We have looked at many examples of malware in the blog, such as Stuxnet, which target national security or critical infrastructures run by national governments. Yet in general, many of the most common cyberattacks continue to focus primarily on private organizations as they tend to present a higher financial value for adversaries, in particular where ransomware is concerned.
We cannot however forget that public organizations and agencies are also subject to a large number of threats, which are increasing during the current pandemic, such as those that have recently targeted the healthcare and education sectors.
The problem is compounded by difficulties endemic to the public sector. Antonio Grimaltos, IT security technician at the Valencian regional health service, admits that, while in the private sector CISOs have acquired a certain degree of decision making responsibility and autonomy, in his case he encounters bureaucratic obstacles and a lack of resources at a regional level. This is why, more than ever, the public sector requires the tools to facilitate the cybersecurity tasks and processes that SOCs and CISOs undertake, such as automation and Machine Learning.
Last August, a webinar on cybersecurity for US federal agencies looked at these issues. The event featured renowned experts and heads of cybersecurity at organizations like the non-profit ACT-IAC agency and NASA.
In fact, NASA’s CIO, Mike Witt, explained that “We’ve got to get away from the mindset of: You can account for every alert. You’ve got to embrace orchestration … artificial intelligence, machine learning.”
Also, Wendi Whitmore, Vice-President of IBM X-Force, underlined how the US Defense Department has been a leader in developing security automation best practice. In fact, FedScoop reported that the US Air Force had adopted a system using AI with probability-based calculation instead of complex neural networks.
All speakers highlighted the benefits and the need for automation in government systems. Whitmore underlined the argument with data from an IBM report: organizations that invest in automation have far lower costs caused by data breaches, 2.45 million dollars as opposed to 6 million dollars for those that don’t. That’s why she believes that these are tools that everyone should adopt.
Automation with EPDR_
These tools and automation are a key factor in Cytomic’s EPDR technologies. The Zero-Trust Application Service is a fully automated service, performing binary classifications in a cloud-based AI system where a wide variety of machine learning algorithms are executed and hundreds of static, behavioral, and context attributes are processed in real time. Attributes are extracted from the telemetry of a protected environment with physical sandboxes* where files can be executed in a completely secure context.
This automated classification with Cytomic EPDR accounts for 99.98 percent of processes, so only 0.02 percent require manual intervention from experts. As such it is self-sufficient, and does not need to be monitored by end users. For public sector organizations with limited human resources and CISOs under increasing pressure, as experts have said, this type of automation could be essential.
* Cytomic uses physical sandboxing instead of VM-based sandboxing as many malicious applications detect the presence of the latter and hide their activity in order to avoid detection.