A number of articles have been published recently predicting that the largest cyberattack in history is destined to happen soon, one of the main underlying factors behind this assertion is the overnight explosion of the enterprise attack surface and large increase in noted hacks that we’ve witnessed during the COVID-19 Pandemic.
As an example, a recent Forbes article by Stephen McBride claims that, “The Largest Cyberattack In History Could Happen Within Six Months.” Although it is entirely possible and even potentially probable that the largest cyber security breach in history is right around the corner, it is also entirely avoidable. Solutions to protect networks in the changing enterprise cyber landscape we are witnessing due to events like COVID-19 do exist, but they are not your typical legacy tools utilizing “AI” that is based on human labeling or Supervised Learning Algorithms which most companies are relying on for their cybersecurity now.
According to McBride, switching to remote work, with employees now sharing computers with their loved ones, who are using them for everything from zoom get-togethers to school work, on such a massive scale has caused the attack surface to grow by an astounding 500 percent, virtually overnight. Before the pandemic, remote employees would have specially secured laptops and other devices, but it has been impossible, due to the quick transition, to effectively secure corporate devices now that the vast majority of employees are working from home.
As a result, hacking, phishing and ransomware attempts have increased substantially since the start COVID-19. This is due to more entry points for hackers than ever before because of our remote work situation.
How do we protect ourselves?
With an overwhelming shortage of cybersecurity talent in the market before the pandemic struck, it’s completely infeasible to believe that hiring out of this situation is an option. Luckily the advent of solutions utilizing advanced AI may be the cure we need.
The word AI tends to scare people off due to overuse and under-delivery, but by finding and using valuable and effective artificial intelligence based cybersecurity solutions that don’t add to the workload of your already overworked SOC team, but instead automate and increase efficiency, enterprises can solve this problem. AI is the only viable solution to the potential “D-Day” style attack we’re facing in the near future.
What about the tools we already have like Endpoint? Will they help protect us from such an attack?
Traditional cybersecurity systems are based on signatures. If you assume that any computer with endpoint software installed on it has a probability of failure, suddenly that probability is massively increased by an order of magnitude because it is enough for just one computer to become a host for the whole company’s network to potentially get compromised.
Endpoint protection is not enough and is futile in this current context because now the probability that the network is going to get infected is much higher.
When we are not working remotely the situation is very different because everyone is in a sort-of envelope, but now everyone is out and their network habits are completely different than before, with much higher rates of online shopping and visiting malicious sites pertaining to COVID-19.
Watching the wire
In some sense the only solution to the coming attack, because it’s just a game of probabilities, is to gain an understanding of all network traffic or what is being sent and received over the wire and monitor for abnormalities.
For example, if an IP has behaved oddly on the inbound side, maybe moved laterally in a strange way and then exported something out, and if that’s usually not what that user should be doing, you could take a look and find traces of these actions on the wire, but not on the endpoint.
There is no reason to diminish the importance of endpoint solutions, you still want to protect and monitor endpoints as much as you can, but in this situation because of the fast and overwhelming growth of the attack surface users need an additional solution which monitors the interaction on the network. The probability that one of your computers will get infected and gain access to the rest of the network increased exponentially along with the attack surface, leaving enterprises more vulnerable than ever before.
It’s easy to come to the conclusion that we will be seeing an event of great magnitude very soon in the cybersecurity sphere. When is anybody’s guess, but there are things we can do to prevent and mitigate it when it happens. It’s almost like with the pandemic, if a local government does a great job of shutting things down, keeping people indoors, and implements contact tracing the pandemic is not going to spread as quickly and do as much damage. Like that same local government, your security team can do things now to prevent and contain a coming attack, for example implementing an AI based solution to monitor and trace potential weak points in your network and identify attacks in real time.
Will we see the biggest hack ever soon?
I believe it is probable that we will see a serious, potentially catastrophic attack in the next six months, but if enterprises are proactive about implementing these types of technologies, and employing Unsupervised or Self-Supervised AI based cybersecurity systems, we would see a drastic decrease in the probability of this big attack.
Endpoint protection may no longer be enough with more people doing online shopping and visiting malicious sites related to COVID-19. #security #respectdata
Click to Tweet
The idea is really contact detection and prevention. If one computer gets breached or infected we want to keep it from infecting the whole network. A team of cybersecurity professionals who has to sift through thousands of false positive alerts might spend hours or even days trying to find a breach when alerted, and every second that passes means the network becomes more and more infected, whereas an advanced AI system can monitor the network, sift through alerts, and surface a potentially deadly attack in seconds. If we’re going to stop the largest cyber attack of all time before it does catastrophic damage, we need to be armed with the most intelligent and advanced tools possible.