain threats automatically by shutting down systems and locking accounts while they await human investigation.

It's become increasingly necessary, given the sheer number of threats – often hundreds a day – with which security analysts have to deal.

Its deployment can mitigate the very real risk of ‘alarm fatigue' and reduce the likelihood of the occasional threat slipping through the cordon.

Data lakes, which allow organisations to aggregate and store a vast range of raw data in its original format, also have the potential to enhance cybersecurity effectiveness.

Using sophisticated data analytics tools, a security team can analyse a lake as a body entire and elicit security insights not evident if the component parts are examined in isolation.