Cyberattackers capitalize on chaos. The recent string of high-profile cyberattacks against the likes of a British low-cost airline and a Japanese motor company, combined with a series of cybercrime warnings from global governments, confirm that hackers see change, uncertainty, and global disruption not as turmoil, but as an opportunity.
In April, for instance, when many countries found themselves at the height of their struggle with the pandemic, the World Health Organization reported a fivefold increase in cyberattacks and warned of email scams targeting the public at-large that asked for donations to a fictitious COVID-19 response fund.
Not surprisingly, in the same month AI Security company Darktrace revealed that more than 60 percent of phishing emails that it detected were related to COVID-19, or aimed to trick employees by referencing remote working. Darktrace saw attackers posing as CEOs, writing emails to employees asking them to donate to their COVID-19 charity, and even masquerading as IT teams requesting passwords to enable VPN usage.
Hackers targeted industries that were suffering financially and working with a distributed workforce. And yet, as parts of the world begin to return to some kind of normality and businesses reopen their doors, there is little cause for a sense of relief. Rather than making our cyber ecosystems more secure, returning to the office will likely bring a second wave of cyberattacks, as attackers wait for the perfect moment to infiltrate networks, move laterally, and execute malicious payloads.
AI Evolves with the Dynamic Workforce
The rapid transition to remote working precipitated a wealth of security challenges. Companies not only relied on new collaboration tools and technologies but also grappled with leaner security teams. For organizations using rules-based defenses or legacy technologies like firewalls, this proved challenging. How do you put a wall around your infrastructure when it’s constantly in flux? How can you predict what an attack might look like or where it might strike next? Further, how do you tell the difference between a remote employee simply trying out some new software, and a stealthy attacker trying to infiltrate your systems?
Moving to remote working almost overnight saw companies accelerate their digital transformations at an unprecedented rate. With the global disruption caused by the COVID-19 pandemic, elaborate transitions of vast digital estates that would take years to securely implement under normal circumstances suddenly had to occur in an instant. In this cyber climate, organizations rapidly turned to artificial intelligence (AI) to defend their work-forces and infrastructure, transitioning and securing all of the tools for collaboration and communication that support an organization’s complex business operations.
Cyber AI is self-learning and evolves alongside an organization’s expedited transformations. The technology is constantly recalibrating its understanding of the digital environment and what is “normal” for the workforce. And so, when the world turned on its head, AI learned new patterns of life for organizations and continued to autonomously fight back against cyberattacks, before they could do damage, and regardless of where employees were working.
Crucially, as organizations move toward transitioning back into the workplace, the reality is that hackers will be creative in how they take advantage of businesses’ digital environments changing once again. Indeed, workforces are now more dynamic and distributed than ever before. Unlike the sudden shift to remote working that occurred overnight last March, the return back into offices will likely be staggered across different sections of an organization’s workforce, such that some people within one organization might return to work, while others might continue working remotely on a permanent or semi-permanent basis.
Amid this second transition, we can be certain that hackers will again craft targeted campaigns that exploit the novelty of these working conditions with highly-targeted spear-phishing attacks. These emails may reference social distancing guidelines for returning to the office, for example, posing as their HR department or even a CEO.
The pandemic has compelled organizations to embrace digital transformation via the cloud and SaaS applications to facilitate remote working, and these tools are likely to remain in organizations’ technology stacks. Consequently, the security and visibility challenges that come with these tools will persist for companies in a post-pandemic world. Most alarmingly, employees who have been connecting to company infrastructure from their kitchen tables could be bringing compromised devices back into the workplace. Hackers may be lying dormant, waiting to strike when their targets return to the office and connect to the businesses’ IT networks.
There are no longer just two categories: “working from home” and “working from the office.” Today’s work-forces are dynamic, and working can mean working from anywhere and everywhere. Cyber AI technology enabled the rapid transition to remote work, and it will continue to play an essential role in maintaining and optimizing the dynamic workforce’s efficiency as we move into the future. Critically, research from Darktrace’s data showed that the top threat trend over the past few months has been “out of hours” attacks, meaning that there is no respite for security teams–technology that can step in when humans can’t is more crucial than ever.
AI Adapting Alongside the Changing Business
Consider the security team at an airport. To ensure security of the airport, the team must bring together intelligence from a variety of different sources—multiple passport checks, suitcases scanned before they enter the hold, hand luggage checks, as well as security cameras at check-in desks, terminals, shops, and other points of entry. By combing all of this information, the team achieves a complete picture of activity at the airport, and drawing on this understanding, can squash suspicious activity as it occurs.
Similarly, when it comes to cybersecurity, it’s about much more than just strong passwords and firewalls. Companies today should strive for cyber resilience across their entire infrastructure. Remote working tools, cloud platforms, endpoints, inboxes, IoT devices, and industrial control systems all need to be secured, even as they are integrated into new workflows and used to build new digital infrastructures.
Like the security team at an airport, all individual points of entry cannot be effectively monitored in isolation. Only by putting all of this information together in a unified view and analyzing it in the context of the total digital environment can today’s modern business defend itself against threats. This holistic approach to securing digital infrastructure is no longer merely a “nice-to-have”—it is a question of business survival at a time when things are touch-and-go for even the most established organizations.
AI Enables the Innovation and Transformation that is Key to Moving Forward
Protecting the dynamic workforce means taking an innovative approach to improving visibility and controls. AI is now a vital tool for businesses to keep up with all communication and other forms of behavior across collaborative SaaS platforms, the email environment, and the businesses’ IT networks. Remote working has opened up security holes and we cannot simply assume that returning to the office will close them.
Cyber defense must evolve with, and ahead of, this new “normal.” By taking advantage of new capabilities like specialized sensors that extend visibility and detection to remote workers both on and off the VPN, security teams can understand the full picture of their digital infrastructure at all times. Through cyber AI’s deeper integrations with various technologies platforms that are vital for today’s dynamic workforce—it becomes easier to understand these environments and their unique threat vectors.
Further, using Cloud and SaaS-specific AI models also helps protect businesses against data theft and insider threat, which remains a pressing concern for companies whose employees may have unknowingly or even maliciously compromised their systems and servers.
Looking toward the future, what we can do is strive for real-time visibility and machine-speed response across our dynamic networks. This is, by definition, becoming cyber resilient, which means accepting that attackers will take their shots, and embracing technology that detects and responds to these assaults in their earliest stag-es, wherever they might arise on the network. An AI-powered view into a businesses’ total digital environment not only allows for seamless business continuity but also enables companies to adopt new tools and digital integrations in order to adapt alongside highly disruptive times while continuing to drive innovation.
Ultimately, the next “new normal” when employees return to the office will not guarantee security, but rather, it will necessitate a need for holistic cybersecurity, regardless of the technologies being used and regardless of the workforce location. The speed and scale at which organizations must endeavor to understand these changes is simply too great for humans without AI augmentation—moving forward, we must see AI take on more and more of these crucial tasks.
For more great content like this check out:
Finger on the Pulse: How AI Is Helping Businesses Adapt to the New Normal
The Code War: Cyberattacks Are Redrawing the Battle Lines of Global Conflict
A New Class of Threat: Educational Institutions Find Themselves On the Front Lines of Cyberattacks
AI Will Be a Crucial Tool in the Fight Against Next-generation Security Threats
Only as Strong as the Weakest Link: How Cyber AI Protects Global Supply Chains
The Reeducation of AI: A Self-Learning Approach
Top Experts: Pandemic Has “Exponentially Expanded” Corporate Security Vulnerabilities
AI in Healthcare: Protecting the Systems that Protect Us
AI: Enforcing Normal In Extraordinary Times
How AI Is Future-Proofing the Cities of Tomorrow
Offensive AI: Surfacing Truth in the Age of Digital Fakes
How AI Battles Security Threats without Humans
Mimicking a Cybersecurity Analyst’s Intuition with AI
This story was produced by WIRED Brand Lab for Darktrace.
