by Scott M. Lewis
(Part One of Three)
It has been a year for the record books, and Cybersecurity has been the year’s topic. I have learned the hard way that Cyberthreats have entered a new realm of technology, and just about everything you thought you knew has gone out the window. It used to be that if you had long and strong passwords, disabled accounts, Antivirus on workstations and servers, web filtering and Malware protection, and kept your systems patched and updated, you were in good shape. If you had Multi-Factor-Authentication, used VPNs, and were in Office 365, you were in great shape. As I learned the hard way, cyber threats and the prevention you need have gone to a whole new level, and it is now a battle of Artificial Intelligence at machine learning speed, which humans could never keep up.
Stealing a line from the Twilight Zone, Image this, if you will, an offensive artificial intelligence virus that can learn a networking environment independently, problem-solve by reaching out to the host, or perform an Internet search to resolve issues. On top of that has developed the knowledge to disable your two-factor authentication so that the administrative console does not report that your two-factor authentication is not working. Then render your Advanced Threat protection software or anti-virus ineffective, yet again, but fool the administrative console into thinking it is reporting. Also, imagine, if you will, what if a virus could take a user that is disabled and placed in an inactive operating unit with no rights to the network, brute force the username and password, and crack that twenty-character alphanumeric unique character password, all without detection? Impossible, you say? Actually, the reality is a surprise they can, and I have seen it in action myself with the use of artificial intelligence by a threat actor. The industry-leading experts couldn’t believe it, and all this was done without the detection of other advanced monitoring and prevention systems.
Cybertechnologists are using artificial intelligence to defend the country, our online shopping, and our businesses from threat actors performing ransomware attacks, data mining, identity theft, and several other attack vectors. However, only a small percentage of corporate America focuses on security within their businesses. Corporate America has forgotten or not realized or could be in denial that the threat actors are also heavily investing in using artificial intelligence to launch attacks at speeds we have never seen before. These attacks are more complex and focused than ever. In a report by Security Intelligence, they reported that the emergence of Offensive Artificial Intelligence is coming, or is here in my experience, and that 88% of the decision-makers in the security industry believe that future attacks will be led by Offensive based Artificial Intelligence. Only about 5% of American companies are prepared for this type of offensive attack, and don’t let the “I’m in the cloud, so I am safe” thoughts cloud your judgment; you aren’t. I’m here to tell you if you have been told that your IT company or IT professional has the golden key, I’m just going to say it; they are lying to you.
A Deloitte study and Security Intelligence published Smart Cyber: How AI can help manage cyber risk? Refers to cyber risk as a spectrum; previous cyber threats and attacks were at the lower end simply because they mimicked human behavior but not our thought processes. Cybercriminals now moving into using full artificial intelligence models are seeing cyber-attacks mimicking human intelligence. Not just mimicking our behavior, repeating it, and anticipating it, but this is real learning intelligence that will learn unsupervised, communicate with other outside resources, including internet searches for problem-solving, and interact directly with humans without their knowledge.
When we talk about Cybersecurity, what are we talking about? Most people, including technologists, think Cybersecurity is focused on your backend network infrastructure and hardware, which is part of it, but there is more to Cybersecurity than that.
-Critical Infrastructure Security, infrastructure in the IT world, is a tricky word. Still, in Cybersecurity, we are talking about electrical grids, water systems, traffic controls, and hospitals and 911 functions; within your business, we may be talking about accounting systems, hosted systems, remote or mobile workers, and other software.
-Application Security, users, and companies have become app crazy, there is an application for just about everything nowadays, including enterprise applications, locally loaded applications, and then there are SAAS (Software as a Service) applications. All these are prone to hackers, regardless of where or what they are loaded in the “Cloud” or on in-house systems.
-etwork Security is your traditional Firewall, servers, routers, switches, permissions on workstations, laptops, and IP phones, anti-virus, web filtering, and email filtering, which are typically what network engineers focus on when they think of Cybersecurity.
-Cloud Security is where all the software solutions (SAAS) and hosting platforms such as Azure, M365, Amazon web services, and Google Cloud are; these solutions are typically paid for hosting and management platforms.
However, most of these platforms offer basic security options; the management of security on these platforms remains the customer’s responsibility.
-The Internet of Things (IoT) will exceed 530 billion dollars, are Alexa devices, Ring devices, gate openers, video cameras, and the list goes on and on. Many of these devices have found their way into the corporate world. So, they continue to pose new challenges and security risks to corporate networks.
-Securing the human, which is training the human to be security aware, identify spam and malware, and use common sense when using outside or public WIFI, human, continues to be the most significant risk, up to now, with the use of offensive artificial intelligence, which can think and act like a human, the risks are higher now than ever.
Scott Lewis is the president and CEO of Winning Technologies Group of Companies, which includes Liberty One Software. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker and author. He has worked with businesses to empower them to use technology to improve work processes, increase productivity and reduce costs. Winning Technologies’ goal is to work with companies on the selection, implementation, management and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or by calling 877-379-8279.
Submitted 1 years 331 days ago