Government cyber defences should look to AI, behaviour analytics

News

As threat actors weaponise more technology, Cisco researchers warned government agencies should look to behaviour analytics to meet new, self-propagating, network-based threats in 2018.

As threat actors weaponise more technology, Cisco researchers warned government agencies should look to behaviour analytics to meet new, self-propagating, network-based threats in 2018.

Advances in malware, the increasing use of encrypted web traffic, email threats and sandbox evasion tactics are all adding to the threat landscape designed to undermine government efforts to protect critical infrastructure and public data, according to Cisco's 2018 Annual Cybersecurity report.

The increased use of cryptojacking, Internet of Things (IoT) attacks, and Distributed Denial of Service (DDoS) attacks were also among the emerging threats government agencies need a plan for.

“Democracy's adversaries and multiple state-sanctioned actors now have the expertise and tools necessary to take down government networks,” the report said. “Even worse, they have shown the capability to damage critical infrastructure and services, crippling entire regions in the process.”  

Researchers said that government agencies must secure data and infrastructure in a way that promotes resilience of governance and public services by leading in the securing the data of both the agency and private citizens, keeping key infrastructure and assets secure and staying ahead of emerging technologies used by adversaries.

One of the proposed solutions was greater adoption behaviour analytics tools with 88 percent of government security professionals feeling that they have a good understanding of the value that behavioural analytics can bring to their cyber-security initiatives.

“This is a good sign, and indicative that past efforts to educate the public sector on emerging technologies is bearing fruit,” researchers said in the report.

The report also said governments should be aware of the overwhelming adoption of cyber-security frameworks based on national standards and guidelines including NIST and CJIS. Small and large utility companies alike were found to be high profile targets and were also found to report benefiting significantly from adopting the policies.

The study found 59 percent of utilities report using a standardised information security framework is serving them well while 38 percent reported that it was serving them very well.

Researchers also argued the need for more agencies to adopt machine learning and artificial intelligence to help monitor encrypted network communications used by various malware samples. Half of the global web traffic was encrypted as of October 2017 and as the volume increases, adversaries appear to be widening their embrace of encryption as a tool for concealing their activity.

Overtime advanced behavioural analytics capabilities can enhance network security defences and eventually learn to automatically detect unusual patterns in web traffic that might indicate malicious activity, researchers said. 

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events