Authored by: Venkat Krishnamurthy, VP Product Management, OmniSci
The onslaught of COVID-19 has forced organisations across the region to cope with emerging threats in various environments. This was increasingly defined by challenges such as government regulations, societal perceptions and new practices such as social distancing and remote working.
Intrusion has easily become the most common risk to network security—frequently taking the form of a brute force attack, denial of service, or even an infiltration from within a network. Cyber crime has undoubtedly become of paramount concern, especially with work-from-home becoming the default setup in the new normal.
The region, as is the case globally, has been seeing a mounting number of phishing and ransomware attacks, which have been using COVID-19 as a hook. According to the Thales Group's 2020 Data Threat Report - Asia Pacific (APAC), 45 per cent of executives in the region have experienced either a breach or compliance audit failure in 2020. Adversaries have increasingly taken advantage of vulnerabilities in employees' personal devices, which do not have the built-in cyber security in office systems.
Conventionally, organisations have Intrusion Detection System (IDS) or Host-Based Intrusion Detection System (HIDS) installed to prevent data breaches from affecting the organisation. The installed IDS or HIDS systems are then able to monitor network traffic for suspicious activities and these systems issue alerts or take pre-defined actions in the case of identified issues. These systems, however, have often been designed with a reactive approach in mind, relying on threat signature updates that allow the systems to detect and deter emerging strains of malware or the more common intrusion attacks.
In fact, there are many commercial offerings and open-source tools that can spot anomalies in firewall traffic based on some static rules, or so-called signatures. These signatures are constructed and updated multiple times a day, so that they can have the capability to detect known anomalies or unusual traffic patterns.
However, a rule-based system can detect only known anomalies, and as it is known from past behaviours, the attack patterns change and evolve, and new patterns can appear. As many security point solutions are able to only store a few days' or weeks' worth of data, attacks on the system would have been weeks or months old already by the time they are discovered, in which time countless users would have fallen victim.
The Future of Cyber Threat Intelligence
The frequency and impact of cyber attacks in the region—especially now in the new normal—makes it clear that businesses will need a renewed approach to cyber security, with many traditional approaches to cyber security rendered ineffective by the continuously evolving nature of modern cyber threats. In this case, a rule-based system, which is incapable of detecting altered attacks, may no longer work. And this is where intelligent machine learning-based systems could provide organisations in the region with the competitive advantage to move forward.
Perhaps the most important aspect of any analytics platform is how quickly one can explore and mine the data with an interactive experience and speed-of-thought visualisation. Speed and scale are contingent in any effective cyber security solution. This is exactly where machine learning (ML), coupled with analytics, is able to add a significant advantage to enterprise security, allowing cyber security teams to identify security anomalies far more quickly than any human team can, and also on a real-time, always-on basis.
Innovative solutions allow analysts and data scientists to interact with conventional charts and data tables, as well as massive-scale scatter plots and geo charts—which not only reduces the time to insights, but dramatically expands a security analyst's ability to find previously hidden correlations as they can quickly visualise and analyse datasets.
Beyond recognising the cyber threats, cyber security authorities and business leaders across the Asia Pacific region need to realise that traditional cyber security technologies are no longer effective as we soldier on beyond the new normal. We should consider an approach that puts cyber security with analytics and ML at the core of enterprise security strategies.
In today's volatile threat landscape, a machine-learning-augmented effort might just be the most effective option for Asia Pacific organisations seeking to boost their digital defences, succeeding where past traditional approaches to cyber security have failed.