Nov 13, 2020

Experts say AI is best weapon against cyberattacks

Risk Management
Critical Environments
Joanna England
4 min
Industry experts cite AI as a solution to halt future cybersecurity attacks
Industry experts cite AI as a solution to halt future cybersecurity attacks...

FortiGuard, the global threat intelligence and research organisation, says the weaponising of intelligent edge computing will have an impact on the scale and speed of future cyber-attacks.

The company’s predictions for 2021 and beyond, state that applying artificial intelligence to hasten threat prevention, detection and response, should be combined with actionable threat intelligence. 

Describing the move as “critical” in the fight to protect companies against attacks from cybercrime, the team released their latest intelligence threat predictions along with recommendations for enterprises to action. 

According to the report, cybercriminals will harness 5G enabled devices to create a new surge in advanced threats at extreme speeds and scale. Threats will also exploit emerging edge environments, such as a remote workforce. 

The report advises IT defence teams to plan ahead using AI and machine learning tools to better predict where system vulnerabilities are, and when attacks are likely to strike. 

Derek Manky, FortiGuard Lab’s Chief of Security Insights and Global Threat Alliances, explains; “2020 demonstrated the ability of cyber adversaries to leverage dramatic changes happening in our daily lives as new opportunities for attacks at an unprecedented scale.”

Manky says companies would need to be prepared for further vulnerabilities following the digital transformations enterprises have and are undergoing. 

He comments; “Going into 2021, we face another significant shift with the rise of new intelligent edges, which is about more than just end-users and devices remotely connecting to the network. Targeting these emerging edges will not only create new attack vectors, but groups of compromised devices could work in concert to target victims at 5G speeds.”

Manky adds; “To get out ahead of this coming reality, all edges must be part of a larger, integrated, and automated security fabric platform that operates across the core network, multi-cloud environments, branch offices, and remote workers.”

AI evolution

Artificial Intelligence, the report states, will need to evolve to combat new attack trends. AI technologies are effective because they can predict and build counterattacks against security breach attempts. 

Human operators will have to make sure the security systems have been provided with enough intelligence to counter attacks and anticipate future attacks.

The report adds that pooling resources against a common enemy will prevent breaches.

“Organisations cannot be expected to defend against cyber adversaries on their own. They will need to know who to inform in the case of an attack so that the “fingerprints” can be properly shared and law enforcement can do its work. Cybersecurity vendors, threat research organisations, and other industry groups need to partner with each other for information sharing, but also with law enforcement to help dismantle adversarial infrastructures to prevent future attacks.”

Future cyber attack trends

Connectivity: One of the most significant advantages for cybercriminals in Edge Computing, is the interconnectivity of enterprises that have sacrificed centralised visibility and control in favour of performance and digital transformation. Homeworkers are easy targets for cybercrime, while 5G and an increasing number of IoT devices on networks are becoming increasingly difficult to track. This leaves users and organisations vulnerable to Trojan infiltrations of advanced malware.

Swarm-bots compromise 5G devices to provide greater threat opportunities. Though swarm technologies need extensive processing power to enable individual swarm-bots and to efficiently share information in a bot swarm, once achieved, they can rapidly discover, share, and correlate vulnerabilities, and then shift their attack methods to better exploit the system they’ve infiltrated. 

Social engineering developments means smart devices or other home-based systems that interact with users, could become conduits for deeper attacks. Utilising contextual information about users habits, or finances could make social engineering-based attacks more successful. Smarter attacks might even result in security systems being disabled, or the hijacking smart appliances.

Ransomware is another threat. As it continues to evolve, and IT systems increasingly converge with operational technology (OT) systems, particularly critical infrastructure, there will be even more data, devices, and lives at risk. Ransomware could be responsible for extortion, defamation, and defacement. 

Processing power helps cybercriminals scale future attacks with ML and AI capabilities. Called advanced crypto mining, the process hijacks devices for their processing power, enabling cybercriminals to process massive amounts of data and learn more about how and when edge devices are used. Infected PCs being hijacked for their compute resources are often identified since CPU usage directly impacts the end user's workstation experience. But secondary devices can be less visible.

Satellites and telecommunications are vulnerable, as new communication systems scale and begin to rely more on a network of satellite-based systems. Cybercriminals can target this convergence and follow in pursuit. This could lead to compromised satellite base stations and the spreading of malware through satellite-based networks. Potentially, this would give cybercriminals an opening to target millions of connected users at scale or cause DDoS attacks that could hinder essential communications.

Quantum Computing from a cybersecurity perspective, could create a new risk when it can challenge the effectiveness of encryption in the future. The massive compute power of quantum computers could leave some asymmetric encryption algorithms solvable. Enterprises should prepare to shift to quantum-resistant crypto algorithms by using the principle of crypto agility, to ensure the protection of current and future information. 

Share article

Jun 18, 2021

Group Management: Superior compliance in construction

Group Management
3 min
Group Management’s Steve Cressey on a uniquely collaborative partnership with Mercury Engineering and almost 15 years of compliant construction projects

Group Management Electrical Surveys is a long-standing and vital partner to Mercury Engineering. The company offers an innovative suite of electrical inspection, test and documentation services to ensure compliance in complex major construction projects for many of the UK and EU's leading companies. Utilising in-house cutting-edge solutions and its highly competent and experienced engineers, Group Management provides everything from electrical inspection and testing to thermal imaging surveys, QA/QC management, torque compliance, technical support, DSEAR compliance and electrical installation condition reports.

“No project can achieve handover without the correct documentation and safety critical electrical certification in place,” says Managing Director Steve Cressey. “Our services ensure that project critical documentation and certification can be correctly produced in an efficient, cost effective manner, which makes Group Management an important part of any construction project.” 

Cressey joined the business in 2009, bringing strong and incisive leadership to Group Management, with decades of industry experience giving him a unique understanding of the design through to handover construction process. He has stewarded the business’ partnership with Mercury since its inception and describes it as uniquely collaborative.  

“Our relationship with Mercury Engineering stretches back many years. We partnered with Mercury  on our first Data Centre project together in Watford in 2007, and since then the relationship has gone from strength to strength,” says Cressey.

“The partnership is longstanding, and we’ve built an incredibly strong working relationship. Partnering with Mercury, who are an innovative, cutting-edge technology provider, means we must constantly improve our services offering. We strive to be the best in what we do, and Mercury can trust we will be efficient in delivering on time, on budget, to achieve a successful handover that meets both Mercury’s and the end clients’ future needs.”

Group Management has since successfully completed more than 30 Data Centre projects throughout the EU as Mercury’s preferred electrical compliance partner. The relationship has also seen Group Management partner with Mercury Engineering on four brand-new hospitals in the UK and Ireland, key pharmaceutical projects and a number of commercial and leisure spaces. 

“To ensure the continued success and growth of Group Management we always discuss projects with key clients and their teams, take feedback on the performance of both our business and our individuals, and in turn use that to improve our services,” Cressey says. 

“The professional development of our employees is essential to our success. All our employees are encouraged to continue their education, to further develop their skills through additional training, and that in turn drives better service and a superior product for our clients. We now offer four more services to Mercury than when the partnership began, which has helped spur Group Management’s growth and success within the wider market.”



Share article