March 7, 2018
New white paper on cyber threats
We collaborated with other industry specialists to contribute to this new white paper on the evolution of cyber threats – one of the few authoritative documents about the impact of cyber security issues in the New Zealand context.
Our head of cyber security, Jeremy Jones, was recently approached by NZ specialist liability insurer Delta Insurance to contribute to a white paper on cyber threats, an update of their 2015 white paper on this topic to reflect the current cyber security environment in New Zealand.
The paper points out some of the vulnerabilities of New Zealand businesses, with almost one in five NZ SMEs already the target of a cyber attack, increasing levels of financial loss reported, and New Zealand ranked the 4th largest target in the Asia-Pacific region and 21st globally to be hit by a ransomware attack. In this context, Delta reminds New Zealand organisations to:
assess whether their current cybersecurity measures are sufficient to protect themselves against cyber incidents such as data breaches, malware attacks and ransomware encryptions. If they are inadequate, what areas can they improve in? Are their internal controls lacking? Can they boost their security with the support of industry professionals?
Another factor to consider in an organisation's cyber defences is the seemingly unstoppable rise of artificial intelligence. It's an area we're particularly interested in at Theta, as both an enabler of and threat to cyber security, as Jeremy outlines in the white paper:
The human reliance on AI is a vulnerability in itself. The more systems decide things on their own, the more likely they are to create an issue that is hard to undo or even understand. An example of this are the algorithms and decision machines that underpin the stock market, particularly high-frequency trading. Market disturbances that previously would have had a considered (and albeit less efficient) human response are now amplified through the automation that drives profit margins.
Cyber criminals are essentially businesses that are very tuned to new opportunities but are not operationally bound by ethics, compliance or legislation. They adopt to each new technical advancement faster than the rest of society, the conclusion being that defensive innovation is required to match the threat. Legacy approaches to cyber security have failed, or at least failed to be observed, and AI presents us with an opportunity to provide greater defence-in-depth against cyber adversaries.
Machine learning is becoming increasingly important for cyber security. Without perfect intelligence about your adversaries, it should be impossible to tell what techniques and tradecraft they might use against you in the future. Machine learning can deliver insights into adversary behaviour that complements intelligence derived through other means. It also enables much greater agility and flexibility, since AI-based tools are generally quicker to deploy and faster to deliver positive operational effects than legacy tools.
No hacker leaves no trace, so the ability to predict, detect and prevent adversaries on your network before they are in a position to launch an attack will be the context of the cyber battles of the future.