Cybersecurity & Artificial Intelligence Trends from 2018

Worsening employee cybersecurity habits and the need for organization-wide cybersecurity literacy.

A study conducted by SailPoint reported that nearly 75% of employees engage in password re-use across accounts, as opposed to just over half four years ago. Nearly half of people surveyed admitted to sharing passwords across personal and work accounts. Part of this is being driven by employees seeing IT practices as inconvenient, as they seek circumvention in favor of personal efficiency.

Public awareness of cybersecurity issues is increasing.

Cybercrime making it into mainstream news headlines has also raised public awareness of its challenges, dangers, and impacts. An increased prevalence of ransomware, such as “cryptojacking” software, has been spurred by the relative ease of orchestrating difficult to trace ransom payments and increasing malware availability.

Artificial Intelligence is being used to enable personalized attacks at-scale.

Attackers are gaining access to troves of personal data to use for increasing threat effectiveness. By combining increasingly sophisticated AI techniques for language understanding with the scraping of publicly available, indexed data, it is becoming far easier for malicious actors to generate increasingly authentic, personalized attacks. As a result, large-scale personalized threats have a lower barrier to entry than ever before.

Artificial Intelligence provides a force multiplier for offensive capabilities.

Machine learning models provide a general mechanism for organization-tailored obscuring of malicious intent, enabling adversaries to disguise their network traffic or even on-system behavior to look more typical to evade detection. In addition to enhancing data exfiltration capabilities, these techniques provide the capability to continually model and adapt to their environment even after deployment, enabling them to persist undetected for longer and potentially infiltrate deeper into organizations.

Artificial Intelligence provides a necessary force multiplier for defensive operations.

Increasing system complexity, endpoint vulnerability, and attack sophistication have expanded the available attack surface in a manner that has left traditional monitoring techniques ineffective. Particularly in a world of increasingly intelligent threats and well-resourced actors, the only cost-efficient and scalable mechanisms for detection and remediation are quickly becoming artificially intelligent systems with the ability to sift through largely unstructured data, identify malicious behavior over potentially long time horizons, and dynamically respond. We’re seeing proof that applications of AI to both local-machine and organization-wide event monitoring can correlate observations to provide root cause analyses and incident investigations beyond traditional analyst capabilities on superhuman timescales.

Perhaps the most important trend over the past year has been the industry’s continued realization and acceptance of a coming arms race between AI-enhanced dynamic threats and AI-enhanced adaptive defenses. 

Artificial Intelligence is not a cure-all.

While AI has deservedly received substantial hype within the cybersecurity realm and beyond, there still exists a substantial gap between algorithm deployment and successful application. To that end, continuing education is still critical for cybersecurity professionals to be able to leverage, collaborate through, and engage with these technologies to form a basis for effective defense: providing AI-enhanced tools with the knowledge and data they need to operate and engaging appropriate levels of trust and reliance in their capability (both in terms of detection and response) to make them a formidable component of a modern defensive cybersecurity strategy.

Utilizing Cyber Range Learning in Academia

Cyber ranges are virtual learning environments used for cyber warfare skills development.  A cyber range offers hands-on learning opportunities for cybersecurity professionals by marrying traditional classroom concepts with more ‘sticky’ experiential learning techniques.

By effectively preparing students to address real-world cyberattack scenarios now, academic institutions will increase their success rate of achieving learning outcomes pertinent to the cybersecurity profession. Further, the students benefit by applying what they’ve learned to realistic cyber situations they’d experience in the workplace.

While there are many cyber range solutions on the market today, there are several key learning capabilities missing on their platforms. Some examples of this are:

  • Game-inspired exercises for fundamental concept learning and skill-building with repetitive, hands-on activities.
  • Defense strategy teaching, which involves engaging in multiple cybersecurity job roles to problem-solve challenges.
  • Limited or non-existent scoring methods for learners to assess skills performance.
  • Lack of team play for collaborative learning and greater strategic work.
  • Infrastructure-only ranges with no pre-programmed learning curriculum.
  • Prescriptive, “check the box” approaches with fixed content (that, over time, will become irrelative and disengage learners).
  • The limited number of virtual environments.

To read more about cyber range learning environments for student skill building, download: 
“The Faces of Cyber Ranges: Tapping into Experiential Skill Building for Cybersecurity Teaching and Learning.”

 

To ensure your academic institution gets the most out of its cyber range investment, the following features and capabilities should be considered to best maximize student learning and skill building:

  • Ensure the cyber range comes installed with pre-existing content that is informed by real-threat scenarios and attack methods.
  • Look for cyber range content that is diverse, offering a mix of both concept-driven exercises and real-world, team-based activities for holistic learning.
  • Consider custom mission builders (like Circadence’s OrionÔ Mission Builder) to create scenarios that mirror the latest threats happening today. This can ensure the learning material is constantly evolving, just as threats are.
  • Assess instructor capabilities for reviewing and grading student performance to prevent tedious log review work.
  • Confirm that course syllabi and other learning materials can be integrated into the cyber range platform to tie learning objectives to actual student performance.
  • Consider gamified activities that encourage students to “learn by doing,” individually and in teams.

In order to address these glaring needs, Circadence created Project AresÒ, the face of the next generation of cyber ranges. Project Ares delivers learning and assessment opportunities to anyone from cyber newbies to cyber ninjas, with both individual and team-based engagements. It can be adapted to students in undergraduate and graduate university programs as well as Middle/High/Primary level schools. High engagement in cybersecurity education is critical because if students are not interested in learning new skills, and aren’t encouraged to think outside of the box, they won’t be adequately prepared to handle threats that are always changing and evolving in the workplace.

Academic institutions have an exciting opportunity in front of them – to lead the way with progressive, next-generation learning approaches that utilize cyber ranges to prepare students for the cybersecurity workplace. Don’t fall behind the times, look into learning through this exciting platform in order to better serve the future workforce.

Living Our Mission Blog Series #2: New Developments for Project Ares 3.6

From new training content to Intelligent Cloud-based hosting options, our immersive, gamified Project Ares cybersecurity learning platform continues to evolve to meet the changing needs of our customers. Enterprise, government, and academic institutions are looking for scalable, diversified, results-driven cybersecurity readiness solutions that allow their organization to flex based on ever-evolving cyber threats. We are pleased to share the latest developments with you.

We’re on Microsoft Azure

Circadence is pleased to announce it is bringing Project Ares cyber ranges to Microsoft Azure cloud service. This arrangement will allow enterprise, government, and academic institutions the opportunity to further scale and grow their cyber range spaces based on ever-evolving cybersecurity goals and objectives. Circadence’s cyber range learning environment will be hosted in the Azure cloud to give further experiential opportunity to clients who seek access to public and private virtual environments for their cyber workforce. This revolutionary combination transforms learning by taking traditional lecture-based training out of the classroom and into interactive real-world environments anytime, anywhere.

Battle Room Alignment to NIST/NICE

All Project Ares battle room exercises and activities have been aligned to NIST/NICE workforce frameworks. Now clients can measure training ROI against industry-standard cybersecurity knowledge-bases, skills, and abilities. The seven NIST/NICE work roles include: operate and maintain, protect and defend, investigate, collect and operate, analyze, securely provision, and oversee and govern.

Scripting Fundamentals a new battle room

Scripting Fundamentals, new Battle Room #10, focuses on scripting fundamentals using Python 2.7 to create loops, functions, user input, casting, data structures, conditions, and modules. There are easy and medium levels of difficulty to adapt to student skill level.

“If you understand the concepts of one language, they oftentimes transfer to many others, such that you can pick them up more quickly,” said Lisa Perdelwitz, Director of Cyber Education and Training at Circadence.

Scripting skills are critical to any assessment team in order to enable them to perform at the next level and yet it continues to be under-taught in the cyber training community. This battle room will provide all users with a basic understanding of scripting and its value in the cybersecurity world and support them with this subject matter, which is proven challenging for learners.

New!  Fast-Paced Mini-Game called RegEXile

RegExile game

RegEXile is an exciting pattern-recognition game that teaches the concepts of regular expressions while exercising trainee’s muscle memory and reaction time.  With an immersive, futuristic scenario, the game challenges players to form the correct expression to select or exclude data in order to save-the-world.

  • Players type in regular expressions to identify the robots to attack, while not hurting fellow humans.
  • Players must recognize patterns in the enemy names and enter proper RegEX techniques to eliminate robots before they destroy the last of humankind.

Operation Black Dragon:  Defend the power grid within Project Ares

Mission 13, focused on defending the power grid, will be introduced soon as “Operation Black Dragon” with an initial ‘easy’ level.

The mission scenario is as follows:

  • Conduct a cyber defense assessment mission on a power distribution plant.
  • The end state of the assessment will be a defensible power grid with user ability to detect attempts to compromise the grid, attribute any attacks, and respond accordingly.

Mission Objectives:

  • Evaluate the risks to the plant.
  • Determine if there are any indicators of compromise to the network.
  • Improve monitoring of network behavior.
  • Be prepared to mitigate an attack if necessary

Core Competencies Required:

  • Digital Forensics
  • Computer Languages
  • Computer Network Defense
  • Computers and Electronics
  • Cybersecurity Law
  • Cryptography
  • Enterprise Architecture
  • Identity Management
  • Incident Response Management
  • Information Assurance
  • Information Systems and Network Security
  • Infrastructure (Network) Design
  • Network Management
  • Operating Systems
  • Risk Management
  • Vulnerability Assessment
  • Hacking Methodologies
  • Web Technology

Project Ares Platform Enhancements

In addition to new content, the Circadence engineering team also made additional updates to the user interface in this 3.6 version, including highlighting actionable buttons and various performance improvements, bug, and color fixes.

Stay tuned for our next release update 3.7!

We strive to enhance and expand Project Ares to keep it current and relevant.  We use our customer feedback to help prioritize new content releases and feature evolutions.  And, we constantly stay on the pulse of the threat landscape across all industries to inspire and inform our battle room and mission exercises.

 

 

 

 

2019 Cybersecurity Predictions

Well, it’s safe to say that 2018 for the cybersecurity industry has been a little doom and gloom. And rightly so. More than 3.5 million unfilled job positions expected by 2021, 90 percent of cyberattacks caused by human error, and what we thought were once effective learning methods prove to only yield a 5 percent information retention rate. The financial sector, governments, and healthcare organizations continue to rank in the top most attacked industries. Cybersecurity spending keeps increasing and phishing, insider threats, and malware keep infiltrating enterprise systems. It appears in 2018, cyber professionals just couldn’t keep pace with evolving threats!

So what does 2019 have in store for the cybersecurity industry? We asked our own Laura Lee, Executive Vice President of Rapid Prototyping to find out: Is there a light at the end of what appears to be a VERY dark (cyber) tunnel?

Increase in Supply Chain Cyber Risk

Supply chain cyber risk will be one of the biggest issues in 2019 and will require a coordinated effort to address. Risks from third party service providers with physical or virtual access to information systems, poor information security practices, compromised software or hardware components, are only a few of the vulnerabilities that stem from this issue. Since breaches tend to be less about technology and more about human error, IT security systems best practices for critical information won’t be foolproof unless employees throughout the supply chain use secure cyber practices.

Increase in Social Media Infiltration

The Facebook breach in 2018 made it apparent that social media platforms are equally vulnerable to sophisticated hackers. In fact, we will likely see an increase in black market vendors moving their businesses to social media channels for added “secrecy.” This will make it harder for law enforcement to track and monitor their activities.

Exploitation of Fear

Attackers will leverage a company’s fear of reputational damage and data loss with extortion tactics. Recent threats to our own election system, healthcare, critical infrastructure tell hackers that organizations are willing to pay more to not have a breach released to the public, rather than pay for them to relinquish their compromised data. This will be a way for hackers to get more money.

Cloud Migration

In an effort to harden security posture, enterprises and government entities will keep moving on-prem software to the cloud for a more seamless, scalable, and elastic data-privacy/sharing/usage experience. There will continue to be a strong appetite for modeling the digital footprint of enterprises in cloud environments.

Better Alignment between the CISO and C-Suite

While it’s important to know what’s likely on the horizon in terms of threats, not all cybersecurity “stuff” is going to be bad.  On the flip side, we will see better alignment between the CISO and the C-Suite as more and more businesses understand cybersecurity isn’t just an “IT issue” but a larger business risk issue that impacts all facets of successful business operations and reputation.

Integration of IT and OT Cyber Infrastructure

Industries like critical infrastructure and manufacturing have a lot of physical (and digital) assets to manage. Operational technology (OT) are the systems (e.g., SCADA, ICS) used to monitor and control infrastructure like power, pipelines, water distribution, and now many things in your house and car. With changing technologies and a drive toward “data-driven and remote operations,  the two technology environments are starting to converge” notes a study from Edith Cowan University. OT data is now accessible via cloud environments for ease of quantitative management reporting and the potential to increase productivity of such systems.

These predictions are really just the tipping point of what’s to come for the cybersecurity industry. Companies will have to keep hardening their security postures, upgrading technologies, upskilling and educating all staff members, and driving a holistic cyber readiness strategy that leverages machine learning and other Artificial Intelligence technologies to automate and augment the workforce.