How organisations deal with complex cyber attacks
Increasingly sophisticated cyber-attacks mean businesses need innovative ways of handling advanced threats
Where the organisation is concerned, the CISO must learn the language of the boardroom (risk) and earn their seat there. This must happen for funding to flow and for security to align to the business; the c-suite must care about security as much as they do about other forms of risk, like operational, legal and financial risk.
Finally, the practice of security needs to be more agile with a focus on metrics that value most highly the carbon-based intelligence and wisdom and maximise its use in a company. "Automation isn't going to be an AI that just 'does security for you' but it can make the lives of practitioners better and faster and quicker to adapt," adds Curry.
Complex attacks require careful analysis
The increasing intricacy of cyber-attacks has increasingly led companies towards using predictive security -- and human analytics plays a large part in this.
"Cyber criminals are smart people and should be countered by equally knowledgeable analytics teams that seek to understand the complexity of threats and how to combat them, to listen to the chatter and use that to move away from being reactive," says Rory Duncan, head of security at Dimension Data. "The ability to deconstruct and reconstruct attacks to identify what has happened in breaches, before and after attacks, is vital."
Complex cyber-attacks are run by humans and attempt to deploy psychological techniques in tandem with technology, which is why knowledge of vulnerabilities and being able to anticipate them is key for setting up a proper defence.
"One example is the protection of emails going to HR and accounts specifically, because they're constantly required to open attached job applications and invoices respectively, from people they don't know. Attackers are well aware of this, so specifically target HR and accounts. Common sense beats machine learning in this area," says Wieland Alge, VP and GM for Barracuda.
The role of artificial intelligence
AI can provide notable cyber-security advantages compared to a human being's ability to combat threats.
"AI could also be valuable for developing solutions for a range of industries, harnessed in such a way that it understands user and network behaviour, comprehends business context through self-learning over time, and reacts to any deviations from the norm in real-time," says Tristan Liverpool, director of systems engineering at F5 Networks.
Machine learning shortens the time it takes to spot something strange happening on a network, but it can't tell you exactly what's wrong, according to Gary Evans, CTO at Reliance.
"You need good people to dig deeper and understand if it's a real threat or not. Spotting the anomalies are difficult for people thanks to the vast quantities of data and events organisations typically produce, this is where ML really excels. But we absolutely still need skilled analysts to investigate and quantify the anomalies," he says.
Main image credit: Bigstock
Defending against malware attacks starts here
The ultimate guide to building your malware defence strategy
Free Download
The essential guide to preventing ransomware attacks
Vital tips and guidelines to protect your business using ZTNA and SSE
Free Download
