For several years in a row now, Asia Pacific has topped the list of the most malware exposure of any region in the world, and Singapore alone saw an almost 200 percent-increase of malware detections amongst business sectors.
“Organisations in the Asia-Pacific region take almost three times as long as the rest of the world to realise that an attacker has successfully broken into their network” said FireEye’s Ledzian. “It is still the only part of the world that relies on external third parties to tell them they’ve had a breach more often than figuring it out for themselves. [Here]
It is difficult to pinpoint the exact reason why Asia Pacific leads the list. Some experts have suggested that it could be challenges related to driving a cyber-secure culture in Asia, through to other reasons such as widespread legacy systems still being used. Malware is indeed a global issue, but Asia Pacific looks to be the front line and could be ground zero for a global widespread attack. Given Asia Pacific’s existing exposure, are we ready for the looming threat with the emergence of the new wave of AI-powered malware?
A Defense-in-Depth strategy has always been useful to try and thwart the human attacker’s return on investment, with the goal of making it more difficult at each stage of the Cyber Attack Kill Chain, so hackers will give up on their malicious campaign and move to easier targets. The challenge is that AI-powered malware may not be subject to these conditions and have imbedded intelligence to stay under the radar, stay dormant as long as needed, navigate the network undetected, and deploy their payload only under the right conditions.
To better understand AI-powered malware, refer to IBM Research’s DeepLocker project [Here], “This class of AI-powered evasive malware conceals its intent until it reaches a specific victim. It unleashes its malicious action as soon as the AI model identifies the target…you can think of this capability as similar to a sniper attack, in contrast to the “spray and pray” approach of traditional malware. DeepLocker is designed to be stealthy. It flies under the radar, avoiding detection until the precise moment it recognizes a specific target.”
With a global shortage of cyber experts, (ISC2 estimates a current shortage of 3 million shortage of cybersecurity professionals), fighting back with security automation and using intelligent AI-powered cybersecurity products and services is one way for companies to strengthen their protection. Using traditional cybersecurity strategies to illustrate this point, you can see that the NIST Cybersecurity Framework would benefit at every phase in the Identify, Protect, Detect, Respond and Recovery if supported by such intelligent systems/services.
Intelligent cybersecurity products /services would be able to help at each stage with improving the speed and efficiency of the whole process. As each stage is somewhat dependent on each other, the faster you can identify a potential threat will mean faster remediation and recovery. Companies are going to need to invest more into this area, as a major benefit is that it can help to automate and provide much more risk based conditional logic and analysis when sifting through all of the terabytes of logged data from the company’s network.
We are seeing the first wave of intelligent cybersecurity products with system management monitoring capabilities and rule-based expert systems built in, to perform auto-remediation based on common vulnerabilities and signatures. Some security vendors are already building AI-powered products and services which leverage telemetry from threat feeds to help with detecting malware as early as possible based on behavior-based monitoring, building on top of existing expert-systems they have from the past. It will take some time before we need to be worrying about Terminator: Judgement Day scenarios with SKYNET, but the new-age-threats are real. Companies should understand their own internal capabilities, and leverage external partners and MSPs if they are facing resource shortages. Most importantly, they should not forget the absolute basics – from system and user patching, user awareness training for staff – to drive a cyber-secure culture from the top down.
There are some really great sessions at up-coming RSA Conference in Singapore this year that will touch on malware and so be sure to register early for the events. There is also a growing focus on the Human Elements of cybersecurity, and I strongly encourage you to attend a mixture of sessions this year to help you with your holistic approach to cybersecurity. I will be hosting two sessions at RSA Conference 2019 APJ this year on cybersecurity strategies for FinTech companies, as well as data protection demands regionally and globally.
Stay safe; Stay secure.