Cyber attacks continue to increase in volume, velocity, and variety. Cyber criminals display great sophistication and can purchase a revolving multitude of digital weapons inexpensively via the dark web. They operate in an environment in which they know that borders are meaningless and the chances of apprehension and punishment are slim. While organizations work diligently to prevent cyber invasions, the criminals continue to choose where, when, and how to attack.
Companies’ cyber security teams have, to date, trailed behind the criminals in this digital arms race. It’s been nearly impossible to anticipate the nature, location, and type of threats they could be facing. As a result, companies usually begin response and remediation efforts after an attack – and the attack often is detected long after the fact. This has made it difficult for companies to establish “digital trust,” that is, providing security and ethics at each stage of the customer journey. Trust is the cornerstone of the digital economy. Without it, digital businesses cannot use and share the data that underpin their operations and they will find it difficult to grow, participate effectively in digital ecosystems, and establish competitive differentiation.
The good news is that there are signs that the balance of power is starting to swing in the direction of the cyber defenders. A combination of advances in areas including artificial intelligence, machine learning, chip-level processing, visualization, and better training and deployment of people is now helping savvy companies to gain the upper hand against cyber criminals.
Ultimately, enterprise defense teams will apply these advances to become cyber-enhanced, much like jet fighter pilots use artificial intelligence, cockpit automation, and the latest reality visualization technologies to elevate their reaction times and abilities to peak levels. When these advances are adopted, companies can better predict, detect, respond to, and remediate cyberattacks.
Identifying Patterns and Anticipating Attacks
Strong and effective real-time security involves rapidly recognizing and assessing behavioral patterns that are common to both known and unknown attacks. Once these patterns are identified, security systems must be able to rapidly normalize, validate, contextualize, and prioritize threats.
To accomplish this, security teams will need to employ innovative technologies, including the following:
- Artificial intelligence. Security will use artificial intelligence (AI) to understand the larger, run-time reality of malicious activities and anticipate subsequent movements. A security team, for example, may employ a pipeline of artificial intelligence, machine learning, and operational analytics to determine abnormal behavior associated with memory, file system, network telemetry, and application processes. This approach helps analysts to expose even never-before-seen indicators of a compromise.
- Automation. Working in tandem with AI, automation introduces new engagement models and gives defenders increasingly sophisticated ways to respond to attackers. These include the near-real-time manipulation of data to subtly change what adversaries see as they target an organization. Automation also can reduce the time the security team spends focusing on noise and non-essential threats. Other benefits of intelligent automation include the validation of and response to common activities, such as phishing attacks. Eventually, analysts will be able to use automated reasoning tools to monitor and even predict the progression of a cyberattack.
- Visualization. We anticipate that, by 2020, visualization of data will be a core element of enterprise cybersecurity strategy. Visualization harnesses the innate human ability to recognize patterns quickly and to pick out anomalies. This helps security teams to understand at a glance how contextually valid a threat is and which areas of the business it might affect. By shifting away from log and text interpretations and replacing them with visual comprehension, organizations can scale their ability to interpret security events. Like automation, visualization can be closely linked to AI, which supports the interpretation of patterns and behaviors that could represent risks. With enough “learning,” visualization can validate such patterns as actual threats.
- Big data and analytics. Security teams are finding that big data yields bigger results. The tapping of internal and external knowledge sources, from existing network telemetry and application-layer data streams to crowd-sourced threat streams, delivers valuable contextual relevance. To make the most of this expanded data set, however, security professionals need to be fluid, flexible, and agile in their interpretive analysis. One way to accomplish this is to embrace what we have called the “liquid workforce,” creating internal/external hybrid staffing models – including managed services – to apply the proper level of expertise across a continuum.
Putting it all Together
Security-focused executives need to understand the benefits of these technologies – AI, machine learning, streaming analytics, and advanced visualization techniques – and incorporate them into their planning processes if they are to survive and thrive in the digital age. An integrated approach that brings these technologies together can help turn cyber defenders into cyber hunters, actively engaged in anticipating and identifying problems before they become damaging breaches.
Companies also should look beyond internal resources when facing sophisticated new cyberattacks. They should tap into a larger ecosystem to gain additional and needed resources and expertise to augment their own teams and provide on-demand support. For example, companies can access chip-level processing technology and as-a-service security capabilities to augment their own internal defenses. They also can explore moving some data to cloud platforms, which typically employ the most up-to-date security measures.
Also, while investing in tools and technologies, companies should make a point to focus on one of their key resources – people. A fluid, agile, and flexible workforce can vastly amplify the opportunities presented by technology innovations. Today, companies cite a lack of skills and dedicated resources as a major obstacle to discovering and acting upon cyber security incidents and breaches. The liquid workforce model, using freelancers and crowdsourcing as well as internal talent, could be the answer to this problem. Successful companies likely will employ a core team of security people with high-powered skills augmented with crowdsourced and freelance labor to meet the demands of the digital business.
To achieve digital trust in the future, organizations must assess where they stand today. Then they should look for security challenges for which automated decisions make sense and identify areas where quick action could reduce the cost of security incidents and increase consumer confidence. When adopting innovations such as artificial intelligence, automation, visualization, and a liquid workforce, companies can strengthen their approach to cyber defense and empower cyber defenders to better anticipate and respond to cyberattacks, ultimately helping the organization to thrive in the rapidly evolving digital era.
Vikram Desai is responsible for leading Accenture Analytics’ global security agenda and driving the development of solutions that help clients across industries fight cyber threats. As a recognized senior business strategist with an entrepreneurial approach, Desai is leveraging artificial intelligence, machine learning, and advanced analytics to build solutions that address unique data center, network, application, and IoT security requirements. Desai has more than 25 years of analytics and security experience, with in-depth knowledge of the managed service space and special expertise in cybersecurity, data analytics, IT infrastructure, and application networking and communications.
Lisa O’Connor is an executive in the Accenture Security Practice, leading the Global Security Research and Development for Accenture Technology Labs. She joins the Lab from our consulting Financial Services North America, where she led our security efforts in Banking and Payments. She has over 26 years of information security experience, with over 16 years focused in financial services and over seven years as an active member of the Financial Services Sharing and Analysis Center (FS-ISAC) and the Financial Services Sector Coordinating Council.
Subscribe to Data Informed for the latest information and news on big data and analytics for the enterprise, plus get instant access to more than 20 eBooks.