For SMB owners, reading about massive cyberattacks might seem like a faraway misfortune for international enterprise companies.
Now, the tit-for-tat cybercrime war pits increasingly sophisticated malicious actors against businesses of all sizes.
Attacks now involve smaller companies, SMBs, solo professionals, professional practices, and remote knowledge workers.
In this guide you will learn about:
- Automated technologies used in cyberattacks
- Automated cyber-defense technologies and processes
- Automated defense technologies and solutions
- Advanced cyberdefense capabilities
- Engaging a third-party managed security services provider
To jump on security pros, cyber attackers use every tool they can lay their hands on. These include automated tools, machine learning, and robotic process automation (RPA).
No matter how modest their operations might be, all business operators ought to recognize cyberattacks and the risks that these exploits create.
Even basic awareness of network traffic patterns and behavior can add to security defenses and reduce the attack risk.
This guide is designed for solo professionals, remote corporate workers, and members of professional practices—people who run modest networks, often with modest security budgets.
It describes cyberattack trends and the defense measures that can reduce or avoid the damage these exploits cause.
Do you think about DIY cybersecurity measures? Or perhaps, handing off cybersecurity duties to a third-party managed security services provider (MSSP)?
If so, the detailed descriptions in this guide should help you understand what you are buying—or risking.
Several years ago, cyberattacks enabled by malware named WannaCry and NotPetya captured the attention of cybercrime watchers everywhere.
Designing and installing advanced cyber security strategies to combat these threats became the need of the hour. Why? Times and cybercrime were changing:
For years, cybercriminals have tweaked malware so that security software can’t discover it or identify it as malicious.
Large-scale threat intelligence efforts were launched to spot every variation of known malware and put copies of it into databases so that each instance could be identified and neutralized.
But identifying millions of bits of malware is difficult, especially when they are deliberately disguised. Increasingly, security pros started using machine learning to stop familiar and new, unknown types of malware.
Knowing an effective tool when they see one, cybercriminals started using machine learning, too. Unfortunately, they adapt and deliver software that is more adaptable and sophisticated than that of legitimate developers.
Now, the bad guys developed machine learning-enabled attacks and are using them against businesses and government agencies.
The use of automation and related technologies are familiar exploits. But this is old news. What makes automated cybercrime riskier for smaller-scale business operations?
A Europol report warns that artificial intelligence (AI) and other forms of automation could make cyberattacks more dangerous and difficult to spot.
For example, machine learning-based malware can automatically send phishing email messages to learn what language works best in cyberattacks and how to design attacks for specific types of targets.
Modern cyberattacks use several types of automation: robotic process automation, artificial intelligence, and machine learning, a specific subset of AI.
Each contributes its capabilities to finding, organizing, analyzing, and distributing huge volumes of data at lightning speeds.
This is a process in which software intelligently automates (outsources) boring, repetitive tasks—typically performed by humans—to mechanical devices or other software programs.
RPA is important because it can delegate manual, boring tasks to bots, which can perform them without humans having to monitor or control them.
RPA role in automated cybercrime. Outsourcing tasks to non-human workers saves enormous amounts of time and money and enables many tasks humans cannot perform. (Example: Scanning 1.2 million instances of malware in a threat intelligence database.)
However, the convenience that RPA provides encourages a “set it and forget it” mentality and all its security risks.
Bots often get access to sensitive network data and systems. RPA bots use privileged access to perform tasks, moving data between systems and processes.
RPA bots provide a handy pipeline to an organization’s data when exploited. Because RPA bots need access to different applications to handle data, access credentials are often hard-coded into scripts or pulled in from insecure locations.
These worst practices are common sources of illegal entry into networks and data stores.
Machine learning is the umbrella term for the ability of computers to adapt, learn, and respond to changes in the environment without being specifically programmed for specific tasks.
In modern cybercrime, machine learning takes center stage with machine learning-enabled attacks (MLEA). By using machine learning, hackers can automate some or all steps in the data breach process, including:
The security trade press notes these MLEA-related trends and predictions:
Cybercriminals now use AI to scale up their social engineering attacks and make them more efficient. Some forward-looking hackers also use AI to identify new weaknesses in networks, devices, and applications as they emerge.
By rapidly identifying opportunities for human hackers, keeping information secure is made much tougher. Real-time monitoring of all network access and activity combined with frequent, consistent patching is vital to combat these emerging threats.
The cloud isn’t an attack technology but provides a new and fertile IT environment where automated cyberattacks occur with greater and greater frequency.
Small-office business operators often assume that compromised cloud services create less disruption than more traditional on-premises services do.
This mistake can lead administrators and IT ops teams to cut corners when secure cloud infrastructure is concerned.
There’s also a naïve belief that hosted service providers take responsibility for the security of client data.
Cloud-hosted services still require ongoing monitoring, risk management, backups, upgrades, and maintenance as traditional IT infrastructures do.
If it’s been a while since you reviewed your cloud resource security, now is a good time. Attacks are now so highly automated that significant damage can be done in little time.
This applies to attack targets and collateral damage (compromised servers are used to stage further attacks).
So, what forms do automated cyberattacks take? Researchers studied underground cyber economies and listed 10 of the most common automation services hackers use. Most of these tools and services are part of active hacking campaigns.
Or they are traded in dark web forums. Why automate? It’s the simplest, fastest, most efficient way to launch more attacks and generate larger amounts of profit.
Hackers who distribute stolen databases often use automation to choose and offer the most valuable data (email addresses, payment card data, passwords, and other personal information.
But, as threat actors use automation to scale their efforts, network security defense teams are not sitting on their hands. They are using a similar approach and many of the same automated tools as the criminals.
Increasingly powerful; cyber-defense measures can help organizations avoid or reduce the damage of cyberattacks. And automated tools and solutions can make cyber-defense measures more efficient and effective.
Automation provides impressive defense capabilities to IT security professionals everywhere.
It’s safe to say that high-end hackers have gone corporate. With their research budgets, 21st-century cyber-thieves constantly improve their products. Malicious software and processes are stealthier, smarter, and more able to cripple IT infrastructures.
Criminals are using cloud services and automated technology to speed up attacks, decreasing the time enterprises get to identify and respond to a data breach or disruption attack.
Security specialists constantly develop innovative ways to win much of that time back. They use automated technologies to defend data and network infrastructures from harm.
Here’s the lineup of technologies that play important roles in cybersecurity defense.
Artificial intelligence/deep learning. AI plays an increasing role in cybersecurity. Data analytics tools engage in high-speed, high-volume processes to identify, gather, and analyze data from millions of cyber incidents. Results help to identify potential threats—an employee account acting strangely when someone clicks on a phishing link or a new malware variant, for example. AI now defends network cybersecurity by:
Deep learning-based tools detect threats or unwarranted activities by analyzing logs, transaction data, and real-time communications.
Network behavior analysis. This technique, which targets social media and online advertisements to a carefully defined audience, also has a place in cybersecurity.
When combined with machine learning methods, behavioral analytics helps security pros detect harmful system or network behavior patterns and respond to cyber threats in real-time.
Internet-connected devices (IoT). IoT devices enable organizations to connect devices to networks and transfer data without human intervention. They drive automation, productivity, and efficiency, making them valuable in cybersecurity efforts.
Embedded authentication hardware. Embedded authenticators are emerging technologies that confirm a user’s identity. First introduced in 2016 as Intel’s sixth-generation vPro chip, this approach to hardware authenticators was claimed to offer better protection from interference and manipulation than their software equivalents.
These powerful user authentication tools are embedded into a device’s hardware. Each device uses several levels and authentication methods that work together. Now, interest and the market value for this technology are growing rapidly.
Automating these IT processes give organizations remarkable improvements in their cybersecurity defenses.
Detecting malware and disruptive activity. Implementing good data governance through automated techniques limits total risk when an incident happens. However, it would help if you wanted to detect and try to stop an attack before it advances.
Unfortunately, when security defenders use conventional techniques such as virus scanners, modern malware such as Sodinokibi is hard to detect.
One reason for this difficulty is that the malware takes advantage of existing Windows software such as PowerShell and other standard utilities.
Responding to attacks in real-time. Machine learning-based, defensive software identifies and reacts to suspected problems almost immediately, preventing potential issues from disrupting business without relying on humans having to monitor everything at once.
Advanced security software compares data that describes current application behavior against baseline data stored online. (This includes all aspects of a web application’s normal behavior, such as directories, URLs, parameters, and acceptable user inputs.)
Rules-based analysis determines if app behavior is “safe.” If the situation isn’t safe, the application blocks attacks within seconds.
With their R&D budgets, 21st-century cyber-thieves are always improving their product, making them faster, stealthier, and smarter about detecting and deleting backups and crippling other defenses.
Finding sensitive data for millions of files, adjusting permissions, and then monitoring for threats in these enormous corporate file systems is beyond the capabilities of IT teams. That is unless they have significant help from software automation.
Uncovering new kinds of malware isn’t the only way machine learning can boost cybersecurity. Important capabilities also include:
One important first step is to have automated data governance practices: software for efficiently scanning file systems, determining employee access patterns, and then setting permissions that limit access to those who need it.
In addition, cyber defense software should be able to classify corporate data to find sensitive information — credit card numbers, passwords, and other account data — and lock these files down with special permissions.
The benefits of using infrastructure as a service (IaaS) provider are obvious. There’s no need to spend money buying and maintaining expensive servers and computing power to manage your data and IT operations. And you get a general sense that your data is safe. After all, it’s in the cloud.
Well, maybe. Business owners: take a long look at the fine print in your service contract. Your data might not be as thoroughly protected as you think.
When you post your data in the cloud, the IaaS (cloud hosting) provider is responsible for the protection of the basic IT infrastructure that contains your data and apps.
You, the business owner, are responsible for protecting your own data. Look at this graphic. (Source: Amazon Web Services)
This model clearly portrays how the customers and cloud services communicate with each other. The IaaS provider can support you by giving you secure infrastructure, bandwidth access, and disaster recovery, but it is up to you to be aware of the limitations of cloud computing and how you protect your information.
Small to mid-sized businesses continue to face a threat from cybercrime. Security technical reports and white papers share a gloomy outlook for SMB owners. And your chances of flying under the radar of cyber crooks are not good.
The current demand for reliable security services has created one more as-a-service: the MSSP. Managed security services providers sell specialized cloud-based services to organizations of all sizes. MSSPs support some or all aspects of their clients’ security functions, which typically include some level of:
Before you groan, “But I can’t afford that!” consider this: In terms of time, money, and on-premises talent, can you afford to:
We understand if you answer “no” to any of these questions. But ultimately, it all comes down to judging the costs of ongoing security support services versus the expected value of Something Going Wrong at your business.