Companies defy cybersecurity common sense by trusting IoT devices

All-out AI war

Even as IoT security guidelines expand over time, the continuing introduction of the devices was driving fundamental changes in network configuration and management that can create significant, ongoing problems as attackers get even better at exploiting them.

Increasing intelligence in attack code allows attacks to, for example, identify IoT targets by model and then deliver a customized payload specific to that particular device. This commonality of code is allowing them to assemble many types of devices into ever-bigger botnets, such as the more than 100,000-strong network created by the recent Mirai-derived Persirai malware, in an extremely short time.

“The blackhats are using automation and intelligence as a tool to make the time to breach less than ever,” Manky said.

The potential damage caused by such activities was compounded because, he offered, many CISOs are still failing to identify their ‘crown jewel’ data assets and segment them away from exploitation by compromised devices. This had left critical databases coexisting on networks with exploitable IoT devices – and once hackers start using those devices as conduits into a corporate network rather than harnessing them for outward-facing botnets, data breaches are inevitable.

“Because of automation on the black-hat side, there are security events generated left, right, and center,” Manky said. “CISOs say there is too much noise – which is why we need to be much more advanced in terms of white-hat security solutions.”

Growing integration of AI algorithms and techniques – a recent Teradata study found 70% of businesses are seeing benefits from use of AI in security and governance, or expect to – is revolutionizing business applications as well as cybersecurity defences. This process, Manky warned, was fueling an AI ‘arms race’ that is rapidly turning the whole process of network defence into a “war of AI” that would pit malicious AI engines against algorithms that have been tuned to detect and block those attacks.

“It comes down to time-to-breach versus time-to-respond,” he said, “and how quickly you can find a threat, defend it and shut it down using the kill-chain cycle.”

CSO Online (Australia)


Image by IDG Worldwide