The threat of cyberattacks continues to grow. Now it is a case of when, not if your business will be attacked. Over the last two years, approximately 80 percent of large organizations have suffered some form of data breach and others have fallen victim to other incidents such as distributed denial of service attacks.
As the security risks they face have evolved, enterprise security has had to come of age very rapidly. For some time, effective security involved creating a haven – by establishing a firewall around a business and ensuring that up-to-date anti-virus software was in place to protect everything that was allowed in. The profile of the threats is changing however. Enterprises are increasingly adopting cloud and Internet of Things-based technologies to enhance their productivity – and when control of these things falls into the wrong hands, it can be weaponized. Many high-profile businesses such as Twitter and Spotify recently found this out, to their cost, when they were taken offline by a DDoS strike that was mainly notable because it was launched, not from a traditional botnet of hijacked PCs, but rather from many internet-connected devices – such as smart TVs and other connected devices.
There’s also the threat from the cybercriminals who combine social engineering and technology to access sensitive corporate intellectual property or financial data – it just takes a single employee in a company’s finance department to mistakenly open an email attachment that looks like an invoice to ensure that an infection takes hold. Faked documents contain macros that then download self-installing programs, and these in turn manipulate the host computer to capture anything that looks even mildly interesting, for example, targeting bank account logins and harvesting data such as names that can later be used for phishing attacks.
The cost of failure to secure a business is also getting higher. New legislation, a European Union Cyber Directive, will come into force by 2018 that will require all businesses to report a security breach within 24-36 hours. That means not only probable damage to an enterprise’s public image, but also severe financial penalties if a breach is not managed effectively. As enterprises are increasingly entrusted with private data, the implications of leaks are potentially huge and wide-ranging. And it isn’t just the individuals whose data is stolen who lose out – businesses can be huge losers too. Consider that Verizon asked for a one billion dollar discount for its acquisition of Yahoo after the latter’s privacy issues became public.
If we can’t keep the attacks out of enterprises, how do we combat them?
At Fujitsu, we are taking an intelligence-led security approach to resisting or mitigating attacks. Rather than waiting for an alert or breach, we are actively monitoring to identify potential risks before they can do any harm. Since attacks can happen at any time, it is important to identify attacks as they appear, in real time. We do this by taking a holistic view across the internet, monitoring all the traffic inside and outside of the enterprise, 24 x 7.
Of course, no security expert can do this, no matter how skilled. In fact, with the level of attacks we see today, the reality is that we may already have reached the limit of what humans can achieve in terms of cyberdefense. That’s why we are leveraging the ability of Artificial Intelligence (AI) to analyze these huge amounts of complex data with speed and accuracy. By identifying behavior patterns in unstructured data, we can identify possible threats. We just need to ask the system to examine four parameters for all the traffic that enters or leaves a business: Its source, destination, port number and location. With our guidance, AI machine learning has established what familiar patterns look like and can recognize normal traffic. Therefore, when it encounters data packets that fall outside of these normal patterns, it immediately flags the anomalies. This machine learning is cumulative – so it keeps on improving. Early in the training cycle, these systems raise a lot of false alarms, but over time they get better and better at identifying true threats.
This enables us to take a far more proactive approach to threat monitoring, and Fujitsu is now starting to undertake this also for customers. Now, once a threat is identified, we can immediately assist or instruct our customers on how to act, and what to prioritize. For example, if our AI system identifies a Trojan threat to a customer business exploiting a known software vulnerability, we can immediately identify and patch machines that have a compromised version of software.
Threats can’t be avoided but we can monitor and be more proactive in minimizing the risk they present. And with the continued operation of businesses at stake, you would have to be out of your natural intelligence not to deploy artificial intelligence to reduce the threat of cyberattacks.