The approach taken by most organisations to counter cyber attacks is defensive and reactionary. Threats are only removed and analysed once they are detected; at which point, the harm is done—the network has already been breached and valuable information compromised.
Intrusion detection and prevention, such as anti-virus software and firewalls combined with access controls such as passwords, are the common tools and measures employed by the majority of organisations.
Considering how sophisticated and multi-faceted cyber crimes have been in recent years, and how numerous the attacks that don’t make the tabloids are, however, it’s safe to say reactionary responses are damage control measures, at best, and are largely ineffective.
The solution, however, is far easier to hypothesise than actually implement. Governments and organisations need to start predicting cyber attacks and threats and commit to attack simulations across their systems without delay.
Peering into the crystal ball: Why you need to start predicting cyber attacks
The difficulty in predicting cyber attacks using current technology is that there are too many avenues for attackers to breach; their motivations are unpredictable and their reliance on connectivity and cloud storage is at an unprecedented high.
Businesses are introducing new technologies into their operations at a near-constant basis, all of which come with their own vulnerabilities. This creates potential risks in the form of devices, configurations, internal policies and insufficient training for contractors and employees.
What is currently considered a holistic approach to cybersecurity lacks a predictive aspect. The focus is only given to a few key elements:
- Preventative security: Strong passwords that prevent USB devices from accessing open ports.
- Network design security: Minimising vulnerabilities and isolating them to prevent a network-wide compromise in the event of a breach.
- Active security: Encryption, protocol-specific deep packet inspection, layer three firewalls and powerful antivirus software.
- Detective security: Evaluating activity registers and logs to identify a threat in real-time and monitoring intrusion detection systems.
- Corrective security: Limiting the extent of the damage if an incident occurs by updating antivirus and firewall software and having a configuration parameter backup policy.
The capabilities and limitations of current prediction tools
The need for predictive tools to combat the ever-evolving threats in cyberspace was foreseen. There are many systems in place already, but they are far from the complete package we need.
Nonetheless, they are a step in the right direction.
A majority of ‘old school’ prediction tools are based on identifying network vulnerabilities. These systems identify and observe malicious activities on a network and use this analysis to anticipate possible threats.
These systems can be quite effective but require up-to-date knowledge of the network and advanced capabilities to identify sophisticated attacks buried under large swathes of data.
Attack graphs depict ways in which a hacker can exploit any given vulnerability in a network. Researchers can use these graphs to identify nearly all possible weaknesses in a given system.
A Dynamic Bayesian Network functions in a very similar way to an attack graph but is really a statistical tool capable of determining the ultimate goal of a cyber attack.
Estimating capability, opportunity and intent (COI) is a process mostly used by intelligence agencies and the military.
Capability: previous targets exploited by a hacker.
Opportunity: access to insider information
Intent: attacker motivation and social influence.
Recommendation systems are most commonly used on movie ranking and shopping sites but are also used as a tool to determine the vulnerability of certain networks based on the behaviour of malicious IP addresses.
Each of the tools above, though useful in predicting cyber attacks, are very limited in their scope when taking into account how they have to function with incomplete network information and errors in intrusion detection.
The main problem, however, is attack obfuscation, which makes malicious code very hard to read. When dealing with large-scale coordinated attacks, our current systems are as good as obsolete.
Prediction tools of the future
The future of cybersecurity isn’t as bleak as we’ve probably made it sound, however.
With the rapid development of AI and quantum encryption, many new ways to combat cyber attacks are emerging. Cybersecurity has a big role to play in the future of our industries and the government. With this understanding, many of our greatest minds are tackling this problem and have already made promising progress.
Predictive analytics will have a prominent role in the future of cybersecurity given its use of historical data and statistical algorithms to predict future threats. The most promising aspect of predictive analytics is that with the meteoric rise in machine learning, it will be possible to teach machines how to do it; through which human error can be eliminated.
This will introduce a very high level of efficiency to detecting threats very early on while giving cybersecurity a chance to be proactive instead of reactive.
Leverage the best methods to predict cyber attacks
The best methods of predicting cyber attacks at the moment will vary from business to business, industry and the type of organisation you run.
Regardless of these distinctions, however, one of the best solutions is to identify vulnerabilities across your organisation’s network and implement a few of the tools outlined above to bolster your security.