How can organizations fight a non-human hacker?

Cyber security has a major problem: In the current cyber arms race, it takes far more resources to defend against a cyber-attack than it does to create one. The problem with the arms race narrative is the series of dangerous questions that follow suit:

  • Will hackers always have the upper hand?
  • Are they capable of developing automated offense technologies?
  • How far are we from a machine vs. machine reality?

In the context of this ‘brave new world’, machine-to-machine cyber warfare is a mounting offensive threat, one which calls for a leap in security innovation.

Why the need for security automation?

A recent McAfee report survey polled over 300 senior security executives, and 650 public sector security professionals. The survey  found that 46% of respondents believe in the following year they’ll struggle to deal with the increase in threats, or that it will be impossible to defend against them.

With the explosion of apps, devices and users, on one hand, and the growing skills shortage on the other, the move to security automation seems inevitable. The extraordinary rate of automatically generated data just compounds the challenge.  Inevitably, organizations are waking up to a reality where security automation is key to protecting large volumes of sensitive data, particularly within critical infrastructures.

Complexity is further fueling automation, as many organizations deploy multiple standalone security products for different threats, and then struggle to collaborate between each point of protection.

Unfortunately, attackers are catching on, and are not going to be easily outwitted.

Attackers, particularly the sophisticated ones that are backed by governments and organized crime, are equally aware of the need to transition to automation. With the right resources, they too will develop their own innovative stack of automated offensive tools.

The cost of machine automation in the hands of hackers

  • Attackers can learn and improve on existing technologies: Machine automation can empower hackers with the ability to scale out attacks beyond human dimensions. With each development in cyber security, comes a reality where attackers, can learn, copy and even improve on defensive technology.
  • Automation is key to affordability: Worse still, automated warfare can make cyber-attacks more affordable. An attacker can use automation to perform tasks that would be impossible to accomplish manually, given the amount of data and capacity needed to achieve at scale.

To effectively compete against next generation attacks, there is a need to fight automation with automation. So, unless you have DC or Marvel alternative to cyber Hulk, cyber Thor, or cyber Ironman, the move to security automation is inevitable,

The future of machine vs. machine

Security teams are increasingly anxious about a new automated threatscape; in the McAfee survey, 81 per cent claimed that their organization’s cybersecurity would be safer if it implemented greater automation, and a quarter said that automation frees up time to focus on innovation and value- added work.

The evolution of hacker attack automation is spiraling so rapidly, that the only way to counter the trend is to develop more auto-security solutions. Solutions that proactively identify potential threats and mitigate them before it’s too late.

By putting machine automation to practice, security teams will have their time freed up to discover unknown security gaps and proactively and immediately address prioritized remediation issues.

In sum; just as cyber technology leaders are fiercely determined to develop and deploy innovative security technology so to, sophisticated hackers are continually on the hunt for improved technologies and strategies. In this two-sided arms race, where attacks are becoming the norm, hackers have the edge. They have access to similar if not more advanced technologies than their counterparts. The growing threats demand a more proactive approach to automation.  The concept of always proactive, and preemptive 24×7, could be the most significant change in stopping attacks before they even occur.

To find out more about machine vs. machine trends and technologies, come see XM Cyber’s VP Product, Adi Ashkenazy present at RSA Singapore, at the AI seminar 12.20pm, July 25.  For more