How Covid-19 Will Help Lead the Shift to AI-First Cybersecurity

Igor Mezic -
Illustration: © IoT For All

When a significant portion of the world’s workforce was suddenly forced to stop attending work in the office due to the COVID-19 pandemic, many organizations were caught unprepared. This massive shift in the way we work has major security implications for enterprises.

Network administrators could connect remote workers, but for far too many companies, the nightmare scenario came true. Ad-hoc, outdated, or bargain-basement security solutions proved more than worthless. Almost overnight, millions of network connections became significantly more vulnerable. 

Bad actors swooped in almost immediately

How Covid-19 Is Highlighting Gaps in Enterprise Security Posture

For some organizations, the pandemic has triggered a series of events that have overtaxed security systems. For others, it has cracked open and exposed the very real and previously undetected vulnerabilities inherent in their expensive, sprawling security platforms. 

Organizations who take proactive steps will fare better in the face of the next unexpected event, while those who continue applying band-aids to inadequate security solutions, will be left behind, or worse. 

Swift, Painful Security Outcomes

Workers shifted to remote work en masse by the end of March. By mid-April, internet indexing service Shodan reported a 41 percent increase in remote desktop protocol brute-force attacks. Seventy-one percent of security professionals reported a rise in security threats or attacks since the beginning of the outbreak.

Several factors contribute to increased cybersecurity vulnerability. One is the trend toward “Bring Your Own Device” and IoT access by employees, third-party vendors, and others. Second, when employees log in from home networks, new pathways into the network open up. 

What’s the Difference in Whether Workers Are Remote or Onsite? 

Non-hardened laptops and other endpoint devices pose a significant risk to enterprise network security

COVID has made a new type of artificial intelligence dubbed by DARPA as Third Wave AI necessary for companies. When attempting to identify anomalous and malicious behavior, they can no longer rely on the rules they programmed for what ‘normal network behavior,’ looks like to do so, as the “normal” now is the new normal. Thus a solution is needed that can recognize the new normal, and the deviations from it that represent a threat.

Many enterprises are not confronting the reality that an increase in the number of home-based workers has entirely changed normal network expectations on an average day. You really need an AI security system capable of constantly adapting its baseline to maneuver through these rapidly changing network traffic environments, humans alone just simply can’t handle this type of rapid change fast enough. 

Key statistics around remote working underscore this concern. According to the Work-from-Home (WFH) Employee Cybersecurity Threat Index released by Morphisec:

  • 56 percent of employees use personal computers to access employer networks.
  • 25 percent of remote workers don’t have a clear understanding of network security protocols.
  • 25 percent have frequent or spotty Wifi, limiting antivirus efficacy

To put it succinctly, traditional security methods no longer work. Pandora is out of the box, and she’s not going back in. 

For organizations that have not yet embraced the promising advancements in AI first cybersecurity, the time has arrived. 

How An AI-First Approach Will Move Cybersecurity into the Future

It comes down to the nature and capabilities of network security systems. Some systems went into hyperdrive, triggering thousands of false alarms that buried security professionals under the weight of endless threat hunting. The sheer volume of false positives has made it nearly impossible for these systems to catch true risks before they cause harm. 

An AI-first approach empowers SOCs to keep up with bad actors and evolving conditions without relying on the addition of more human analysts to keep up with the rise in attacks and such drastic change to the network. 

AI-first security platforms utilizing behavioral analysis were able to adjust for the unexpected network behavior and the opening of network boundaries. Third-wave AI systems are even able to use traffic pattern anomaly detection to detect zero-day attacks, which are new, evolving, and unknown to threat intel. 

Choosing An AI-First Security Platform

CISOs ready to move to AI-first need to be prepared to navigate a cluttered, misleading marketplace. Many so-called AI solutions rely on rules-based interventions to function. In other words, they are not self-learning AI, or in some ways, not AI at all. 

Instead, they require a great deal of ongoing human interaction and input to learn about expected network behavior. The AI in these systems is only as capable as its latest training by humans. Self-supervised AI mitigates this impactful limitation. 

Before, if you wrote a rule for something originally inside a network, the rule reflected the norm. Now suddenly, everybody is coming from the outside.

This stresses that organizations must seek adaptive systems that can recognize changing behaviors and adapt to them without constant tuning. Otherwise, you put additional burdens on your security team when the economy is such that organizations don’t have the extra capital to hire additional people. 

The good news is that much of this work can be managed efficiently by a sophisticated AI system. 

True AI-first security platforms employ pattern and behavior anomaly detection and continue to evolve through self-learning, much more accurately and faster than analysts could ever manage. 

Will We Ever Get Back to “Normal?”

The impact on security teams from COVID-19 has been swift and severe, but some enterprises seem to be comforted by the idea that as the world recovers, it will be business as usual. 

In truth, the impact of COVID will not only create lingering issues companies have to clean up, but it will also shape the way bad actors infiltrate networks. They are learning valuable lessons right alongside us. 

Already, malicious hackers and phishers are targeting sectors that play vital roles in our recovery. For example, we know that bad actors have focused on global health organizations, government benefits websites, e-learning platforms, and vulnerable school districts

In the future, COVID-19 will eventually fade away, but other COVID-like incidents are inevitable. Enterprises today are a part of a globally interconnected community vulnerable to disruptions from anywhere in the world. There is little doubt that we face additional health, environmental, or globally-orchestrated cyber attacks in the future.

Take Action Now

Unless companies become proactive about bringing on modern, AI-first security solutions, we face an uncertain future. A single day without the internet would cost the world $50 billion in commerce

While it’s too late to prevent the security impact of COVID, the time is ripe to leave inadequate security solutions where they belong: in the past. Modern cybersecurity threats require modern cybersecurity solutions. 

Author
Igor Mezic - MixMode CTO, MixMode AI

Contributors
IoT For All
IoT For All
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All. If you're interested in contributing to IoT For All, cli...
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All. If you're interested in contributing to IoT For All, cli...