Insights from Experts: Kaspersky on AI and Cybersecurity for the EnterpriseBy Ryan Noik 19 January 2021 | Categories: sponsored content
With a new year beginning, it’s likely that many enterprises are hoping to get the year started on the right foot. Whether beginning, or continuing their recovery from a tumultuous year, a viable way to do so is by paying attention to one’s cybersecurity from the outset, with a particular emphasis on using emerging technologies like AI and machine learning to stave off threats.
2020 showed all businesses and individuals alike the havoc that unforeseen threats can pose. The parallel between the biological virus that characterized the tribulations of 2020, and the myriad of cyberthreats that characterize living in a digital era are clear. Both can come seemingly out of nowhere and multiply over time, doing more damage the longer they are allowed to run unchecked.
The value of being forewarned
A lesson that enterprises can take from the pandemic and apply to their cybersecurity is that being well prepared for disaster is crucial. Much like nations that acted quickly and decisively, leveraging science to their advantage, had the fastest recoveries and were best prepared to head off surges, similarly, those enterprises that are alert to the threats lurking on the cybersecurity landscape and are well prepared for them will likely fare far better than those that continue to hope it won’t happen to them.
Sounds simple enough, right? In fact, it becomes much more complicated the larger an organization is, explained Lehan van den Heever, the cybersecurity advisor at Kaspersky.
Firstly, today’s CIOs and Chief Information Security Officers (CISO), must stay ahead of attackers who can and do pose significant risk to their intellectual property, financial wellbeing, or reputation. These same attackers are using AI and machine learning to their advantage. In the enterprise space, unfortunately simply buying the best AI infused cybersecurity solution is not a simple matter.
“CISOs have had to become very good at providing evidence of why the selected solutions are of necessity, as the larger an organization the more expensive deploying that solution becomes,” he noted.
As well, procurement of security solutions is accompanied by rigorous testing, case studies and proof of return of investment. Furthermore, then entirety of the business has to be aligned with the security strategy as well, from their governance to the risk management arenas of the organisation.
This is in contrast to attackers, who can and will use every tool available at their disposal without much friction. “This alone necessitates that organisations have to at least have the same kinds of capabilities to defend against advanced attacks,” continued van den Heever.
Remote working complications
That would be enough for organisations to contend with – but cybersecurity concerns are further exacerbated by the prevalence of remote working. Indeed, the capacity to embrace remote working during the pandemic was a lifeline for many businesses during the pandemic but all indications are the even in a post pandemic world, remote working is here to stay. According to a recent study by Forrester and Dell Technologies, many organizations have been rethinking their workplace policies.
The study found that two-thirds (67%) of decision makers intend to extend remote working arrangements for some employees even after the pandemic, while 57% said they are introducing more flexible work-from-home policies for all of their employees.
Another study from Microsoft and Boston Consulting Group found that almost nine out of ten leaders at large enterprises in South Africa expect they will adopt a more hybrid way of working permanently.
Awareness is key
The problem with this from a cybersecurity point of view is that CISOs need to urgently address cybersecurity awareness amongst the company’s workers, explains van den Heever. “Without it, enterprises could find themselves sitting with very weak links in their cybersecurity all over the country. Furthermore, they also need to be cognizant of the fact that most office workers didn’t need to think about cybersecurity before remote working as there was a dedicated team to handle that for them,” he elaborates.
With remote working, Bring your Own Device (to work) has become Take Your Own Office (home) – and with it the vulnerabilities associated with working online.
Exposing enterprise threats
The burning question becomes – what vulnerabilities exactly should enterprises be most alert to? Van den Heever notes that the first is increasingly sophisticated phishing attempts that have leveraged machine learning and that are more successfully mimicking genuine communication.
The second is Advanced Persistent Attack (APT) software that has gone mainstream and that is being used to create malware that is more difficult to detect.
“It used to be that you would only see APT attacks now and again, aimed at large targets. Once they were discovered by cybersecurity companies they lost their ‘wow’ factor but those tools get sold off on the darkweb to other hackers or malware writers,” explained van den Heever.
“We are starting to see the malware that was detectable by normal anti-malware solutions with 95% proficiency drop and, in their stead, more APT type attacks creeping in, with attackers using APT software to deploy regular attacks, mainly for financial gain,” he continued.
Another attack trend, particularly in line with the rise of remote working, is the dramatic increase of attacks on Remote Desktop Protocols. A recent report from Kaspersky reported a 242% growth of brute force attacks on remote desktop protocols (RDP) globally compared to the previous year, with a whopping 1.7 million unique malicious files disguised as apps for corporate communication making an appearance.
Furthermore, the number of brute force attacks on remote desktop protocols grew by 220% in South Africa. These findings reflect how attackers are putting their efforts into targeting users that work from home. The reason given for the rapid rise in these types of attacks was directly attributed to the need to move employees to working from home in a short space of time – which opened up new vulnerabilities that cybercriminals were quick to target.
The fourth, and final attack that enterprises may need to be alert to in the next couple of years is the potential for entire AI bots on one’s network that could impersonate employees, logging on and off, sending emails, spoofing the environment, and learning all they can about a company for nefarious reasons. “It is going to become very difficult to tell real employees from bots that pretend to be real people,” warned van den Heever.
Help at hand
All these threats make it quite clear that enterprises do, and will, need AI infused cybersecurity assistance now and in the near future.
While inculcating cybersecurity awareness in employees is half of the battle – to truly win the war, individuals in organisations and enterprises at large need to know how to respond.
In the video below (at the 19.50 minute mark) van den Heever offers a comprehensive guide to what workers and organisations can do and should do if they suspect that a breach has occurred.
If you watch nothing else of the video, then definitely give that a listen to. Following the advice offered could certainly make a big difference between an attacker allowed to rampage through one’s network unabated, or being stopped in their tracks. And, as the pandemic showed, being able to stop an attack earlier rather than later can make all the difference in the world.
You can watch the full video interview with Lehan van den Heever below, or jump to the timecodes below for the topics that most interest you.
As well, you can also give the first interview with Lehan a read here, and take a look at that video interview, which addresses cybersecurity and AI's impact on small businesses and cyberskills amongst other pertinent issues.
Pressing concerns faced by CISOs – 3.02
Emerging threats to watch out for – 9.00
5G connectivity and increasing threats – 12.35
AI, Bots and the new frontier – 14.25
The power of Threat intelligence – 16.50
What to do when security is breached – 19.50
When to call for help – 23.03
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?