By SIMON MCCULLOUGH, major channel account manager at F5 Networks
It’s no news that advances in AI and machine learning have enormous transformative potential for cybersecurity defences.
However, rapid advances in technology also result in big opportunities for hackers to get smarter and faster. So, when it comes to cybersecurity, is AI a friend or foe?
Although the AI arms race is just beginning, the ultimate potential for automated threats is vast and unknown. AI-based malware alone will soon become a widespread plague, so businesses need to pay attention or risk getting caught out.
Automated threats on the rise
We’ve already started to see how AI-based malware can be used to scale up attacks. Polymorphic malware, for instance, can constantly adapt so its code can’t be identified. TrickBot is another example of a stealthy threat that has evolved and expanded its capabilities from a banking trojan to target credit card companies and wealth management services.
With TrickBot, the threat’s code enters a network and infects systems automatically, making it difficult to detect and mitigate as it changes to avoid detection. TrickBot is also known for its resilient infrastructure, including command and control (C&C) servers set up on hacked routers, many unique C&C IP addresses, as well as regular updates to make it harder to take down.
It is conceivable that we’ll soon see a rise in AI-powered phishing emails, high-quality spam and a vast proliferation of false flags. We’re already noticing this with threats like TrickBot, which consistently use email spam and phishing campaigns as its initial attack pattern. As a result, it is imperative that businesses train their employees to spot potentially fake emails, not to open suspicious file attachments or click on questionable embedded links. Currently web application firewalls can help detect and mitigate banking trojans, but businesses need to ensure they are updated regularly to keep pace with AI-powered threats.
Intriguingly, AI could soon be used to conceal malware presence in a victim’s network and combine various attack techniques to identify the most effective disruptive option. In time, hackers will be able to use AI to bypass security algorithms. It is critical that all likely targets – and few are immune – start to harness AI to fight back.
The business battle
AI’s widespread adoption across different areas of a business can make it difficult to understand where to best deploy security systems, and where to focus cybersecurity teams’ efforts.
Organisations need to ask themselves a series of questions. What are the strengths and weaknesses of the IT infrastructures? Who in the cybersecurity team is fighting the attacks? Where are resources required to better cope with AI-based threats? What employee and industry behaviours influence security defences? Answering these kind of questions makes it easier to determine the best use of AI.
The key is to adopt a prevent, detect and response strategy. If deployed correctly, AI can be used to collect intelligence about new threats, attempted attacks and successful breaches. It can detect abnormalities within an organisation’s network and flag them more quickly than a human ever could.
Businesses can also make life difficult for hackers by isolating vulnerable applications. This is a useful method to reduce threat risk and render malware harmless by allowing it to fully execute in a completely isolated, contained environment. Crucially, it helps protect against the most common attack vectors, such as malicious downloads, plug-ins and email attachments. As the use of apps across organisations continues to soar, these are the areas hackers will target with AI-powered
attacks. Securing applications must always be a key concern for business leaders looking to ensure IT infrastructures are continually protected, despite new technologies entering the market.
AI versus AI
The business case for AI in cybersecurity is strong, and the operational efficiencies of automation are becoming clearer with each passing day. Even so, it is important to not entirely rely on automation. It is not a silver bullet, and security teams should still be present in frontline roles. For example, there will always be a need for specific human knowledge and interaction with application services. Cybersecurity as a discipline currently boasts one of the widest uses of AI in the enterprise space, and it’s clear that adoption isn’t slowing any time soon. Everyone needs to remember that AI can be both a weapon of mass destruction and a vital part of the solution.
Cloud makes business magic
A cloud summit conference last week illustrated the dramatic way the cloud can transform an organisation’s capacity.
What do the movies have in common with banks? Aside from the billions of rands and dollars that flow through both industries, they seem worlds apart. Yet, in the world of cloud computing, they are suddenly close neighbours.
It’s not just that both now tend to host their services in the cloud, accessible from any connected device anywhere in the world. Now, they can take advantage of the lessons, systems and strategies that each has adopted in the cloud.
One of the best-known examples of leveraging the cloud for global impact is Netflix, which hosts its content in the data centres of Amazon Web Services (AWS), the world’s largest cloud computing service. Along with videos and movies, it also uses applies regional licensing frameworks via this cloud platform, meaning it can instantly launch new services and videos worldwide that comply with local regulations in every country.
At last week’s AWS Summit in Cape Town, it became clear just how powerful the cloud can be for South African organisations. One of South Africa’s oldest insurance companies, one of the country’s largest universities and the country’s newest bank all took to the stage to share case studies of how the cloud had transformed their operations.
That is probably all that Old Mutual, the University of Pretoria and TymeBank have in common, but they slotted in neatly to a bigger story: the cloud is available to any institution or business, large or small, old or new. This is the underlying secret to the astonishing growth of TymeBank, South Africa’s first fully digital bank, and the first entity to receive a banking license in this country in 19 years.
Launched earlier this year, it currently brings 100,000 new customers on board every month. To achieve this, it uses no less than 54 distinct services available on the AWS platform, says Dieter Botha, chief information officer of the bank.
“We’ve got so many services in the ecosystem. From a security point of view, every single one of our customers’ conversations with banks comes into the AWS world via a security layer, a content delivery network, web application firewall and AWS’s Advanced Shield, so we are pretty resilient from cyber attacks. The primary purpose is to make sure our face to the world is protected from attack.”
The most fascinating aspect of their ability to leverage the AWS cloud, however, was the fact that they were able to piggyback on processes and systems that streaming video giant Netflix had created for its own services in the cloud.
“They’ve got what we call the Netflix stack, a set of tools they put together that makes it easier to manage microservices, small elements of computer processes that run in what are called containers.”
Netflix built its own application containers, on top of an open-source platform, meaning that anyone could use and adapt the systems it had developed. However, that was only a starting point while TymeBank was pulling itself up by its own bootstraps.
“This is where we say, if you take a step back, this stuff is very cool, but it translates into an element of risk. From a risk point of view, rather than using that scaffolding, we said let’s take our microservices container, and get an animal like AWS to run it for us. So we’re effectively replacing the Netflix stack with AWS and its native services.
“Now our techies can just focus on the code inside our operations rather than build the heavy scaffolding we had to worry about. The documentation is so good on AWS, because they have real technical gurus who understand the systems, that it de-risks our services.”
Netflix wasn’t the only everyday consumer service that played its part on building TymeBank. It turns out that many of the global giants have made their systems and learnings available to anyone on the world. The bank turned to a product from none other than Facebook to help build its Web presence.
As TymeBank refines its services and migrates deeper and deeper into the Amazon cloud, it has also been able to cut costs dramatically.
“We found as we’ve grown and become more comfortable in that cloud and more skilled in the use of the cloud, we began consuming more native services, meaning they are designed to run in the cloud. That’s a really big deal for us. That’s when you see the benefits of the cloud ecosystem. One native service can trigger another, because they talk to each other well.
“This includes a set of services that help you manage your life and bills in the cloud. People forget about costs. Now we can tag a lot of our services in the AWS cloud to understand exactly what is driving cost points, and we are able to manage costs right down to the level of the techies.
“Traditionally, if you sign a contract with a big supplier, it gets filed away, and the techies don’t even know what is driving costs. By tagging services in the cloud, you’re giving cost knowledge to your techies, and it’s in their power to push it up and down. You give them the power to understand costs and manage them. That’s never been possible before.”
This partly explains why TymeBank is able to bring the monthly cost of having a bank account to exactly zero. It is only when one starts using its services that banking fees kick in.
However, the fact that a 174-year-old insurance company like Old Mutual and a 156-year-old like Standard Bank are also rapidly migrating to the AWS platform is a clear message that the cloud is not just for newcomers.
Both institutions began offering their services in the middle of the 18th century, when the concept of technology barely existed. Yet, the constant evolution and falling price of cutting-edge tech like cloud computing has meant they can not only survive, but even thrive, in the presence of young upstarts like TymeBank.
- Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee
Think like a hacker
Ethical hackers play a key role in keeping a company secure.
Relevant cybersecurity isn’t perpetuated exclusively through investment and systems; it is reliant on people and their understanding of the cyber threat.
A leading ethical technology hacker in Europe, Jamie Woodruff, gained access to a well-known financial institution by simply posing as a pizza delivery man. He was quoted as saying that it is the mistakes that people make that are the true threat to the business. That said, it is people like Woodruff who can provide the organisation with the insight required to pre-empt attacks, find hidden loopholes and educate employees.
These ethical hackers know how to play the game of cybersecurity thrones. They understand the methodologies and the mindsets of those who make a living from penetrating business defences unlawfully and use this understanding to reshape security infrastructure and investment.
“The role of the ethical hacker has evolved considerably over the past few years,” says Karien Bornheim, CEO of Footprint Africa Business Solutions (FABS). “In the past, they would be hired by organisations to ensure that their security was capable of withstanding a concerted attack and, in some cases, find out if they had already been breached. Many organisations only discover that they’ve had a breach years after it has taken place. Today, the ethical hacker has added to their arsenal – their skills have evolved and so have the methods they use. Not only are they penetrating the front lines of defence, they are also launching attacks from the inside of the organisation.”
There has been a subtle shift from the slide in and out pen testing of the past when ethical hackers would attack organisations over a period of a few days or weeks. Now, many undertake long-term undercover assignments that embed them into the company. These are the ethical hackers that become part of the culture so they can identify the insider threats that are affecting the organisation, and even identify the source of ongoing security challenges. Many ethical hacker training courses specialise in undercover training into very specific technology skill sets that allow them to find the bigger threats to the organisation, particularly those perpetrated by employees.
The insider threat is a very real problem. According to CA’s Insider Threat 2018 Report, 90% of organisations feel that they are vulnerable to an insider attack, 53% have had confirmed insider attacks, and 27% have seen an increase in frequency. This has sparked significant internal investment into insider threat programmes that focus on deterrence, forensics and user behaviour monitoring.
“Ethical hackers are capable of immersing themselves into the culture of the business. They use this to detect behaviour that could potentially indicate if someone is an insider threat,” says Bornheim. “Their skills allow them to find digital proof of misdeeds and rapidly detect certain system issues or behaviours. Those who take on these roles can spend months or even years at an organisation protecting it both from within and without.”
That said, in spite of their security expertise and experience, many organisations remain reluctant to hire external ethical hackers and grant them access to their information. It’s an understandable concern. Many ethical hackers have moved from the so-called black hat (criminal) side of hacking to the white hat (legal) side and bring with them a suitcase of smart skills that few companies want to see thrown at their cybersecurity walls. However, this discomfort is the precise reason why the business should be paying attention and the bill.
“These individuals do command high salaries but what they offer the organisation in terms of reputational and cost-saving benefits, cannot be understated,” says Bornheim. “Should they discover a bug, a loophole, an existing piece of dangerous code, or any other threat to the company, they can save it millions.”
The average cost to the company, according to IBM’s study – Costs of Data Breaches Increase Expenses for Businesses, is around $US3.86 million for a data breach. This cost has risen since 2016 by 6.4% and will likely increase again over the next 12-24 months. Any company facing that reckoning at the end of a cybersecurity hack from a black hat will suddenly see the bill that comes from a certified white hat like a missed opportunity.
“Certified ethical hackers operate under very strict ethical controls,” concludes Bornheim. “They report any issues or information they find and help the organisation to put more stringent or relevant controls in place. The ethical hacker is ultimately a weapon, one that can be safely wielded by the untrained to defend the organisation against future attacks, to rebuild systems and security platforms, and to uncover insider threats. Their role is as critical to the development of a robust cybersecurity stance as the software, solutions and training that are embedded into the human, machine, server, and system.”