I must admit that when, on March 23, 2018 the e-Call (or ‘emergency call button’) was made mandatory in cars, I breathed a sigh of relief. In the event of an accident, the car automatically calls 112 (this can be activated manually) and sends data relating to the location, number of occupants of the vehicle, etc. By then, some cars already knew more about us than we did. That the vehicle is connected via telephone does not entail an extra cybersecurity risk, as one might initially think – come on, there is more risk when we leave it in the workshop and the mechanic connects to the switchboard with a computer that may have an outdated operating system, easily vulnerable to a third party, although we don’t consider this.
Imagination leads us to anticipate things that could possibly happen in the future… Have we done the same imaginative exercise regarding all the information that we have in our company, and without protection? After all, all companies have been connected for a long time – what is the result of someone accessing our computer system and having the formulation of our products, designs, the personal data of employees, customers, suppliers, at their disposal? Our financial information, or the configuration of all the robots on the production floor? And, above all, do we know the probability of that happening?
Artificial intelligence (AI) – in a broad sense, and without distinction between machine learning, deep learning or neural networks and, in some cases, simply the management of Big Data – undoubtedly makes it possible to make the best of imagined society a reality: autonomous vehicles, facial recognition that helps us identify people, language comprehension to generate voice assistants (which are becoming important when shopping), and image recognition used to identify objects, people, texts, scenes, activities and even emotions! In addition, the automatic analysis of data helps in medical diagnoses, for example, by having a capacity far superior to that of humans when performing repetitive actions continuously over time. In fact, all online platforms already make use of AI: think about how Google organises and presents results, on the most popular social networks and on sales platforms to personalise the shopping experience, which is nothing more than segmenting the target audience to design campaigns and exclusive messages for each client, based on their specific habits and preferences.
So that all of the above can continue growing at the rate of demand, cloud environments have become popular. Thus, most applications are no longer local and DevOps (operations development) joins the deployment of the Internet of Things (IoT) – or rather, a version specific for industry (IIoT) – in a proliferation of connected devices, from toys to household appliances, and all kinds of industrial sensors, and enabling technologies such as 5G (which increases communication speed and decreases latency). A consequence of this is that it increases exposure to cyber risks, and exposes organisations to third party risks by. In other words, it is no longer enough that we are protected ourselves, we have to also demand the protection of our strategic partners.
To respond to this need, a new concept is being implemented in software development, the so-called DevSecOs, which seeks to increase security from the beginning of programming, avoiding subsequent costs by identifying security flaws once the program approaches the final phases or even when it is already in operation. If we have concerns about software that has already been delivered to us, or if we have detected a vulnerability, a good option is to hire a source code audit service, or a Pentest – an intrusion test that is carried out both in a web version and in mobile apps, to detect any errors the program/software may have.
The need for cybersecurity
Thus, it is not surprising that cyber incidents have moved on the Allianz Risk Barometer from 15th position in 2013 to 1st position as the most important business risk in 2020, in countries as varied as Austria, Belgium, France, India, Malaysia, South Africa, South Korea, Sweden, Switzerland, the United Kingdom, the USA and Spain, and in sectors including aviation, financial services, government and public services, professional services, technology and telecommunications. The case of aviation is paradigmatic given its complexity, which covers practically all scenarios, and can be perfectly extrapolated to other sectors that are less reliant on cutting edge technology. In this talk as part of the XIII CCN-CERT Conference, Colonel D. Fernando Acero Martín, Director of Cyber-Defence in the Air Force, gives us a very clear idea of the issues and risks to which we are exposed.
In addition, the 15 Global Risk Report (2020) of the World Economic Forum similarly identifies cyberattacks as one of the most worrying potential scenarios, as we can see in the image:
This INCIBE impact level map in Spain corroborates the above:
A new way of understanding (cyber) security
Investment in artificial intelligence as a service – that is, applications that use AI to improve and facilitate their own activity – will increase from 1,520 million dollars in 2018 to 10,880 million in 2023, (a year-on-year growth rate of 48.2% during this period) according to MarketsandMarkets. This gives us an idea of how attractive that market will be as a target for cybercriminals. However, we cannot ignore that 95% of cybersecurity incidents are due to human errors, according to the IBM X-Force Threat Intelligence Index 2018 report, which indicates that we are a potential danger to our companies. A simple USB charging cable can cause a disaster in our company, and therefore, training and awareness is the first tool which we must adopt in our company to improve cybersecurity. The second is the updating of our protection technologies.
The contribution of artificial intelligence to cybersecurity
Although endpoint security technologies (computers, mobiles, printers, sensors, etc.) where security problems usually begin or accumulate do converge, we can find two different categories. On the one hand, we have endpoint protection platforms (EPPs) and on the other, end point detection and response (EDR) solutions. The first, EPP, provides us with comprehensive solutions that typically unify various preventive security functions, including antivirus, antimalware, personal firewall and data protection, in order to prevent devices from being affected by malicious code. However, as threats become more agile, this type of defence, which relies on a static library of known threats and a strong perimeter defence, becomes less effective. Thus, EDR solutions give visibility to what is happening on computers and offers the ability to detect, investigate and respond to malicious activities.
Gartner’s Magic Quadrant, one of the most respected reports in the cybersecurity consulting industry, selects the best tools for endpoint protection, including CrowdStrike, of which Sofistic, Cuatroochenta’s cybersecurity division, is the implementer. Among the benefits of Crowdstrike, Gartner has highlighted that its Falcon Complete service, compatible with all environments (physical, virtual and cloud) provides fully managed detection and response and commitment consulting for incident response, and also offers a guarantee of prevention of USD 1 million as standard.
If we want a complementary tool to an EDR we have to look at the so-called intrusion detection and prevention systems (IDPS) or network traffic analysis (NTA), especially at a time when the activity of many companies has increased, transferred or managed totally or partially from the cloud, without this amounting to an outsourcing or complete transfer of responsibility for its own security to the provider, who must take care of the security of the infrastructure (IaaS), including servers, networks, machines, virtual machines and containers, while the client is expected to manage the guest operating system, any application software and the configuration of native security controls, especially when the cloud provider may not be unique, being able to carry out multi-cloud implementations.
In this context, tools such as Darktrace, of which Sofistic is a Platinum partner (the highest consideration), and which has been developed on the basis of unsupervised machine learning and artificial intelligence, are vital, since they analyse data flows in and through SaaS (Software as a Service) applications and cloud workloads, learning the normal life pattern of each user, device and container. In addition, it has an antigen response module (emulating the human immune system) that uses AI to adopt specific and directed actions in response to high-confidence cyber-threats, stopping their spread in real time, including the possibility of viewing real-time threats, identifying anomalous activities in workloads and, due to Sofistic’s Platinum category, it can be linked to your Atlantis SOC, giving a full guarantee of protection.