Can humans teach robots about cyber warfare? This is the question we often get asked when we travel around the world and touch base with IT teams, IT security teams and businesses alike. People want to know if we (humans) stand a chance with machines (robots) at fighting against cybercriminals – and our answer is a simple yes - the synergy effect of these combined (humans and machines) capabilities, is greater than the sum of their parts. The HuMachine approach is emerging to become an effective way of protecting against continually evolving threats.
In the daily life of a researcher at Kaspersky Lab, we detect new types of malware and share our findings with businesses across the continent in a bid to encourage them embrace a different approach towards their security measures. This is critical if you look at a country like Kenya for example. The country ranks 40* as the most attacked country, and also ranks number 10 among the top countries attacked by mobile malware. Therefore, Kenyan businesses need to understand that cyber security in the digital age is more than just anti-virus and firewalls. This can be done by linking data with artificial intelligence (AI), as well as using specialists who know what to look for given that the HuMachine approach combines the best of both worlds - forming a symbiotic relationship between humans and machines.
What makes the HuMachine approach such an important differentiator, is that it incorporates the human element. After all, cyberthreats involve fighting against people and not actual machines. While it is tempting to rely solely on AI for protection and relegate consultants to the ‘budget cut pile’, the reality is that humans are still integral to cyber security. By integrating AI with human expertise and matching it with the data that exists around threat intelligence, companies now have access to a more holistic approach than just having to rely on a single technological platform for security safeguards. Even though machine-learning algorithms are applied to data to elicit actionable insights, they require frequent adjustments to reflect the dynamic nature of the threat landscape. This can only be done effectively with the help of security experts.
When it comes to the traditional approaches, these may still be effective against older attacks, however, Kaspersky Lab research indicates that unfamiliar malware accounts for 30% of current attacks. What’s even more concerning is that businesses are virtually defenceless against attacks that cannot be shut out with a simple signature-based anti-virus solution. Given how effective AI is to perform routine tasks, sifting and organising data at unparalleled speeds, and extrapolating rare insights based on complex data models, people are able to ‘join the dots’ when it comes to more nuanced attacks.
A continually evolving threat landscape means security experts can assist AI with its learning and can also deal with complex and not obvious cases. Of course, the most vital element of the human touch is the ability to think outside the box and apply more finesse to AI-driven insights.
In this digital environment, companies must therefore work with cyber security providers that are not overly reliant on either humans or machines. The ones that understand how best to utilise all available resources and integrate them into the organisational structure will be the best partners. As with so many other business functions, data on its own means very little. Similar to how organisations are relying on data scientists and real-time analytics, so too must businesses partner with security providers that have human expertise in transforming the data of threat intelligence into actionable insights.
These analysts can ‘read’ the data and provide the necessary guidance on where to anticipate attacks happening on the network and how to protect against them. Irrespective of the methods or platforms used for cyber security, decision-makers need to be mindful that no network or organisation can ever be completely protected. However, the cyber security strategy must cover the four key elements of protection namely; prediction, prevention, detection, and response. Only then, can the organisation consider itself ready for the threats awaiting them in the digital business landscape.
In closing, it only takes one successful raid on your IT network for cybercriminals to steal data from any company or organisation and it is normally a matter of whether or not businesses will be attacked. Thereafter, it is about when, and how quickly and completely a business can recover. So, it is important that businesses ensure their cybersecurity strategy covers all four key elements of prediction, prevention, detection and response, and choose a security provider based on their ability to support all of these elements. The organisation’s IT security team needs to allocate a provider with superior machine learning technology and ratified human expertise that is capable of transforming data into mechanisms of proven effectiveness and quality, actionable threat intelligence to anticipate hacks on the system, and the ability to safeguard against them.
*Kenya ranked number 40 as the most attacked country at the time this article was shared.
By Riaan Badenhorst,
General Manager, Kaspersky Lab Africa.