How AI can protect governments from advanced cyber threats

By Fortinet

Cyber threats are becoming more advanced. Here’s how governments can step up their defenses.

Locking your front door may keep a street burglar out, but it isn’t going to stop organised gangs. They might know that you often forget to lock your door when you head out for your Saturday morning jogs. And that’s when they strike.

Cyber threats are becoming more advanced. The attacks are often well-planned and targeted to each organisation’s specific weaknesses, making them very difficult to guard against.

Governments cannot afford to take any chances. After all, “defense is not a balanced game,” says Jonas Walker, Security Strategist at Fortinet. He shares what advanced threats are, and how governments can step up their defenses to guard against these sophisticated attacks.
 

What are advanced threats


The criminals behind cyber attacks are no longer lone hackers hiding in a dim basement, crawling through a random organisation’s network node by node to find that one gap. It’s more accurate to think of them as large conglomerates, with teams conspiring to reach the deepest recesses of a company’s data stores. “They're actually better organised than most companies, and they have CEOs as well,” explains Walker.

These cyber threats are even more dangerous because once cybercriminals lock in on a company, they devote a lot of effort to finding its weaknesses. “They focus on one single target and they spend a lot of research for that single target,” Walker says. For example, if they know a business relies heavily on its e-commerce shop, they can zoom in on taking their online shop down.

Hackers also don’t have to attack the main data centre directly. Instead, they can enter the network through an employee’s computer and move step by step laterally until they reach critical data.

On top of that, hackers can lurk undetected for up to three to four months in a company’s network, Walker notes. In this time, they can learn all about how the company works, such as who created the payments receipts. A company might have been compromised without even knowing it.
 

How to guard against them


It’s crucial for organisations to know what the attack surface of their network is, and where the cybersecurity gaps are. This will become even more tricky as our world becomes increasingly digitalised, however. Anything that is connected to the internet can be attacked, says Walker.

Besides, companies often prioritise speed over security when rolling out new digital tools, he says, “We have seen this with Covid-19, when people are under a lot of time pressure. They need to change certain styles in a few days because now everyone works from home,” he explains.

Two things can help. The first is to set up a layered defense. “It's not enough just to have one big device at one certain place,” Walker says. In the real world, for instance, if intruders want to gain access to an apartment, it’s not enough to have the key to the door - they would also need the access card to the building, and they would have to get past the security guards.

Fortinet’s Security Fabric can make creating a layered defense easier. It connects all of an organisation’s cybersecurity measures, so that they can talk to one another and share information on potential attacks. “If one party finds out that something is malicious, it immediately sends these updates across the whole fabric,” Walker explains.

Fortinet uses machine learning to teach each of the cybersecurity tools how to tell harmless requests from malicious attacks. “These days, a lot of threats use certain patterns that can be found in other threats,” Walker says. Machine learning can analyse all the potential attacks on a network to find patterns of other known malicious software.
 

Sharing information


The second thing that will help organisations to plug cybersecurity gaps is to share information on cyber attacks with one another. In 2012, Fortinet co-founded the Cyber Threat Alliance. This is a not-for-profit organisation that works to improve the cybersecurity of the global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing among companies and organisations in the cybersecurity field.

This can make a huge difference in cyber defense. “Big security vendors have more than five million devices installed around the world, and all of these devices act as a sensor, which means they get a lot of information,” says Walker. By studying this information, organisations can find out the threat landscape in a certain country. This can help governments understand and prepare for the threats facing their region.

Besides alliance partners from the Cyber Threat Alliance, Fortinet collaborates closely with enterprise technology leaders like Microsoft. Microsoft often discloses security vulnerabilities to the public on their Patch Tuesdays. But they share that information with Fortinet first so they can address these vulnerabilities in their security products beforehand. This allows the defenders to stay one step ahead of cybercriminals.

Cyber defense is no fair battle. “From a defender’s point of view, you need to be successful 100 per cent of the time. If an attacker is successful just once, he has already won,” Walker says. Governments need to tighten their defenses so there is absolutely no room left for attacks. A more connected cybersecurity ecosystem, and threat intelligence sharing can make a difference.