Instances of reported cybercrime are growing astronomically – and yet many successful attacks are still not reported, or even detected.
In response to the escalating threat, detection capabilities are constantly being refined, improved and almost fully re-imagined.
As new threats arise, so do technologies that offer a control against these threats. Automating the process without compromising the accuracy or effectiveness of the measures helps to augment the role of a human in security operations.
The automation wave is the progression of technology and machine learning into intelligent software that can act to both identify and remediate incidents, leaving security professionals to tackle more complex and relevant issues.
The role of a security professional is made more arduous by the abundance of malware, botnets and distributed denial-of-service (DDoS) products that are sold on the underground market and which empower organised crime syndicates.
>See also: Beyond chatbots: how AI will help fight cybercrime in the IoT
The evolving difficulties associated with identifying and managing insider threat, device policy and management, and the uncertainties surrounding the increasingly connected IoT, further complicate the role of a security professional and the task of protecting the business internally and externally.
Add to this conundrum the people and skill-power required, and organisations frequently fall short of the required number to adequately combat the full spectrum of threats and fail to successfully recruit because of the ever-increasing skills gap.
The landscape is challenging and security measures must evolve. As motivated criminals refine their methods, so too must the security team protecting their new hybrid networks and the data associated with their critical assets.
Traditional rule-based systems were effective against less sophisticated attacks of the past, but in today’s digital world these traditional controls can only help to overcome challenges to a limited degree.
As the description suggests, rule-based systems are binary by permission and usually rely on a static set of rules.
An initiative from the Defense Advanced Research Projects Agency (DARPA) and the Cyber Grand Challenge seeks to automate this process, fielding a generation of machines with algorithms that can discover, prove and fix software flaws in real-time without human intervention.
The success and impact of the challenge will further highlight that the speed of autonomy will, in the very near future, disrupt the current advantages a motivated criminal has available.
One measure taken to mitigate risk in a situation where a company faces a multitude of simultaneous attacks is risk scoring. Essentially, a composite score is given to each threat based on a series of contextual factors, which correlate with priority areas for the organisation.
Fundamentally, risk scoring enables organisations to prioritise which of the incidents need to be prioritised first to minimise the impact on the business.
With increasing numbers of threats both identified and as yet undiscovered, risk scoring will continue to provide guidance and reassurance to businesses.
However, as important as reactionary methods are, there is no doubt that the only way to truly tackle cybercrime is to become more proactive and, universally, that is what the security industry has been concentrating on.
Graduating from a traditional rule-based system, experts have employed machine-learning techniques, drawing on data insight to identify patterns and apply machine-readable context to events.
It is technology that is used by many businesses to analyse big data sets. For example, Amazon has deployed a machine learning solution, based on a unique algorithm that can predict customer-spending habits.