“Who are the cybercriminals?
Why are they interested in a particular target?
What do they want?
Are they ready to launch an attack?
How are they going to be potentially launching the attack?”
These five questions are what cyber intelligence solutions are trying to find the answers to today. Data collected for cyber intelligence from various sources can provide some basis in determining the algorithms needed for having a strong cyber intelligence tool to protect businesses.
Predictive intelligence creates an experience that is unique to one particular organisation or individual by monitoring behaviour or data and building a profile of their specific preferences. This data profile is then used to predict what customers will want next.
DeCYFIR is a cloud-based threat discovery and cyber intelligence platform by Cyfirma. It uses AI and ML capabilities that are made of mathematical modules to discover, analyse, correlate and find the deepest insights from noisy data. You can read more about DeCYFIR here.
According to Kumar Ritesh, President and Co-Founder of Cyfirma, DeCYFIR looks at risk profiling of industries by looking at the types of asset they’re using and their outreach. From here, they look at different metrics to find out if they can match them with their data from the five questions above and see if it can relate or have any impact on the particular business.
“The core of all these is to look at the data quality and the type of algorithms being applied to the problem. DeCYFIR is a platform that is structured in four different layers – data collection, data analysis, data dissemination and the data visualisation layer. We apply different types of algorithms and analytics to different layers”.
DeCYFIR is the only platform in the market that connects the dots between hackers, motivation, and campaigns so that cyber threats are attributed with full contextual details. The platform’s insights are always customised for individual client, ensuring full relevancy. The predictive capability provides early warnings so that clients are alerted to impending attacks. DeCYFIR’s multi-layered intelligence capability refers to tactical, management and strategic intelligence that serves to inform security teams and leaders across the organisation.
There are two key methods in which DeCYFIR bases its calculations for risk and hackability. The first method is that the platform tabulates the organisation’s external risk score by taking into consideration many elements, including leaked data, observations from the dark web, vulnerabilities discovered, incidents and breaches. The proprietary algorithms are then applied to turn data into insights which are mapped against the client’s geography, industry and technology.
In the second method, DeCYFIR determines an organisation’s hackability score. To calculate this, DeCYFIR uses several elements that will tell the likelihood of the client being hacked. The elements analysed are similar to the ones used to calculate external risk score, but it also looks at the severity of incidents and weaknesses in systems and applications. By applying various weighing and prioritisation formula, DeCYFIR then derives hackability scores for clients. The platform also provides a trend analysis of the score so that clients know how their cybersecurity postures have changed over time.
Now, while using AI to check data for irregularities can speed up the whole process, one might wonder about the false positives that can occur from this. Interestingly, Kumar said that the way DeCYFIR is built to focus on evidence-based intelligence. Without evidence, DeCYFIR will not raise any concerns to the client.
“Unless we have evidence on how a cyber attack is going to take place, unless we can find the answers to the five questions above, we will not go back and present them to our clients. Our predictive intelligence plays an important role. Unless we are in a position to predict what can happen to our customer with our data sets, we won’t go back to them”.
At the same time, Kumar mentioned that they have seen a huge uptake in different parties being involved especially in state-sponsored hacking. This includes geopolitical supremacy and new nations from this region who have figured out how to drive their agenda or make money in cyber warfare. From a trend perspective with DeCYFIR, there is an almost 600% increase in cyber attacks globally.
In APAC, there are lots of small organisations with lots of data. However, Kumar said that the awareness of cybersecurity is not significant here. Unfortunately, this creates a bigger attack surface for cybercriminals because they are seeing this as an opportunity. They can literally go behind some of the new and small companies and cause a bigger disruption compared to a government organisation. Add that to the increasing numbers of connected devices, Kumar insists that cybersecurity needs to be taken seriously in this part of the world.
“Cyfirma wants to go out to the market and drive the awareness on why predictive intelligence is very important compared to looking at something reactive. We have started to see the change. Our customers understand that change is needed. The smarter organisations are looking to an intelligence-driven approach compared to cyber posture management”.