Cybersecurity: machine learning to be the main focus in 2018
In a landscape marked by an explosion in the number of security incidents, machine learning should be the main focal point in 2018. The promise of automated learning is of as much interest to hackers as it is to companies concerned with protecting their informational assets. The subject has even made it onto McAfee’s 2018 five most important trends in cyber security. Get the lowdown here.
Machine learning as a new battleground
Identified as one of this year’s biggest issues, machine learning has some very diverse applications in the world of cyber security. For example, it can be used to analyse the activities carried out by an authentication service so as to trigger an alert or block access when abnormal behaviour is detected. In this context, the system will study all the parameters of the attempted connection and seek to establish all the useful correlations that will allow it to decide whether it should, or shouldn’t, be authorised. Here, it’s the systems’ ability to collect and process large volumes of data in real time that gives the machine a form of intelligence.
On the other hand, attackers are not unaware of the benefits of this approach and are exploiting it by themselves to test the presence of vulnerabilities or to take their social engineering campaigns into business. Their work has given rise to new tools that can learn and adapt to exploit breaches more efficiently. We just need to wait and see which channels these attacks will take.
Other major trends in 2018
Marked by the wide-scale offensives such as WannaCry or BadRabbit, 2017 saw more than a 50% increase in the number of ransomware attacks. McAfee estimates that in 2018 hackers will likely carry out fewer but more targeted attacks, in order to maximise the chances of success. The market may, then, shift from a volume-based approach towards using more sophisticated tools and oriented towards the most lucrative victims. Smartphones will be amongst the new hottest targets.
Particular attention should be paid to new applications being distributed by one or several Cloud providers following the “serverless” logic. This new way of using resources on demand is inducing new security risks: each new application used actually constitutes a new potential attack vector.
And for the last of these trends: the protection of private individuals faced with threats caused by the increase in personal data, particularly fostered by the wide accessibility of IoT. McAfee draws attention to two aspects of the phenomenon that need to be considered: firstly concerning all the deviations, particularly in marketing, that can come from exploiting this information by the manufacturers of the devices in question, despite the upcoming General Data Protection Regulation (GDPR).
As a corollary to the previous point, McAfee also underlines the often poorly-managed importance of consent given by the end-user of online services that involve personal data.
Of machines and men
Conclusion? Now more than ever, cyber security will be the concern of both machines and humans in 2018. Machines will have to learn how to come to terms with evermore sophisticated techniques of attack and defense. Humans, on the other hand, will have to learn how to manage how their information is used.