There are three eternal truths when it comes to cybersecurity: First, the bad guys are constantly looking for open doors. Second, users will always leave at least one door open at all times.
“It’s simply not realistic to expect that employees can make the right judgment call on the credibility of a potentially malicious email,” said Nirav Shah, COO of Cyberinc. “We see examples all the time where individuals unknowingly click on something that looks legitimate and cause their organization to be a victim of a costly malware attack. But it’s not their fault. Mistakes are human nature. Securing the click without burdening the user is the job of the security stack. The user should only be concerned about operating the business.”
So can we ever be secure? Maybe. That brings us to the third eternal truth. Cybercriminals are skilled but not necessarily smart or hard-working. While state-sponsored groups in places like Russia and North Korea may have nationalistic intentions, they will target big infrastructure organizations. But most cybercrime, about 90 percent according to some sources, is targeted at small to medium enterprises (SMEs). The criminals targeting this area look for easy ways in and gullible victims. If you can make them believe they have found both you can protect your data. Several research organizations and companies are working on that kind of tool/service.
Setting traps with AI
For a couple of years, the University of Missouri are employing AIs to identify attacks on a cloud-based enterprise as they happen and diverting attackers to a decoy system.
“We are interested in the targeted attacks to exploit data or critical infrastructure resources, such as blocking data access, tampering with or stealing data,” said Prasad Calyam, associate professor of electrical engineering and computer science and the director of Cyber Education and Research Initiative in the UM College of Engineering. “Attackers are trying to use peoples’ compromised resources to infiltrate their data without their knowledge, and these attacks are becoming increasingly significant because attackers are realizing they can make money in a big way like never before.”
The study is focused on two types of cyberattacks – those seeking customer data and those stealing resources such as digital currency. Their strategy uses artificial intelligence techniques and psychology principles — giving the cyberattacker false hope that the attack is working.
There are multiple tools and services on the market that attempt this kind of isolation, but we have found none that are within the price zone of SMEs and the UM study has yet to reach commercial status.
If an organization does have access to that kind of isolating technology, it is possible to insert one’s own Trojan virus that would infect the criminal’s network and bring down his operation, but that would require a level of technical skill usually not available to a small business.
Virtual air gaps
There are, however, affordable systems that can limit the damage of ongoing attacks. One of them is Airgap, a Silicon Valley company. Airgap started out developing a hardware and software device that would detect a ransomware intrusion using artificial intelligence and then isolate the infected device from the network with a “kill switch” that could be automated or manually applied by the chief security officer.
“If you told the person managing network security there is ransomware in the network, chances are they will shut down the network. That’s not an acceptable answer If you’re managing anything mission critical. “ said Airgap CEO Ritesh Agarwal. He compared that kind of action to burning down the house because you found a rat in the kitchen. “With Airgap you can stop ransomware propagation with surgical precision.“
The problem is Airgap, like 99 per cent of the cybersecurity industry, is currently focused on supporting large customers because, as the saying goes, “that’s where the money is.” And by focusing on large companies, SMEs get ignored and that is where 90 per cent of all cybercrime is targeted. While Airgap does sell to some SMEs the ability to provide the necessary hardware is limited by manufacturing… and the manufacturing supply chain is in shambles.
Potentially, Airgap could have the Holy Grail to permanently stop ransomware attacks, but until the technology is widely available and in mass distribution, it’s still in the theoretical state. Not quite grail-like.
Agarwal said they are working on that by moving to a software-as-a-service (SaaS) model as opposed to hardware-centric. That actually makes sense for SMEs on two levels. Many are transitioning to cloud-based services for almost everything (data storage, applications, marketing, etc.) and work-from-home (WFM) operations. Both provide a lot of cost savings and ease the need for internal IT personnel, but they also expand the number of attack surfaces as employees will be using personal devices to connect to the network. Adding the Airgap service would blunt attacks on those networks.
The biggest problem with digital technology is foundational. There are no processor platforms on the market that are originally designed with security in mind. A few companies are trying to fix that.
One of them is Axiado in Silicon Valley. They are working on a dedicated security processor and have significant financing. They tout their product as a new architecture to provide the foundational solution to all cyber attacks. But after five years, they’ve not revealed a working product, much less a partner/customer willing to reveal themselves. That doesn’t mean they aren’t producing a product, but it isn’t going to be available anytime soon.
As cybercrime syndicates are going dark it is unlikely they are gone. Matthew Rosenquist, CISO of Eclipz, conducted a Linkedin survey of thousands of security professionals last week about where ransomware gangs are going. About 2/3rds believe they are resting and retooling for new, potentially more damaging assaults.
It’s hard to say if we have cybercriminals back on their heels. The information about this new technology is being talked about publicly and is not yet widely available to anyone but the largest companies and organizations. Millions, if not billions of unprotected attack vectors connect to networks everywhere. We can be sure the criminals are trying to find ways to circumvent them.
That makes the idea of isolating the bad guys a grim race to the finish.