Detection – The Best Defence Against Cyber-crime

By Saar Cohn 

In 2013 the US retail chain Target suffered a security breach; hackers managed to steal 40 million credit card numbers. In this breach, the hackers potentially gained $240 million, but the damage they caused is far bigger. Target’s breach was a turning point in the way that cyber-crime is perceived and today, everyone agrees that this is a business issue that keeps CEOs and boards awake at night. Cyber-crime will continue to grow – here are a few things you should know.

Parallel World – The damage caused by cyber-crime, is estimated at more than two trillion dollars a year. The cyber security industry is unable to properly deal with cyber criminals and stop them, mainly because they face a parallel industry, bigger and very successful which is being driven by the laws of supply and demand. This is not about individual hackers anymore, but sophisticated groups functioning in every respect as business firms. The cyber-crime industry is so advanced that there are specializations by professional areas and advanced trade platforms. This is a mirror image of the legitimate industry, only on a much larger scale.

Cyber-criminals can stay at home – The main cause for the prosperity of cyber-crime is the fact today almost everything is done online. In the past, to break into a bank you had to select a branch and break into it. Nowadays, a cyber thief doesn’t need to leave his room. He can hack into the bank’s data center and steal from all the branches. With regard to terrorism, if a terrorist hijacks an airplane, the damage is limited to one airplane, but a cyber-terrorist can breach the control tower’s control panel and cause significant damage in the entire airspace.

AI to the rescue – Nowadays, traditional information security systems still defend mostly the organization’s perimeter. In fact, about 80% of today’s security investments are made in solutions aimed at protecting the borders, looking for known patterns, and attempts to prevent a breach to the organization. The problem is that just as in breaking into physical structures, people who are determined will eventually succeed. Advanced cyber security systems must deal with the threat even after the organization has been breached. The way to achieve this is by recruiting Artificial Intelligence to the battle. Cyber security systems based machine learning identify legitimate digital behaviors compared criminal behavior of end users and computer systems, enabling effective treatment of any attackers who manage to penetrate the perimeter defenses of the organization.

United we stand, Divided we fall – One of the major problems today is that defense systems in the organization are actually separate products that don’t necessarily “talk” with each other. As a result there is no single integrative image, and although a number of systems can warn of the intrusion, the absence of synchronization makes it easy to miss a comprehensive attack image. In addition, every system generates alerts of its own, and in organization in which a large number of such systems are present, massive “background noise” is generated. The excess of information leads to a situation where it is easy to lose focus and be sidetracked by what looks like a problem, but in the meantime miss a real threat.

In conclusion – the damage and the profits in the cyber world are much larger than in the old world and thus they attract criminals and terror organizations. To fight cyber-crime effectively, organizations need to change their approach. Protecting the organization’s borders is a necessary but not sufficient condition to deal with cyber threats. Detection systems that assume that a breach can take place and detect such intrusions before they cause damage must be implemented. These systems should be focused on defending the organization’s most important assets and filter out the “information noise”.

Source: Alberta Council of Technologies Society