Where’s our digital siren? We need an early warning system

Nadir Izrael at Armis explores the rising tide of digital threats and the need for a more proactive approach to cyber-security.

 

Earthquakes. Tropical cyclones. Tsunamis. Volcanic eruptions.

 

For generations, natural disasters such as these have rocked our world, carving out a trail of destruction in their wake. Thankfully, through innovation and technological advancements, we’ve developed early warning systems to provide us with precious and critical time to prepare in advance to minimise impact. 

 

So, why can’t the same be said for our digital world? Unlike earthquakes and hurricanes, cyber-attacks to-date have proven to be silent infiltrators. As such, businesses and governments often find themselves crippled by breaches with no prior notice. As a society, we remain woefully unprepared.

 

Attack attempts rose significantly in 2023, with an increase of 104%, while one in four (25%) UK cyber-security teams simply feel overwhelmed by the threat information they receive. Meanwhile, we rely on old techniques, like firewalls – the digital equivalent of sandbags protecting against a tsunami – to hold back a rising tide of cyber-attacks. But what happens when the wave starts to rise out at sea? Where’s our digital siren, the system that sounds the alarm before catastrophe hits?

 

A modern disaster

Burdened by the ever-expanding threat landscape, IT and cyber-security professionals are constantly scrambling to keep up with a never-ending string of alerts from various sources in an effort to shore up their defences. Over half of UK organisations have seen an average of 1.74 breaches, highlighting how many organisations are still struggling to effectively secure their own networks.

 

For instance, there’s tens of thousands of physical and virtual assets connected to any organisation’s network on an average day – yet over 40% remain unmonitored. Moreover, cyber-security professionals are using eight different sources to collect data relating to threat intelligence and are struggling to effectively remediate or prioritise threats reactively, let alone in real-time.

 

Combined with a lack of automation and an array of critical industries – like education, healthcare and utilities – still relying on legacy systems or EoS solutions, it’s no wonder most feel overwhelmed and under-resourced. This deluge of data, among other vulnerabilities and challenges, has left us fighting fires rather than preventing them. And we’re already seeing our defences being overwhelmed, with the recent string of attacks on London NHS hospitals.

 

Adding insult to injury, the widespread adoption of AI has seen bad actors and nation-states weaponising the technology and amplifying their ability to cause harm. It’s now supercharging cyber-warfare.

 

Geopolitical tensions further teeter on a tightrope, with 45% of UK organisations believing that Russia poses a greater threat to global security compared to China. In fact, Britain’s Government Communications Headquarters (GCHQ) recently highlighted how Russia is increasingly seeking to encourage and direct hackers to attack British and other western targets. The tidal wave of threats continues to surge.

 

We must ask ourselves, why are we so complacent in the face of this digital disaster? In 2023 alone, the patch rates for critical Common Vulnerabilities and Exposures (CVEs) remained noticeably lower than others, highlighting how organisations are failing to prioritise the right vulnerabilities. 

 

The world of cyber-security needs an early warning system. Granted, it’s not a new concept, but one that is desperately needed in the face of ever-evolving cyber-threats.

 

Building an early warning system

Put simply, an early warning system for cyber-security would be exactly that – a system that constantly scans the horizon for threats before they strike, while still in the formulation stage. While this may seem like a hypothetical solution, early warning systems for the sector already exist.

 

To stay ahead of the danger in real-time, AI and Machine Learning (ML) are now a necessity. AI-powered security solutions allow organisations to make that switch to a proactive approach, transforming raw data into actionable insights.

 

And that starts with the detection aspect. After all, an early warning system has to highlight the danger before it arrives. Through a combination of AI and ML, organisations can flip the script, turning the hunter into the hunted.

 

Predictive AI technology can scour the dark web, providing real-time situational awareness of active threats. AI can then be used to generate thousands of purpose-configured honeypots into potential “hotspots,” that are tailored to the actual attack surface, allowing for the observation of malicious behaviours and techniques. By tracking potential incidents in real-time and pre-emptively mitigating risks, organisations will have the equivalent of that digital siren.

 

Moreover, with advanced natural language processing (NLP) techniques, AI can be used to target the humans behind the keyboard, taking advantage of operational security flaws to place AI intelligence collectors to listen to the context of a conversation. These collectors can be trained in hundreds of different languages specifically about the exploitation of vulnerabilities. This integration of human expertise and AI allows security teams to stay ahead of the rising waves.

 

When we know what we’re dealing with, the next step is to strategically use those insights and shore up the defences. This means mapping out all the entry points, blind spots and vulnerabilities within a network that could be exploited.

 

But visibility alone isn’t enough. Cyber-attacks are constantly evolving, demanding a more proactive approach. This is where AI-powered vulnerability prioritisation and remediation powered by ‘threat hunting’ truly shines. These advanced solutions go beyond simple detection.

 

AI can be used to analyse vast amounts of data to prioritise risks based on severity and exploitability. It reduces 98% of the vulnerabilities an organisation needs to worry about, finding potential threats before they are ever launched and before an environment is ever impacted.

 

In the end, not all vulnerabilities are created equal, so pinpointing their origins and identifying how they affect interconnected systems can help organisations move beyond alert fatigue and focus on the most critical threats in real-time.

 

This set up can – and does currently – exist to help protect organisations before an attack is launched. Bad actors are embracing the future with the use of AI, so it’s about time we do the same to mitigate the threat. Forewarned is forearmed.

 

Proactive defence is the new normal

The relentless evolution of cyber-threats demands a new approach. Reactive firefighting simply isn’t enough to hold back the rising tide of digital attacks. We need to move towards proactive defence, implementing a cyber-security early warning system. After all, “there is no such thing as a new idea,” just new combinations.

 

Therefore, through the power of AI, we can take that concept and create those new combinations to better protect our digital defences. By embracing a proactive approach and using an early warning system, organisations can take control of their cyber-security posture and build greater resilience.

 

Unlike natural disasters, cyber-attacks can be stopped. It’s simply about knowing where these threats come from and neutralising them before they strike.

 

---

 

Nadir Izrael is Co-Founder and CTO at Armis

 

Main image courtesy of iStockPhoto.com and ashatuvango