Machine Vs Machine | Marc Wilczek | Link11

Marc Wilczek, MD of Link11 has some very interesting thoughts on how cybersecurity is going towards machine vs machine with the help of AI and automation. This technology should help prevent cyber attacks in real time; as they are happening, rather than having to rectify issues after the attack has happened.

Transcript

I’m really pleased to be joined now by Marc Wilczek, the MD of Link 11. Hello, Marc thank you for joining me. Now, you’re here today to tell me about the changing threat landscape, now just as a bit of background what is traditionally the type of attacks that a lot of companies face? How is it changing?

Right to give you a bit of a perspective here, you know, the whole world is going digital and everybody talks about digitisation and everything, but at the same time cybercrime is changing very fundamentally and also cybercrime is actually undergoing if you will a digital transformation.

So even criminals are going through their own digital transformation?

Very much so, yes indeed and actually just very recently there was a report published saying that you know cybercrime were a country it would equate to the 13th largest GDP in the world. Equaling to some 1.5 trillion in annual revenues produced through cybercrime. So we’re talking about very very big numbers, and as much as the digital world, the legitimate digital world is growing so does the crime. And back to your point in the old days, it was very much the notion of individual versus individual, human versus human. And you know, we’re increasingly seeing a very fundamental shift because you know, also the bad guys are ramping up, their abusing and weaponising digital technologies, attacks are getting much much smarter. And in the digital world, it’s more the notion of Machine versus machine as opposed to human versus human.

So traditionally a business might employ a cybersecurity professional who would try and mitigate attacks from cybercriminals who are individuals themselves or hackers, but now the attacks are what they’re carried out by bots there more automated. Just explain to me a little bit more about what’s happening?

Yes, everything you’ve just described as absolutely kind of imprecisely summarising what we’re seeing in the marketplace. So the bad guys are weaponising digital technology as attacks are getting more complex more sophisticated using multiple vectors at once. They’re using and abusing IoT devices to produce massive attacks for instance. So there is a lot happening and you know, the struggle organisations really have is to keep up with that, you know weaponising of digital technology.

So it’s a digital arms race. We still call it a crime, but it’s more like cyber warfare.

It very much is and it’s a bit of a cat and mouse game if you will. And yeah, it’s increasing, you know observable that organisations are really struggling to keep up with that massive amount of data traffic that is for instance coming in. So this complexity now both in the attacks and also in I guess the landscape, the environments that businesses are running.

How do they deal with that complexity these days?

Right, I think automation is really one of the very big subjects these days because the days when organisations were able, again human versus human, to defend attacks. These days are gone because of that increasing complexity and landscapes are also getting more complex, IT Landscapes are getting more complex. It is really important to automatically, first of all, detect but also mitigate these attacks preferably in real time. So an organisation if they are still taking the traditional approach they have a number of people on their IT security team. I mean, you’ve got all sorts of issues that they must be facing not least about when an attack comes in, the extent of the attack where it’s coming from, the time of day even.

So that’s not even going into human error, so what is it that they need to do in order to try and keep up with the criminals?

Right, I think it’s really important to thoroughly assess the threat landscape to be aware of perhaps upcoming and new threats because threat landscape is evolving constantly. That’s one thing but the other thing is wherever possible because of that increasing complexity is to, basically leverage Ai and to leverage machine learning mechanisms, to use ruthlessly automation, wherever possible. Just to stay ahead basically of the game and to defend these attacks.

So you talk about artificial intelligence, automation, it’s algorithms taking on algorithms. So at any point should a human be in the loop or should these be automated to the point where they identify an attack and mitigate that attack?

Right in terms of that mitigation, I think let the machines handle it. It’s much much safer. It’s quicker. It’s real time, but in getting the humans involved or getting an analyst for instance involved makes perfect sense, but do that after the event. So once the attack is over analysing what exactly happened and what does it mean in terms of the landscape and what are perhaps additional precautions that can be put in place in and having a human analysing the situation makes perfect sense, but let’s do that after the event not within or during the event.

So I mean, where do we go from here? Because is it just going to be a case of algorithms chasing algorithms or what are the cybercriminals working on next? And do you still need humans in your security team to make sure that you have the correct weapons or they’re kept up to date?

Yeah, I wish it was so easy to answer that questions, you know, what’s next on their list. I mean that’s exactly the kind of the struggle. It is important to analyse the threat landscape and obviously then to enhance, you know services enhance capabilities in order to keep up, but it’s not that easy to predict. You know, what are the next things on the horizon, you know, that’s kind of a view into the crystal ball if you like.

Yes, I may I be wonderful to be able to predict the future I could use that to my advantage. But all right, so from a from a pragmatic approach, if companies are looking to essentially beef up their cybersecurity and mitigate attacks. How do they start? What are the steps that they should go through?

Right. So the first thing I think is after they’ve analysed the threat landscape, is to identify possible loopholes to think about how can they mitigate these risks leveraging Ai, leveraging automation wherever possible. Organisations are strongly advised to think about an automation first type of policy. So wherever possible employee automation because it’s just you know safer, as you’ve just said precludes human error. It’s real time, you know, it just makes the whole thing a lot more reliable.

Yeah, and in terms of the different attacks, is it a one size fits all, do different organisations see different threats depending which type industry they’re in or which geographical location? Is there that much variation?

There are some common patterns but you know depending on the IT landscape, organisations might be exposed to certain threats more than others. For instance in organisations that have a large workforce, mobile workforce might face more mobile risks an organisation that has a larger web presence, for instance, might be confronted with more web related threats. So very much depending upon the structure of the organisation, the type of business that is carried out, organisations are facing different type of types of threats.

It’s a fascinating subject and I hope you come back again to tell me how it does evolve in the future. But yeah machine versus machine, it’s quite scary.

It is huh.

Marc thank you for coming on and telling me about it.

My pleasure, thanks for having me.