What to do, when cyber attacks are financed by nations and managed by organised crime? Attackers budgets are endless and they will not stop until they get what they want.
When even the hactivists have more resources than professional organisations, it is time to think something else.
Something else have to be totally different. Something more than fancier anti-viruses or firewalls. Intrusion detection is now a commodity and data leak prevention did not really work. Most organisations are turning to security information and event management solutions and building or buying security operations centers.
Old security phrase stated that the human is the weakest link in security. While I did never fully agree that statement, it has always been partially true. Specially now.
The weakness of any current cyber security defence is the human. It does not matter anymore if employees are negligent or the people who have built the defence mechanisms have made mistakes – they are are and they have – always.
Now the real weakness is on the active defence. How fast you can detect something you do not understand. How you even could try to react for something unknown to you? When you find out and understand what is happening, it is way too late. In old information security world (viruses and hackers) you could react for an attack in minutes. Now it all has begun weeks or months ago and all you can do is to calculate your losses.
Another challenge is understanding the goal. As in traditional warfare, the ultimate goal is usually the most protected secret. Same applies for cyber security. You use tons of different channels and methods to get on your target. Not revealing itself too early is more important than achieving 100% of the target. Attacks are so sophisticated, that event the best cyber professionals or brightest analysts cannot see the final goal for an attack by just examining the small parts of the attack mechanism.
So is there an another answer for cybersecurity than having more money, skills and resources than the attacker? In last couple of months I have started to believe that there is – cognitive cyber security platforms. There are already few available and they are best where the humans are weak.
Cognitive cyber security platform is designed to recognise and understand a previously unseen attack, quickly extrapolate the ultimate targets and launch counter-measures and direct security processes according the security policy. Will it do all this and how? Will it really work good enough at ultra-high-security environments? I will find out and tell you what I found later this year!