By Steve Salinas, Head of Product Marketing, Deep Instinct
Faced with mounting cyber threats, large enterprises are devoting more resources than ever to improving their cybersecurity posture. According to a Cisco survey released last fall, 93% of enterprises with 10,000 or more employees spend more than $250,000 annually on cybersecurity, with half spending over $1 million each year.
The return on those investments leaves much to be desired. A 2019 report from Accenture and the Ponemon Institute found that security breaches had increased 11% since 2018 and had spiked 67% since 2014. Some experts ascribe the problem to woefully understaffed cybersecurity teams – but even fully staffed, highly experienced cyber teams are encountering hacks they can’t fully prevent or contain.
The real culprit isn’t necessarily the size of the typical organization’s cybersecurity staff, but the outdated tools and operational methodologies many of these teams use. As hacks grow more frequent and more complex, organizations should rethink the tools and technologies they’re using to meet the threat.
The Rising Cost of Failure
How much is cybersecurity costing companies? In a recent Ponemon-Deep Instinct survey of IT and IT security practitioners, only 40% of respondents believed their budgets were sufficient for achieving a robust cybersecurity posture.
These budgets are predominantly funneled into containing and remediating threats rather than preventing them – in large part because cyber staff is overwhelmed with the amount of data that they need to monitor. Yet this “assume a breach and then contain” approach comes at a big cost, with the time and money spend remediating attacks costing well into the hundreds of thousands of dollars. The value of preventing a cyber-attack range from $400,000 to $1.4 million, depending on the nature of the attack. If an attack is the first of its kind, it’s virtually guaranteed to succeed with absent strong preventative capabilities, and organizations stand to lose upwards of $1 million per successful attack.
Subpar Solutions, Subpar Results
Why are current approaches to cybersecurity proving so inadequate? Because they over-rely on human intervention.
Specifically, most AI-based cybersecurity solutions are powered by traditional machine learning (ML), which is inhibited by a number of limitations that have become substantial problems in the recent past. Chief among these limitations is data: ML models are trained on only a fraction of the available raw data and are trained on features identified by experts.
Human error, of course, also comes into play, even when highly specialized computer scientists with expertise in cybersecurity carry out ML feature engineering. These professionals excel at training ML models on known threats – but even seasoned cybersecurity professionals are unable to anticipate emerging, first-seen attacks, that are designed to be evasive. Hackers, of course, understand this, which is why they now building malware that is capable of fooling ML models into classifying it as benign.
Finally, there’s a limit to the size of the dataset for training ML systems before reaching learning curve saturation – the point past which the system no longer improves its accuracy.
Given these limitations, ML systems struggle to detect new, previously unseen malware, while generating high rates of false positives. Just as the cost of an unprevented attack can deliver a real blow to the bottom line, the time and resources required to investigate false positives also strain security teams’ resources. This, in turn, breeds a sense of “alert fatigue,” making teams more prone to error when genuine threats emerge.
Simply put, AI trade-offs – not understaffed cybersecurity teams – may be one of the biggest inhibitors to achieving a resilient cybersecurity posture.
AI-Powered Hackers and the Increased Pace of Attacks
Compounding the challenges posed by flawed cybersecurity solutions, hackers are increasingly leveraging automation to diversify their attacks and execute them at an accelerated pace. The AV-Test Institute found that over 350,000 new malware are generated every day and networks regularly experience thousands of security events daily– making it all the more difficult for human security professionals to sift through all potential threats. Even the largest, most skilled cybersecurity teams can’t be expected to handle this load. And when cybersecurity teams successfully detect a threat, they often run out of time to respond before hackers have already caused substantial damage.
Take the 2019 Equifax data breach. In the wake of the breach, Equifax’s security team worked 36-hour shifts, which the company’s CISO acknowledged had come at a great cost to the team’s mental health.
On average, it takes 191 days – half a year – to identify an attack. Without the luxury of months to spare, how should organizations adjust their cybersecurity approach?
A Cyber Paradigm Shift
In the short term, adding more cyber professionals to IT teams can help – but even a large and experienced team won’t be able to compensate for subpar security tools.
Because today’s hackers are operating autonomously, cyber solutions need to do so, as well. Such solutions require minimal staff intervention, enabling teams to triage potential security events and prevent time wasted on false positives. Deep learning-based autonomous solutions also offer powerful capabilities for detecting and preventing attacks before they are executed – potentially helping organizations save millions.
It’s little wonder, then, that two-thirds of IT and IT security leaders believe that using automation and advanced AI like deep learning, will improve their ability to prevent attacks and that they plan to implement these solutions within the next two years.
While beefing up staffing isn’t a panacea, implementing autonomous solutions isn’t about putting cyber professionals out of work. Instead, it’s about putting their essential skillset towards more efficient and strategic use while simultaneously tightening and improving existing cybersecurity measures.
The dizzying pace at which today’s cyber threats are evolving underscores the need for a cyber paradigm shift that emphasizes autonomous protection and attack prevention. Humans alone can’t combat the hyper-efficient machines hackers are employing. Only when malicious actors’ sophisticated technology is met by even more sophisticated technology, will organizations achieve resilient protection.
About the Author
Steve Salinas is Head of Product Marketing for Deep Instinct, a leading provider of deep learning-based cybersecurity solutions. His experience includes holding product management, product marketing, and solution engineering positions with leading security vendors, including Guidance Software (now OpenText), Alert Logic, Siemplify, and Cylance. He is a frequent presenter at industry conferences, podcasts, and regularly publishes blogs aimed at providing both business and technical insights to the security community. Steve went to Texas A&M University for undergrad and earned an MBA from Pepperdine University. Steve lives in Huntington Beach, California. Steve can be reached online at @so_cal_aggie and at the company website https://www.deepinstinct.com/.