Why Defensive Superiority Should Rein Over Offensive Capability


By Marcus Fowler, SVP of Strategic Engagements and Threats at Darktrace

Amid a near-constant cycle of cyber incidents globally, organizations and institutions in both the private and public sectors must enhance their defensive security efforts in the face of ever-evolving cyber threats. With increased cyber alerts and sophisticated adversaries, many organizations find themselves scrambling to rapidly prepare for the national security and business risks posed by nation and non-nation-state actors. As cybersecurity becomes more top-of-mind for business leaders and rises on the priorities list, many organizations ask: Where should we focus?

The Evolving Security Landscape

In the wake of recent attacks, security and business leaders must face a new reality: organizations need to defend beyond and ahead of a breach to harden their security position and ensure continuous business operations, no matter the attack vector. Cyber-criminals and nation-state actors are successfully and disruptively infiltrating critical systems via several sophisticated and hard-to-anticipate methods, including supply chain attacks, leveraging insiders, or exploiting zero-day vulnerabilities. These threat campaigns, including ransomware or wiper attacks, can affect thousands of companies and government institutions.

In 2021, attacks on Kaseya and Gitlab and the widely publicized “Log4Shell” vulnerability displayed malicious actors’ ability to use software and developers’ infrastructure, platforms, and providers as entry vectors into corporations and governments – regardless of the size or industry.

Recent cyber-attacks like the recent breach of NVIDIA, the world’s largest Graphics Processing Unit (GPU) supplier, demonstrated that the stakes are higher than ever. By targeting major suppliers like NVIDIA, attackers can leverage a single breach to enter thousands of organizations globally via stolen access to software present on personal devices.

With cyber-criminals now using stolen NVIDIA data and code to disguise malware, both organizations and individual consumers find themselves unable to rely on updates and other actions from trusted suppliers. As these significant software supply-chain attacks proliferate, traditional security postures will continue falling short as they fail to account for cyber threats via purportedly trusted partners and suppliers. A mindset shift is necessary to identify sophisticated cyber threats and stop them effectively.

Why an AI-backed Approach Succeeds

Cyber conflict is asymmetric where anyone can attack, and an offensive threat actor can simply have the right access and tactics, as shown by the 16-year-old linked to successful Lapsus$ hacks. As we watch the Russia-Ukraine conflict and the real possibility of a large-scale, international cyber-conflict looms, businesses, and even well-resourced nation-state governments, need to leverage the power of artificial intelligence (AI) to prepare for unintended escalation, cyber collateral damage, larger-scale campaigns, and the rise of new types of non-state cyber actors.

Historical approaches to cybersecurity have failed to effectively emphasize internal defense in the fight to stay ahead of cyber-attackers. A traditional military advantage stems from a nation’s ability to project offensive power to show superiority. However, this military model fails in cyber warfare because today, everyone can attack.

Organizations also do not have the resources to “hack back.” Governments and nation-states execute sophisticated offensive campaigns to target high-priority cyber-criminals, but their focus is not on protecting every mom-and-pop shop from cyber threats. While government institutions like the United States’ Cybersecurity and Infrastructure Security Agency (CISA) have advised companies that they need to have their cyber “Shields Up,” not all defensive approaches are the same.

Organizations that don’t prioritize building a robust defense capable of defending against the unknown without shifting the focus from understanding the attacker to understanding one’s own digital infrastructure. Security tools that leverage AI will provide these organizations the upper hand they need in developing this defensive superiority.

AI that can develop an understanding of “normal” business operations across the enterprise, autonomously identifying the subtle behavioral changes and anomalous activity indicative of a cyber threat before it can escalate into a full-blown attack. By isolating unknown activity and taking proportional actions to enforce “normal” business operations and halt any unusual behavior, AI can stop cyber-attacks against critical infrastructure industries, even when they emerge through trusted access points like supply chain partners and insiders.

The Best Defense is a Good Defense

The adage that “the best defense is a good offense” may have worked in the past, but this is not a winning strategy in today’s cybersecurity landscape. As cyber-attackers on all sides develop and conduct new and sophisticated attack models, it will be a defensive superiority, not offensive capability, that will decide nation-state and business survivability.

A superior defensive position does not reside in threat intelligence or trying to predict an attack or attacker. It lies in understanding your entire digital infrastructure and when something occurs outside that normal so your organization can respond and remediate the threat. AI can not only build knowledge but harden defenses further.

Businesses cannot wait to respond in the aftermath of crippling cyber-attacks. They must act now to deploy an AI-backed security posture that confronts the new era of sophisticated attacks, defends against the entire attack spectrum, and stops them from evolving into disruptive cyber-attacks with ramifications throughout the global supply chain.

 

About the Author

Marcus Fowler is the Director of Strategic Threat at Darktrace. Previously, he spent 15 years at the Central Intelligence Agency developing global cyber operations and technical strategies, led cyber efforts with various US Intelligence Community elements and global partners, has extensive experience advising senior leaders on cyber efforts, and was an officer in the United States Marine Corps. He’s recognized as a leader in developing and deploying innovative cyber solutions. Marcus has an engineering degree from the United States Naval Academy and a master’s degree in international security studies from the Fletcher School. He also completed Harvard Business School’s Executive Education Advanced Management Program.



Source link