Cyberthreat predictions for 2020
Organisations can get ahead of cybercriminals by developing AI-powered ‘immune systems’. By Derek Manky
Every year at this time I gather together my latest research at Fortinet in cybercrime trends, threat research and technology development and project what the cybersecurity landscape will look like, both near term as well as further into the future.
I think this exercise is essential because cybercriminals owe much of their success to their ability to successfully predict and exploit networking and technology decisions made by their targeted victims.
Cybercriminals use a multi-pronged approach for their attack strategies, which are becoming increasingly sophisticated. For example, we have seen a rise in the use of advanced evasion techniques designed to prevent detection, disable security functions and devices and operate under the radar.
However, two additional strategies are worth noting. First, like any business, cybercriminals don’t spend money when they don’t have to. The latest “Threat Landscape Report” from Fortinet, for example, shows that cybercriminals were more likely to target vulnerabilities from 2007 than those from 2018. There is no reason to develop a new malware tool when organisations seem all too willing to leave the front door unlocked.
The other strategy is to target as many attack vectors as possible. For example, the same report notes that criminals are increasingly targeting public-facing edge services, perhaps in response to organisations over-rotating on training personnel and upgrading their email security gateways to combat phishing. Different attack vector, same outcome.
This same strategy undergirds the power of swarm-based attacks. Intelligent swarms of customisable bots, grouped by specific attack function, which can share and learn from each other in real time. They can potentially target a network and, by attacking it on all fronts simultaneously, simply overwhelm the network’s ability to defend itself.
WHO’S WINNING?
Given organisations’ continued reliance on traditional point products and “stovepiped” security strategies, the bad guys will continue to have an edge — unless organisations make a complete paradigm shift as to how they think about and deploy security.
So far, however, some organisations continue to use the same failed strategies to secure new networked environments, such as isolating cloud instances with separate security tools. Such a strategy adds additional complexity to already overburdened IT staff, while simultaneously reducing the visibility and control needed to identify and stop multi-vector attacks designed to exploit this specific vulnerability.
The adoption of 5G, however, may end up being the catalyst for a radical paradigm shift in security because it will be the perfect incubator for the development of functional swarmbased attacks.
Because 5G-enabled edge networks will be able to create local, ad hoc networks on the fly to quickly share and process information and applications, groups of compromised devices could target victims at 5G speeds. Given the intelligence, speed and localised nature of such an attack, few current security technologies would be able to effectively fight off such a persistent threat.
To get out ahead of this cycle, organisations need to begin to use the same sorts of technologies and strategies to defend their networks that criminals are using to compromise them. That means adopting an intelligently integrated approach that takes advantage of the power and resources of today’s enterprise.
Artificial intelligence (AI) represents one of our best hopes in this regard. The goal is to develop an adaptive immune system for the network similar to the one in the human body.
In the body, white blood cells come to the rescue when a problem is detected, acting autonomously to fight infection, while sending information back to the brain for more processing — like marshalling additional resources or remembering to take an antibiotic.
As AI progresses beyond data analysis, it will be able to function more like a human immune system or neural network. AI will rely on interconnected, regionally deployed “learner nodes” to collect local data and then share, correlate and analyse that intelligence in a distributed manner.
OTHER TRENDS
There are a number of other interesting trends that business executives and IT teams alike should be familiar with. They include:
Machine learning can be combined with statistical analysis to predict attacks by uncovering the underlying attack patterns of cybercriminals. This could enable an AI system to predict an attacker’s next move, forecast where the next attack is likely to occur, and even determine which threat actors are the most likely culprits.
It’s time to take a deep look at how deception technologies can be used to create a virtually insurmountable layer of defence around your network, regardless of how far it has been distributed.
Beware the rise of new zero-day exploits that, when combined with AI-enabled systems, will enable cybercriminals to strike in ways and places that many organisations are simply unprepared to defend.
These trends only further underscore the need to take a new approach to security, designed around the principles of integrated solutions, advanced AI and machine learning, and related techniques. Interconnectivity between machine learning systems will be especially critical so that localised machine learning nodes can adapt to a local environment’s unique configuration.
By shifting responsibilities to autonomous self-learning processes that function similarly to human autoimmune systems — such as hunting for, detecting and responding to security events — valuable cybersecurity professionals will have the time and resources to adopt advanced security-driven network strategies designed for today’s continually evolving networks.
Derek Manky is the Global Security Strategist with Fortinet, a Californiabased security software and services provider.