The role of automation in staying on top of the evolving threat landscape
In this interview with Help Net Security, Dr Shreekant Thakkar, Chief Researcher, Secure Systems Research Centre at TII, talks about the ever evolving threat landscape and how automation could improve the way organizations detect and respond to attacks.
The modern cybersecurity threat landscape is evolving faster than ever, particularly threatening critical infrastructures. What is driving this trend?
As more physical systems get integrated into digital world and more digital edge devices connect to the cloud, security vulnerability will continue to increase dramatically.
Digital technology leaders estimate a 46 per cent increase in attacks on smart homes, enterprises and control systems connected to critical infrastructure as the global cyber threat landscape alters amid the ongoing coronavirus pandemic.
A spurt in deceptive attacks on critical infrastructure elements across the world, especially in Eastern Europe, where these attacks are growing in volume has also been recorded. The most attacked regions include North America, South Asia, and the Middle East – possibly due to their increasingly digitalized critical infrastructures. Interestingly, the quality of these attacks is also improving and becoming more sophisticated with each passing week.
According to the outcomes of the virtual Gartner Security & Risk Management Summit 2020, external risk is top of mind for security and risk leaders today. The pandemic and the increased reliance on digital meetings, for instance, created new threat vectors – and threat actors took advantage of the urgency and chaotic nature of the changes in working environments to leverage new tactics. Gartner has observed an increase in reports of coronavirus-related business email compromise (BEC) and phishing scams, including SMS phishing (“smishing”) and credential theft attacks.
Gartner also predicted that deploying agile security solutions to adjust to changing threats was the best way forward. The world’s leading advisory and research company also predicted that by end- 2023, more than 50 per cent of enterprises will have replaced older antivirus products with combined endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions
How does TII respond to this and what are the innovations aimed at detecting and preventing the risks?
At TII and the Secure Systems Research Centre (SSRC) in particular, we are building a global centre of excellence in the development of zero trust end-to-end security and resilience for cyber-physical and autonomous systems. We take a deliberately multi-disciplinary approach that allows us to combine domain knowledge with security and resilience technologies. As a result, we deliver breakthroughs in applied research that benefit society, support smart cities and boost economic development.
Given our mission, we are building a large, state-of-the-art autonomous drone and vehicle testing facility in Abu Dhabi. Scheduled to be fully operational by end of 2021, it will enable our team – as well as colleagues across TII – to develop and test new innovations.
The research is leading to improvements in system security by leveraging technologies such as for instance, machine learning (ML) and Virtualization.
We are also improving the resilience of smartphones, drones, and other cyber-physical and autonomous systems. This is achieved through using approaches such as mesh networks for resilience.
The work of our researchers at SSRC is focused on a cluster of key domains, from next-generation secure smartphones to autonomous drones. In Secure Smartphones, our key research areas include Secure Sleeves, Secure Thin Phones, and Secure Autonomous Systems.
In Secure Autonomous Computing, the work covers Secure Cloud-based Autonomous Systems, Secure Autonomous Robots (Edge, Fog, Ground Drones), Secure Flight Systems on Chips (SOCs) and Platforms. Likewise, having a secure platform is a must for users, including anyone using a smartphone or a computer. These are just a few areas of focus at present.
The human element is often a problem when it comes to cybersecurity, whether it is a lack of skills or just fatigue. How do you think automation could improve and simplify it?
Automation has always played a role in cybersecurity – for instance, consider basic antivirus software. The pandemic of course, served as a tipping point of sorts in accelerating its adoption. Verizon’s 2021 Data Breach Investigations Report highlights that 85 per cent of breaches in 2020 involved a human element. Phishing accounted for the majority of the breaches via social engineering, with cloud-based email servers becoming a target of choice.
In today’s highly sophisticated threat environment, automation is integral to our overall approach to cybersecurity. We must ensure that we are using automation, as well as machine learning and artificial intelligence, to simplify and accelerate our ability to respond to attacks because we simply have no room for human error anymore. Nor can automation in cybersecurity be an afterthought – today it needs to be a forethought!
Only by doing so, can we reduce the pressure and complexity involved in detecting and responding to attacks as our adversaries become more innovative.
When these adversaries can scale their resources simply, exponentially and inexpensively by adding more computing power, clearly the solution is not adding human resources.
Do you think automation is the best way to stay on top of growing cyber risks?
Automation is a no-brainer when it comes to staying on top of cyber risks in the 21st century threat landscape.
Some questions we need to ask however, with regard to automation include:
- Is the organization using automation to correlate data?
- Does it have the technology foundation to ensure that the data is complete and current – from every possible source, including endpoints, networks and multiple clouds (public, private and hybrid), as well as all mobile devices, including those related to the Internet of Things?
Automation and Al-enabled cybersecurity tools allow Security Operations Centres to respond faster to attacks with deeper insights, enabling the organization to reduce risks by keeping pace with the volume and sophistication of today’s advanced threats.
The world is also evolving digitally. What do you think the future threat landscape will look like and how ready are we for it?
According to a recent PwC report on the cyber-threat landscape, 64 per cent of the CISOs and CIOs surveyed expect a jump in reportable ransomware and software supply chain incidents in H2 2021.
Clearly, a spike is coming given our ever-growing reliance on digitalization. The same report notes that mobile and internet-of-things technologies along with the cloud are expected to be the fastest-growing threat vectors. Many CISOs and CIOs (29%) expect coordinated, organized nation-state attacks to surge this year. Cybercriminals edge out nation states as top threat actors among 31 per cent of respondents.
We need to sharpen our threat modelling capabilities with creativity and imagination. Effective threat modeling doesn’t happen just once, and it shouldn’t focus only on known methods of attack.
We also need to assess cyber-threats often and build resilience one step at a time. Above all, we need a concerted approach – fragmented infrastructures are likely to collapse at the first sign of a threat.
