No More Nigerian Prince: Today’s Cyber Threats Require Strong Offense

Bad actors and IT security pros will use AI in a race to outpace one another.

Some cybersecurity experts say that IT security leaders should take a more offensive stance when it comes to cybersecurity threats.

“Assume a hostile actor is already in your network,” said Paul Furtado, vice president, analyst - Midsize Enterprise Security at Gartner, who spoke at the Midsize Enterprise IT Security Summit Tuesday in Atlanta.

Zero Trust Doesn’t Mean ‘No Trust’

On the heels of that statement, Furtado also cautioned about security leaders placing too much trust into zero-trust solutions.

“Don’t put too much into your zero-trust project,” he said. Instead, place zero trust solutions in the areas of your infrastructure only where they need to be, he added.

Zero trust is a bit of a misnomer, he said. “It’s not about no trust, it’s about [the] right trust,” when it comes to a security strategy,

Anthony Pillitiere, the co-founder of Horizon3.ai, echoed Furtado’s points about talking a proactive cybersecurity stance. He called for organizations to adopt a “defense-driven philosophy.”

“We need to think about how ... an attacker is going to attack us,” he said.

‘Gone Are The Days Of The Nigerian Prince’

Of course, the sessions also touched on the security implications of AI.

Furtado was blunt, and said that “AI is BS.”

“AI is a threat. Do not get me wrong. I am not belittling that at all. The reality is in today’s space right now, AI is an accelerator. It’s an accelerator for a couple of reasons. A lot of the threats that we’re seeing that are being used by AI are not necessarily new and novel. What they are is it’s accelerating both the velocity and the volume of the attacks that we’re seeing. It’s still the same type of attacks. It’s those much better crafted emails that we saw. It’s some of the things like some of the [deepfakes] ... [AI] removed barriers to entry.

However, Furtado argued that AI will also serve as a powerful tool in the war against modern-day threats.

With AI, it’s vital to consider “how are the bad actors using it? And then, how are we able to use it from the defensive side?” he said. “We’re using [AI] for the attack upskill, making [security] teams much better ... trying to get additional information out of those AI systems and understanding how they’re making their decisions and their logics,” he said. “Gone, are the days” of simpler threats like those from phishing email demands for funds from “the Nigerian prince,” he said.

AI is also key in fighting ransomware, which is also growing more sophisticated as are other attacks such as phishing, ironically, because of AI.

“Ransomware is turning into extortionware,” Furtado said, citing studies by researchers in the Gartner labs. Hackers aren’t waiting to encrypt data anymore, often exfiltrating it as is and holding it hostage.

Regular Pen Testing Is Crucial

For Pillitiere, regular penetration testing is crucial for cybersecurity defenses. The best method to finding exploits is by “attacking yourself on a regular basis,” he said.

“You use the offensive approach to understand and highlight your exploitable gaps,” he said. “Focus on exploitation ... find, fix, and verify on a regular basis on your exploitable weaknesses before threat actors do. It is hugely important that we shift our mindset.”

Cyber Physical Systems And IT Defenses

Cyber physical systems including IoT- and OT-connected devices, are all conduits for hackers to compromise an infrastructure.

“What if I [as a hacker] shut the fans off in your data center?” Furtado said. “Now you have a thermal problem.”

While IT leaders should respect the choices of other departments in the organizations, for example, they “shouldn’t be telling plant operations or facilities what they can and cannot put on the network ... you do need to know what normal looks like. I need to know what protocol it talks on. I need to know what the packet size is. I need to know what the communication paths are, because if there is a deviation in that, it could be an early indicator of compromise,” he said.