now browsing by tag


#speeddating | #tinder | #pof | #blackpeoplemeet | Council for Entrepreneurial Development’s interim CEO says it’s ‘full speed ahead’ into a virtual world | romancescams | #scams

RESEARCH TRIANGLE PARK – Kelly Rowell, interim CEO at the Council for Entrepreneurial Development, says much of the organization’s entrepreneurial support programs “translated well to a virtual environment and we’re […] View full post on National Cyber Security

A New Viewer’s Guide to Netflix’s ‘Dating Around’ Ahead of Season 2 – TV Insider | #tinder | #pof | romancescams | #scams

Source: National Cyber Security – Produced By Gregory Evans

Are you a a reality TV junkie looking for your next fix? It’s harder and harder to come by with staples like The Bachelorette and Bachelor in Paradise on hiatus with the ongoing coronavirus pandemic, but fear not because Netflix has you covered.

Season 2 of their addictive romantic reality title Dating Around arrives June 12 on the streaming platform. Below, we’re breaking down all the details newcomers need to know before diving into this bingeable fare.

The Premise

Each episode of this series follows one single person looking for love as they go on five different blind dates. Exploring the awkward, sweet and flirty banter common in a first date setting, Dating Around asks the question, who will get a second date? In Season 2 of the program, singles based out of New Orleans will be followed.


Dating Around Season 2

(Credit: Netflix)

Stepping up its game from network dating shows, this series examines all kinds of relationships and orientations ranging from heterosexual and bisexual to same-sex couples. Dating Around is a more diverse alternative in comparison to shows like The Bachelorette or Bachelor which have recently come under fire for its lack of inclusion.


Netflix is offering a glimpse at what’s to come in a newly released trailer which hints at some interesting situations including an awkward reunion between former Tinder matches.

Extra Viewing

If you didn’t tune in for Season 1, there are six episodes currently available for streaming on Netflix. Each installment is roughly a half-hour in length and follows six singles on their quest to find the one for them. Season 1 includes Luke, Gurki, Lex, Leonard, Sarah and Mila, but don’t expect anything beyond their blind dates as Season 1 didn’t include a reunion special like the platform’s other buzzy shows Too Hot to Handle and Love Is Blind.

Dating Around, Season 2 Premiere, Friday, June 12, Netflix

Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The post A New Viewer’s Guide to Netflix’s ‘Dating Around’ Ahead of Season 2 – TV Insider | #tinder | #pof | romancescams | #scams appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | ‘Shot across the bow’: U.S. increases pressure on UK ahead of key Huawei decision | News

Source: National Cyber Security – Produced By Gregory Evans Wednesday, January 08, 2020 1:06 a.m. EST By Jack Stubbs and Alexandra Alper LONDON/WASHINGTON (Reuters) – The United States is making a final pitch to Britain ahead of a U.K. decision on whether to upgrade its telecoms network with Huawei equipment, amid threats to cut intelligence-sharing […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Fraud Decisioning Pulls Ahead In A Tight Race

Source: National Cyber Security – Produced By Gregory Evans

The cat-and-mouse game between law enforcement and code-abusing felons is entering a new year, and a new phase. The world’s biggest social media platforms are cracking down like never before. The latest iterations of third-party solutions are potent hybrids of machine learning and artificial intelligence (AI) — paired with actual humans — to make the tougher calls. Companies are getting much better at fraud detection and prevention, partly in response to its rapid spread.

Digital fraudsters aren’t taking this lightly. One analysis of more than 1.3 billion transactions found that between July and September 2019, about 20 percent of accounts opened were the result of massive bot attacks, not humans. The robot army marched on eCommerce, financial services, gaming and travel sites mostly — a 70 percent rise in bot-driven registrations in Q3 2019 alone. Then there’s the mobile advertising situation. Brands will have spent roughly $77 billion on in-app ads when 2019 is over, and it’s estimated that phonies will dip out with $26.5 billion of that. Such is “bundle ID spoofing” that makes false apps look real to ad networks.

Then there’s the disturbing rise in loyalty program scams. A leading index of digital theft found that loyalty fraud exploded by 89 percent over 2018, opening a vast new front in the battle.

For their part, the anti-fraud community is hitting back hard. Facebook is going deep into device data like battery charge and GPS coordinates to determine if it’s you or someone else making that purchase. FinTechs and merchants have formed a posse of sorts, with validation solutions provider Service Objects recommending using application programming interfaces (APIs) to verify emails, while retailers such as Costco, Morrisons and Tesco tell customers not to fall for social media notifications asking for personally identifiable information. It’s all in the latest PYMNTS Fraud Decisioning Playbook.

Fighting Fakes With Fire

War against digital fraud uses live ammo or, in some cases, recently live. Fishing fraud (not to be confused with “phishing”) is big business, for example. According to the European Union’s Food Fraud Network, fraudsters love seafood so much that it has seriously interfered with supply chain integrity. What’s an example of fish fraud? Selling chemically treated tuna intended for canning as “fresh” and fit for restaurants is a $220 million a year scandal in the U.S. Into the fray steps IBM to partner with Raw Seafoods of Fall River, Massachusetts, on the blockchain-powered Food Trust mobile app. IBM calls it a “… permissioned, permanent and shared record of food system data.”

Fraudsters like travel even more than seafood, and travel booking site TripAdvisor has had it. The platform’s recent transparency report tells of how TripAdvisor anti-fraud detection stopped roughly 1 million false and misleading reviews from ever being made live. Each interactive makes the TripAdvisor AI smarter, guarding content integrity and preserving trust in the brand.

Meanwhile in China, the Alibaba Anti-Counterfeiting Alliance (AACA) used AI to scan for fake accounts, which in turn led Chinese authorities to shut down a reported 500 knockoff shops.

The common denominator in these far-flung cases is AI and machine learning engineered for rapid decisioning on millions of possible fraud attacks while simultaneously providing a delightfully seamless experience for your customers. Easier said than done.

But it is getting done, with innovative systems that leverage human and artificial intelligence.

Data-First to the Last

Data-first approaches are winning right now, where smart AI scans impossibly large datasets making split-second decisions, while organizing and visualizing the rest for human analysts to ingest — an incredibly important stage that is now getting the attention it deserves. The brave new world of the machines exposing fraudulent activity is surprisingly human after all.

It’s all a moving target. When the FBI bobs, cybercrooks weave, and so on. But with new capabilities like device recognition, augmented analytics and data-lake enrichment, plus the intuition of human analysts, the cats are winning their eternal fight with kleptomaniacal cyber-mice.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The Key To Optimizing Merchant Services Study, a PYMNTS collaboration with Endava, examines merchants services providers’ (MSPs) current and future strategies for innovating value-added services. It is based on a survey of executives at more than 200 MSPs, including acquirers, independent sales organizations, payment gateways and payment facilitators.

Source link

The post #cyberfraud | #cybercriminals | Fraud Decisioning Pulls Ahead In A Tight Race appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Video: Inside the Spurs dressing room ahead of Liverpool clash – Spurs Web

Source: National Cyber Security – Produced By Gregory Evans

Tottenham Hotspur have shared a glimpse of inside their dressing room ahead of this afternoon’s Premier League fixture against Liverpool.

The club’s social media team have uploaded footage which shows some of the player’s shirts hanging up in the away dressing room deep within the bowels of the Anfield stadium.

Tottenham are without a win in their last 10 Premier League away games (D2 L8), including a 1-2 defeat to Liverpool in March. The Lilywhites last endured a longer such run between May 2000-January 2001 under George Graham (14 games).

Mauricio Pochettino’s side will be looking to chip away at the thirteen point advantage which Jurgen Klopp’s table toppers currently hold over them in the Premier League table.

Our record at Anfield is less than favourable and are winless in our last eight away league games against Liverpool (D3 L5), last winning at Anfield in May 2011 (2-0), thanks to goals from Rafael van der Vaart and Luka Modric.

Source link

The post #deepweb | <p> Video: Inside the Spurs dressing room ahead of Liverpool clash – Spurs Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Local #cyber-security #firm warns #voters of #clickbait links ahead of #GE14

A local cyber-security firm have warned voters to be prepared for a rise in clickbait phishing links that could potentially be a cybersecurity threat in the upcoming 14th General Election (GE14).

Quann Malaysia general manager, Ivan Wen, said in a statement that the internet could see a rise in clickbait phishing sites or emails with attachments and sensational titles that trick users to click links for “Exclusive” or “Shocking” stories.

“When a news sounds too good to be true, it is likely fake news,” he said.

Phishing sites are used to trick victims into giving their personal data such as email addresses, identity card numbers, and even credit card information.

These phishing emails can also launch ransomware attacks that encrypt important information on the device.

In a worst-case scenario, this can become a national threat, the firm said.

“Besides that, these phishing links could automatically be shared with your contacts once they have access to your device,” Wen said.

According to a report by Dynamic Business Technologies, 48 per cent of IT providers reported that phishing emails were behind ransomware attacks.

Quann cites two country elections where clickbait links resulted in cyber security threats.

In the 2016 US Elections, a phishing campaign by Russian Intelligence Agency was allegedly launched against a US company involved in developing election systems. Fake Google alert emails were sent to employees which when clicked took them to a legitimate looking Google site where hackers were able to steal their data.

Using information obtained in the attack, the hackers sent 122 phishing emails containing Microsoft Word document attachments to local government agencies offering ‘election related products and services’.

These documents had been ‘trojanised’ with a Visual Basic script that once connected to the internet, downloaded an unknown payload to the device, to steal and access the victim’s information, the company said.

Wen said in UK last year, several parliament MPs were targeted in a phishing campaign. While the report said parliament sites and addresses were not compromised, several individual’s personal emails were being compromised with key information leaks.

To prevent being infected by malware via clickbait links, the company advised users to take the following precautions:

• Key in the address of a legitimate news site instead of directly clicking links sent to you

• Before clicking, hover your mouse pointer over the link to view the link address. Do not click website links that are unfamiliar, even if they came from someone you know. Their accounts could have been compromised.

• Install an Anti-Phishing Toolbar and Antivirus that run quick checks on sites you visit to ensure they are safe to visit.

• Only access secure sites that begin with “https” with a closed lock icon near the address bar.

• Regularly monitor your online accounts to ensure they have not been hacked. Use strong passwords and regularly change them.

• Regularly update your browsers with the necessary security patches.

• Beware of pop-up windows masquadering as legitimate extensions of a website as they are often used to target users visiting a website that has been compromised.


The post Local #cyber-security #firm warns #voters of #clickbait links ahead of #GE14 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Looking #ahead to the #biggest 2018 #cybersecurity #trends

Source: National Cyber Security – Produced By Gregory Evans

Jon Oltsik, an analyst with Enterprise Strategy Group in Milford, Mass., examined some of the top 2018 cybersecurity trends. While some analysts have focused on ransomware, and others made dire pronouncements about nationwide power-grid attacks, Oltsik said he’s more concerned about cloud security, where easily exploitable vulnerabilities are becoming increasingly likely.

Security teams — many of which are facing a severe lack of cybersecurity skills — are struggling with the rapid deployment of cloud technologies, such as virtual machines, microservices and containers in systems such as Amazon Web Services or Azure. Many organizations are switching to high-end security options from managed security service providers or SaaS providers. ESG research indicated 56% of organizations are interested in security as a service.

Among other 2018 cybersecurity trends, Oltsik said he foresees greater integration of security products and the continued expansion of the security operations and analytics platform architecture model. As large vendors like Cisco, Splunk and Symantec scramble to catch up, they will fill holes in existing portfolios. Although he said he sees machine learning technology stuck in the hype cycle, in 2018, Oltsik projects machine learning will grow as a “helper app” in roles such as endpoint security or network security analytics.

With the introduction of the European Union’s General Data Protection Regulation (GDPR) on May 25, 2018, Oltsik said a major fine — perhaps as much as $100 million — may serve as a wake-up call to enterprises whose security platforms don’t meet the standard.

“One U.K. reseller I spoke with compared GDPR to Y2K, saying that service providers are at capacity, so if you need help with GDPR preparation, you are out of luck. As GDPR anarchy grips the continent next summer, look for the U.S. Congress to (finally) start engaging in serious data privacy discussions next fall,” he added.

The challenges of BGP
Ivan Pepelnjak, writing in ipSpace, said when Border Gateway Protocol (BGP) incidents occur, commentators often call for a better approach. “Like anything designed on a few napkins, BGP has its limit. They’re well-known, and most of them have to do with trusting your neighbors instead of checking what they tell you,” he said.

To resolve problems with BGP, Pepelnjak recommended the following: First, IT teams need to build a global repository of who owns which address. Second, they need to document who connects to whom and understand their peering policies. And they need to filter traffic from those addresses that are obviously spoofed.

The good news, Pepelnjak, said, is most BGP issues can be solved with guidance from volume 194 of Best Current Practices — the latest update. In Pepelnjak’s perspective, internet service providers (ISPs) are often the problem. ISPs have little incentive to resolve BGP issues or reprimand customers who can easily switch to more permissive providers. An additional problem stems from internet exchange points running route servers without filters.

According to Pepelnjak, because engineers hate confrontation, they often turn to cryptographic tools, such as resource public key infrastructure, rather than fixing chaotic or nonexistent operational practices. “What we’d really need to have are (sic) driving licenses for ISPs, and some of them should be banned for good, due to repetitive drunk driving. Alas, I don’t see that happening in my lifetime,” he added.

Read more of Pepelnjak’s thoughts on BGP issues.

Artificial intelligence, low-code and abstracting infrastructure
Charlotte Dunlap, an analyst with GlobalData’s Current Analysis group in Sterling, Va., blogged about the repositioning of mobile enterprise application platforms (MEAP) to address app development and internet of things. Dunlap said advancements in AI, API management and low-code tools play into DevOps’ need for abstracted infrastructure.

GlobalData research indicated that MEAP is widely used to abstract complexity, particularly in use cases such as application lifecycle management related to AI-enabled automation or containerization.

GlobalData awarded high honors to vendors that integrated back-end data for API management, such as IBM MobileFirst and Kony AppPlatform. Dunlap said mobile service provider platform strategies have increasingly shifted to the needs of a DevOps model.

“Over the next 12 months, we’ll see continued momentum around a growing cloud ecosystem in order to stay competitive with broad platform services, including third-party offerings. Most dominant will be partnerships with Microsoft and Amazon for offering the highest levels of mobile innovation to the broadest audiences of developers and enterprises,” Dunlap said.

The post Looking #ahead to the #biggest 2018 #cybersecurity #trends appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How #AI can help you stay ahead of #cybersecurity threats

Source: National Cyber Security – Produced By Gregory Evans

How #AI can help you stay ahead of #cybersecurity threats

Since the 2013 Target breach, it’s been clear that companies need to respond better to security alerts even as volumes have gone up. With this year’s fast-spreading ransomware attacks and ever-tightening compliance requirements, response must be much faster. Adding staff is tough with the cybersecurity hiring crunch, so companies are turning to machine learning and artificial intelligence (AI) to automate tasks and better detect bad behavior.

What are artificial intelligence and machine learning?

In a cybersecurity context, AI is software that perceives its environment well enough to identify events and take action against a predefined purpose. AI is particularly good at recognizing patterns and anomalies within them, which makes it an excellent tool to detect threats.

Machine learning is often used with AI. It is software that can “learn” on its own based on human input and results of actions taken. Together with AI, machine learning can become a tool to predict outcomes based on past events.

Using AI and machine learning to detect threats

Barclays Africa is beginning to use AI and machine learning to both detect cybersecurity threats and respond to them. “There are powerful tools available, but one must know how to incorporate them into the broader cybersecurity strategy,” says Kirsten Davies, group CSO at Barclays Africa.

For example, the technology is used to look for indicators of compromise across the firm’s network, both on premises and in the cloud. “We’re talking about enormous amounts of data,” she says. “As the global threat landscape is advancing quite quickly, both in ability and collaboration on the attacker side, we really must use advanced tools and technologies to get ahead of the threat themselves.”

AI and machine learning also lets her deploy her people for the most valuable human-led tasks. “There is an enormous shortage of the critical skills that we need globally,” she says. “We’ve been aware of that coming for quite some time, and boy, is it ever upon us right now. We cannot continue to do things in a manual way.”

The bank isn’t alone. San Jose-based engineering services company Cadence Design Systems, Inc., continually monitors threats to defend its intellectual property. Between 250 and 500 gigabits of security-related data flows in daily from more than 30,000 endpoint devices and 8,200 users — and there are only 15 security analysts to look at it. “That’s only some of the network data that we’re getting,” says Sreeni Kancharla, the company’s CISO. “We actually have more. You need to have machine learning and AI so you can narrow in on the real issues and mitigate them.”

Cadence uses these technologies to monitor user and entity behavior, and for access control, through products from Aruba Networks, an HPE company. Kancharla says that the unsupervised learning aspect of the platform was particularly attractive. “It’s a changing environment,” he says. “These days, the attacks are so sophisticated, they may be doing little things that over time grow into big data exfiltration. These tools actually help us.”

Even smaller companies struggle with the challenge of an overload of security data. Daqri is a Los Angeles-based company that makes augmented reality glasses and helmets for architecture and manufacturing. It has 300 employees and just a one-person security operations center. “The challenge of going through and responding to security events is very labor-intensive,” says Minuk Kim, the company’s senior director of information technology and security.

The company uses AI tools from Vectra Networks to monitor traffic from the approximately 1,200 devices in its environment. “When you look at the network traffic, you can see if someone is doing port scans or jumping from host to host, or transferring out large sections of data through an unconventional method,” Kim says.

The company collects all this data, parses it, and feeds it into a deep learning model. “Now you can make very intelligent guesses about what traffic could potentially be malicious,” he says.

It needs to happen quickly. “It’s always about the ability to tighten up the detection and response loop,” he says. “This is where the AI comes in. If you can cut the time to review all these incidents you dramatically improve the ability to know what’s happening in your network, and when a critical breach happens, you can identify and respond quickly and minimize the damage.”

AI adoption for cybersecurity increasing

AI and machine learning are making a significant difference in how fast companies can respond to threats, confirmed Johna Till Johnson, CEO at Nemertes Research. “This is a real market,” she says. “There is a real need, and people are really doing it.”

Nemertes recently conducted a global security study, and the average time it took a company to spot an attack and respond to it was 39 days — but some companies were able to do it in hours. “The speed was correlated with automation, and you can’t automate these responses without using AI and machine learning,” she says.

Take detection, for example: “The median time for detection is one hour,” she says. “High-performing companies typically do this in under 10 minutes — low performing companies take days to weeks. Machine learning and analytics can bring this time to effectively zero, which is why the high-performing companies are so fast.”

Similarly, when analyzing threats, the median time is three hours. High performing companies take just minutes, others take days or weeks. Behavioral threat analytics have already been deployed by 21 percent of the companies surveyed, she says, and another 12 percent says they would have it in place by the end of 2017.

Financial services firms in particular are on the leading edge she says, since they have high-value data, tend to be ahead of the curve on cybersecurity, and have money to spend on new technologies. “Because it’s not cheap.”

When it comes to broader applications of AI and machine learning, the usage numbers are even higher. According to a Vanson Bourne survey released on October 11, 80 percent of organizations are already using AI in some form. The technology is already paying off. The single biggest revenue impact of AI was in product innovation and R&D, with 50 percent of respondents saying the technology was making a positive difference, followed by customer service at 46 percent and supply chain and operations at 42 percent. Security and risk wasn’t far behind, with 40 percent seeing bottom-line benefits.

The numbers are likely to keep going up. According to a recent Spiceworks survey, 30 percent of organizations with more than 1,000 employees are using AI in their IT departments, and 25 percent plan to adopt it next year.

Seattle-based marketing agency Garrigan Lyman Group is deploying AI and machine learning for a number of cybersecurity tasks, including monitoring for unusual network and user activity and to spot new phishing emails. Otherwise, it’s impossible to keep up, says Chris Geiser, the company’s CTO. “The hackasphere is a volunteer army and it doesn’t take much education or knowledge to get started,” he says. “They automated their operations a long time ago.”

AI and machine learning gives the company an edge. Although the company is small — just 125 employees — cloud-based deployment makes it possible to get the latest technology, and get it quickly. “We can have those things up and running and adding value within a couple of weeks,” he says. The Garrigan Lyman Group has deployed AI-enabled security tools from Alert Logic and Barracuda, and Geiser says that he can see the products getting smarter and smarter.

In particular, AI can help tools adapt quickly to a company’s requirements without significant up-front training. “For example, an AI model can automatically learn that for some companies if the CEO is using a non-corporate email address it is anomalous,” says Asaf Cidon, VP of content security services at Barracuda Networks, Inc. “In other companies, it is totally normal for the CEO to use their personal email when they are communicating from their mobile device, but it would not be normal for the CFO to send emails from their personal address.”

Another benefit of cloud delivery is that it’s easier for vendors to improve their products based on feedback from their entire customer base. “Cybersecurity is a lot like neighborhood watch,” Geiser says. “If I didn’t like what I saw on the other end of the block, it tips everyone off that there could be a problem.”

In the case of phishing emails or network attacks, new threats can be spotted when they first show up in other time zones, giving companies hours of early warning. That does require a level of trust in the vendor, Geiser says. “We’ve gone on reputation, references, on a number of different due diligence paths to make sure that the vendors are the right vendors to use, and follow best practices for audit and compliance to make sure that only the right person has access,” he says.

As companies first transition from manual processes to AI-based automation, they look for another kind of trust — in addition to having visibility into the vendors’ operations, it helps to have visibility into the AI’s decision-making process. “A lot of the AI out there right now is this mysterious black box that just magically does stuff,” says Mike Armistead, CEO and co-founder at Respond Software, Inc. “The key in expert systems is to make it transparent, so people trust what you do. That gets even better feedback, and creates a nice virtuous cycle of reinforcing and changing the model as well.”

“You always need to know why it made the decision,” confirmed Matt McKeever, CISO at LexisNexis Legal and Professional. “We need to make sure, do we understand how the decision was made.”

The company recently began using GreatHorn to secure email for its 12,000 employees. “If we start getting emails from a domain that looks similar to a legitimate one, it will flag it as a domain look-alike, and it tells us, ‘We flagged it because it looks like a domain you normally talk to, but the domain header flags don’t look right,’” says McKeever. “We can see how it figured that out, and we can say, ‘Yes, that absolutely makes sense.’”

As the level of trust increases, and accuracy rates improve, LexisNexis will move from simply flagging suspicious emails to automatically quarantining them. “So far, the results have been really good,” McKeever says. “We have high confidence that we’re flagging is malicious email, and we’ll start quarantining it, so the user won’t even see it.”

After that, his team will expand the tool into other divisions and business areas at LexisNexis that use Office 365, and look at other ways to take advantage of AI for cybersecurity as well. “This is one of our early forays into machine learning for security,” he says.

How AI gets ahead of the threat landscape

AI gets better with more data. As vendors accumulate large data sets, their systems can also learn to spot very early indications of new threats. Take SQL injections, for example. Alert Logic collects about half a million incidents every quarter for its 4,000 customers, about half of which are SQL injection incidents. “There’s not a security company in the world that can look at each one of those with a human set of eyes and see if that SQL injection attempt was a success or not,” says Misha Govshteyn, Alert Logic’s cofounder and SVP of products and marketing.

With machine learning, the vendor is not only able to process the events more quickly, but also correlate them across time and geography. “Some attacks take more than a couple of hours, sometimes days, weeks, and in a few cases months,” he says. “Not only are they taking a long time to execute, but also coming from different parts of the Internet. I think these are incidents that we would have missed before we deployed machine learning.”

Another security vendor that is collecting a large amount of information about security threats is GreatHorn, Inc., a cloud-based email security vendor that works with Microsoft’s Office 365, Google’s G Suite, and Slack. “We’re now sitting on almost 10 terabytes of analyzed threat data,” says Kevin O’Brien, the company’s co-founder and CEO. “We’re starting to feed that information into a tensor field so we can start to plot relationships between different kinds of communications, different kinds of mail services, different kinds of sentiments in messaging.”

That means that the company can spot new campaigns and send messages to quarantine, or put warning banners on them days before they’re conclusively identified as threats. “Then we can retroactively go back and take them out of all email inboxes where they were delivered,” he says.

Where AI for cybersecurity is headed next

Looking for suspicious patterns in user behavior and network traffic is currently the low-hanging fruit for machine intelligence. Current machine learning systems are getting good at spotting unusual events in high volumes of data and carrying out routine analysis and responses.

The next step is to use artificial intelligence to tackle more thorny problems. For example, the real-time cyber risk exposure of a company depends on a large number of factors. Those include unpatched systems, insecure ports, incoming spear phishing emails, number of privileged accounts and insecure passwords, amount of unencrypted sensitive data, and whether it is currently being targeted by a nation-state attacker.

Having an accurate picture of its risks would help a company deploy resources most efficiently, and create a set of metrics for cybersecurity performance other than whether the company has been breached or not. “Today, if you were to try to describe your environment, this data is either not being gathered correctly or not being converted into information,” says Gaurav Banga, founder and CEO at Balbix, Inc., a startup that is specifically trying to tackle the problem of predicting the risk of a breach.

AI is key to solving that challenge. “We have 24 different types of AI algorithms,” Banga says. “We produce a bottom-up model, a risk heat map that covers every aspect of the environment, clickable so you can go down and see why something is red. It is prescriptive, so it tells you that if you can do these things, it can become yellow and eventually green. You can ask questions — ‘What is the number one thing I can do now?’ or ‘What is my phishing risk?’ or ‘What is my risk from WannaCry?’”

In the future, AI will also help companies determine what new security technologies they need to invest in. “Most companies today don’t know how much to spend on cybersecurity and how to spend it,” says James Stanger, chief technology evangelist at CompTIA. “I think we need AI to help provide metrics, so that as a CIO turns around and talks to the CEO or talks to the board, and says, ‘Here’s the money we need and here are the resources we need,’ and have the true and useful metrics to justify those costs.”

There’s a lot of room for progress, says Alert Logic’s Govshteyn. “There is very little use of AI in the security space,” he says. “I think we’re actually behind other industries. It’s amazing to me that we have self-driving cars before we have self-defending networks.”

In addition, today’s AI platforms don’t actually have an understanding of the world. “What these technologies are very good at are things like classification of data based on similar data sets that they’ve been trained on,” says Steve Grobman, CTO at McAfee LLC. “But AI isn’t really intelligent. It doesn’t understand the concept of an attack.”

As a result, a human responder is still a critical component of a cyber defense solution. “In cyber security, you’re trying to detect an adversary who is also human and is trying to thwart your detection techniques,” Grobman says.

That’s different from any other areas where artificial intelligence is currently being applied, such as image and speech recognition or weather forecasting. “It’s not like the hurricane is saying, ‘I’m going to change the laws of physics and make water evaporate differently to make it more difficult to track me,’” says Grobman. “But in cybersecurity, that’s exactly what’s happening.”

Progress is being made on that front. “There’s a research area called generative adversarial networks, where you have two machine learning models where one tries to detect something and the other sees if something was detected and tries to bypass it,” says Sven Krasser, chief scientist at CrowdStrike, Inc. “You can use things like that for red teaming, for figuring out what new threats can be.”

The post How #AI can help you stay ahead of #cybersecurity threats appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why hackers may always remain a step ahead

Source: National Cyber Security – Produced By Gregory Evans

It was only a month ago that WannaCry, the malware that held over 200,000 individuals across 10,000 organizations in nearly 100 countries to ransom, created havoc across the world including some companies in India. Security firms had, then, cautioned that this was not the last case of ransomware that we…

The post Why hackers may always remain a step ahead appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Eighteen US States Have Requested Cybersecurity Help Ahead of Election


Source: National Cyber Security – Produced By Gregory Evans

Eighteen US States Have Requested Cybersecurity Help Ahead of Election

Eighteen US states have requested сybersecurity help from the US Department of Homeland Security ahead of presidential elections.
Eighteen US states have requested help from the US Department of Homeland Security to reinforce their cyber networks ahead of upcoming elections,

The post Eighteen US States Have Requested Cybersecurity Help Ahead of Election appeared first on National Cyber Security.

View full post on National Cyber Security