SECURITY MATTERS / AVEVA
PREDICTIVE CYBERSECURITY IS THE NEED OF THE HOUR AS INNOVATIVE TECHNOLOGIES ARE WEAPONISED BY CYBERCRIMINALS, INDUSTRIAL ENTERPRISES MUST ADOPT A MULTILAYERED APPROACH THAT ANTICIPATES CYBERATTACKS AND SAFEGUARDS CRITICAL ASSETS BEFORE THEY ARE EXPLOITED, SAYS TIM GRIEVESON, CHIEF INFORMATION SECURITY OFFICER, AVEVA.
Tim Grieveson
T
he exponential development of computing devices has expanded access capabilities for cybercriminals to detect and exploit vulnerabilities in innovative ways. With a mediumgrade smartphone now more powerful than the most advanced computers were only a few years ago, for example, cybercriminals can launch powerful and sophisticated attacks at a relatively low cost from a mobile unit while also working from home.
36
AUGUST 2021
That ease of access goes some way to explain why there is a cyberattack every 39 seconds. As industrial organisations embrace digitalisation, inadequate security protection can open up their systems to malicious actors. Criminals today use a wide variety of methods, from commonly used techniques such as phishing and computerised password hacking to more sophisticated operations such as watering hole attacks that deliver malware to visitors. Increasingly, the same innovative technology that is being used to deliver innovative solutions for common benefit is being deployed in destructive ways to inflict catastrophic damage to infrastructure, business systems, and ultimately, the citizenry. Two sides to the same coin Artificial intelligence (AI) is just such an example of dual-use expertise. While the technology has already improved business operations in several ways, AI is already being weaponised for illicit gain. Attackers may seek to control of the data sets that train the AI, for example, by subtly altering parameters or modifying scenarios to avoid detection
of underlying data exploits. Similarly, pattern recognition can be used to identify access points for injectables for remote execution at a later date, or even to improve social engineering by targeting workers at their most vulnerable moments. A simple mention on a social media website about grid maintenance could alert cybercriminals to a potential weakness. At the same time, AI can also be deployed for protection. The best line of defense is often to retaliate in kind. AI is already being adopted in network monitoring and data analytics, where it is used to determine a baseline of normal behavior and identify inconsistencies of different kinds, such as unusual traffic patterns or anomalous server access. As the algorithm learns and progresses, predictive analytics can be deployed to flag up such intrusions early on, while deploying defensive responses and raising supervisory alarms. As technologies such as AI rapidly evolve to become integrated into the industrial passage, cybersecurity issues will remain a key area of concern. Security professionals must assume that AI and other technologies can and
www.tahawultech.com
