Bengaluru: India has been ranked third in the world for the highest number of cyber threats being detected after the US and China, and second in terms of targeted attacks, according to Symantec’s Internet Security Threat Report.
The country ranks fourth for complex cyber attacks – like ransomware and network attacks. “Majority of significant cyber attacks experienced in India are state sponsored,” said Leslie K. Lambert, chief security & strategy officer, Gurucul, a leading global cyber security company that looks into User & Entity Behavior Analytics (UEBA).
Deccan Chronicle speaks to Leslie on what makes India more vulnerable to cyber threats than other countries and the role of Artificial Intelligence (AI), UEBA and User Behaviour Analytics (UBA) in mitigating risk to data/cyber security worldwide.
What makes India so vulnerable to cyber threat and attacks?
India has been ranked third in the world after the US and China for the highest number of cyber threats being detected, and second in terms of targeted attacks according to Symantec. The country ranks fourth for complex cyber attacks – like ransomware and network attacks. India has also been plagued with similar spam and phishing attacks: Misleading emails and weblinks are some of them. The majority of significant cyber attacks experienced in India are state sponsored, with a small number of private operators. Motivations behind these attacks include intelligence gathering, disruption, sabotage, or financial gains. Businesses in India are often victims of targeted attacks because that’s where a lot of intellectual property rights are generated.
What is the biggest threat to data/cyber security worldwide?
Still, the biggest threats to data/cyber security worldwide are the vulnerabilities that are exploited via email-related attacks. While the rates of ransomware have decreased, the rate of impact has only worsened due to more lingering effects of clicking on the wrong link in an email. Beyond last year’s bad experiences with ransomware, the level of cryptojacking and cryptomining has dramatically increased, where a single request for bitcoin ransom has been replaced by embedded, and possibly ongoing, cryptomining for bitcoins. Why ask for money only once when you can infect the email host for a continuous form of crypto payment? More and more bad emails are also delivering payloads that unleash a fileless attack on the unsuspecting recipient. Again, opening or clicking on the wrong attachment or embedded file or image can wreak havoc, yet fileless attacks exploit software that are already installed on the victim’s computer rather than attempting to download large executables. Ponemon Institute reported that 77 per cent of compromised attacks in 2017 were fileless, in their ‘The State of Endpoint Security Risk Report.’ This issue has only expanded throughout 2018.
How big is the role of Artificial Intelligence in cyber security?
Autonomously AI-driven cyber attacks portend a chaotic future for businesses and governments. What’s new and different in the world of AI-driven cyber attacks is less human involvement than in previous generations of malware. In the past, there still existed the human touch, the ability to understand or contextualize any particular scenario of attack. With AI, the attacks are far more opportunistic and are commodity-based. AI attacks are clever, they move laterally quite quickly, and can exfiltrate a tremendous amount of data in a short period of time. AI models are able to quickly and autonomously adapt their behavior on the fly to blend into different environments, potentially much faster than humans can accommodate and react. Human decision making may no longer be required in an AI-driven world, yet how far can this paradigm go without some significant level of human decisions or directions remains to be seen.
Has the UEBA/Identity Analytics been able to profile the intruders/suspicious users just the way security agencies profile possible disruptors to prevent a mishap?
Simply, the answer is yes. UEBA/Identity Analytics is one area where AI has also been harnessed to quickly decipher the good guys from the bad guys, based on modeled behavioral characteristics from the data that both identities and entities generate as they operate in their environment. UEBA/Identity Analytics seek to create behavioral models of baseline behavior against a set of known parameters through the harvesting of data that’s being generated on the network, in a near real-time fashion. From these behavioral norms, UEBA/Identity Analytics use the power of AI to quickly identify anomalous behavior, which uncovers intruders or suspicious insiders. This can be seen as automating what security agencies have been doing over time, yet now much more quickly.
What is the success rate of these cyber security tools?
UEBA tools and their internal processing models have improved dramatically year after year. Latest generation tools are able to produce highly confident results with single digit false positive rates. Achieving this level of accuracy has moved UEBA tools into the front line of detection and cyber defense for organizations who have embraced the concepts and processes necessary to be successful with UEBA.
Is there a behavioural data in a centralized location?
Behavioral data is not held in a centralized location, per se, yet UEBA/Identity Analytics use the power of big data platforms in combination with AI and machine learning to quickly process existing and newly generated user access and activity data to produce meaningful behavioral profiles that are constantly being updated with newly incoming data.
Security also comes at a price. How big is the cyber security industry in the world, with special focus on India?
The cyber security industry continues to grow at a healthy rate. Trends reported by Market Research Future show the cyber security industry growing at a steady CAGR of 11 pc with an estimated value of US $ 138 billion in 2017, moving up to US $251 billion by 2023. The major forces driving the growth of the cyber security market are the need for stringent compliance and regulatory requirements, plus the increased deployment of web and cloud based applications.
Do the defence/sensitive government installations use UEBA, Identity analytics to profile risk behaviour of insiders?
Yes several governments and defence installations are using UEBA/Identity Analytics to profile the behavior of insiders to root out and prevent several possible types of wrongdoing. Examples include unauthorized access to critical or sensitive information, which could include government defense secrets, healthcare information, financial data, and others. As well, UEBA/Identity Analytics are key to rooting out evidence of fraud. Unfortunately, government and defence installations are not immune to the regular forms of cyber attack or abuse of privileges that is experienced by business entities.
