Posts

Why Singaporean Businesses should Incorporate AI / Machine Learning into their Cybersecurity Operations

Did you know that 96 percent of Singaporean businesses have reportedly suffered a data breach? And cybercrime is not slowing down. With the financial risk from cyberattacks estimated to be US$5.2 trillion between 2019 and 2023, it creates an ongoing challenge for investors, corporations, and consumers around the world. In Singapore, experts detected approximately 4.66 million web threats in 2019. This shocking statistic acts as a reinforcement for the need for innovative ways of enhancing cybersecurity within our region.

Earlier this year, Finance Minister Heng Swee Keat revealed that the Singapore government will be investing S$1 billion to strengthen its cyber and data security systems to safeguard its critical information infrastructures, as well as its citizens’ data. Moving forward as a digital economy and smart nation, and with increasingly adopted technologies like artificial intelligence (AI), Machine Learning (ML), and Internet of Things (IoT), the Singapore government will also provide more funding to local deep-tech startups and small and midsized businesses (SMBs).

While the term AI was first coined in 1956, today is it a field of computer science, focused on how machines can imitate human intelligence. Successful applications of AI include beating humans at Go, diagnosing cancer, and operating autonomous vehicles. Over the last 10 years, the potential of AI to help with cybersecurity problems has evolved from being over hyped into a critical ingredient of enterprise security programs. In their Top Security and Risk Trends for 2020, Gartner projects that “AI, and especially machine learning (ML), will continue to automate and augment human decision making across a broad set of use cases in security and digital business.”

Finding a Needle in a Haystack

While it is common knowledge to security professionals, others may be surprised by the daily volume of security logs generated by enterprises. The number of logs generated by firewalls, authentication servers, endpoints, and a variety of other devices and security tools total multiple millions every day.  Security information and event management (SIEM) tools can use rules to filter and prioritize these logs into alerts but it is the job of security analysts to investigate the most critical alerts. For example, out of 10 million daily logs, hundreds may require expert human investigation.

Security analyst investigations include examining detailed log data, reviewing correlated events and threat intelligence, and looking for suspicious behavior. Analysts must quickly determine if the event has actually compromised the organization’s security, is a potential threat, or is a false positive. This difficult and time consuming work is made even more challenging by the high percentage of alerts that are false positive. This is why it is not uncommon for security analysts to get “alert fatigue” – losing motivation to thoroughly investigate alerts.

Reactive investigations are necessary but insufficient for a robust security defense. Security teams should also proactively hunt for threats that are not triggered by system alerts. Targeted attacks often aim at stealing critical data and use techniques like obtaining user credentials, upgrading access to a privileged user, and moving laterally across the network. These attacks, also known as advanced persistent threats (APTs), can result in an attacker gaining unauthorized access to a system or network and remaining there for an extended period of time without being detected.  The time a hacker goes undetected on your network, or “Dwell Time”, is commonly measured in months. APTs that use multi-stage attacks that occur over longer periods, commonly referred to as low and slow attacks, are hard to detect with rule based analytics alone. The practice of hackers changing or morphing their attack techniques further adds to the challenge of threat hunting.

AI to the Rescue ai-cybersecurity-superhero-in-gallant-pose

Initial approaches to detecting threats used a subset of AI called unsupervised machine learning to detect anomalies. Unfortunately, while AI has been proven to predict significant future events, the range of behaviors of users, applications, and external data is so complicated it is very hard to identify malicious outliers. The result was many AI-powered products that generated too many false positives to be practical.

While unsupervised learning attempts to find patterns among data points without knowing the meaning of the data, supervised learning infers a relationship based on existing data labels. For example, an AI model can learn to recognize pictures of a table after being trained on a large number of images that are identified as tables. However, in the field of cybersecurity, it is very hard to obtain labelled data to train detection models. Additionally, hackers can change or adapt the attack techniques faster than a supervised learning model can be trained.

The solution to these limitations is active supervised learning, which engages human experts to help create and train threat hunting models. Organizations that are using both AI and humans are 20 times stronger against cyberattacks than traditional methods. The resulting AI models combined with expert feedback can quickly learn to distinguish between malicious and normal behavior. AI-powered threat hunting enables security analysts to significantly increase productivity and detect and respond to more real threats that would have otherwise resulted in a damaging breach.

Can AI Defend Against AI?

Just as security teams and technology vendors are adopting AI to detect and contain threats, hackers can also use AI to power their attacks. Hackers are expected to use AI techniques to target organizations, develop new exploits, and detect vulnerabilities. AI is expected to increase the speed of attacks while reducing cost. For example, writing an effective phishing email takes time and creativity, AI can help automate this process.

The good news is developers of security tools are also rapidly adopting AI as part of the product development and enhancements. However, there is still a lot of marketing hype around AI, so we advise you to dig into the details to assess if your vendors are fully leveraging AI/ML technologies before you make the leap.

Conclusions

Organizations can use machine learning to detect suspicious and unusual patterns that are nearly impossible to discover through the human eye. The intelligent detection algorithms can compare the network data packets continuously to discover anomalous traffic, then apply strategies, such as statistical monitoring and anomaly detection, to identify malware variants communicated over a network. Cybersecurity is traditionally a very time-consuming task but with effective use of AI, you can begin to make your cybersecurity teams more efficient.

Proficio Appoints KJ Lee as Sales Director, APAC

Lee to Expand Proficio’s MDR Services within APAC Region

Singapore – April 27, 2020 – Proficio, a managed security services provider (MSSP) delivering managed detection and response (MDR) services, today announced the company has hired KJ Lee as Sales Director, APAC. Lee will utilize his nearly 20 years in information technology and cybersecurity services to lead the company’s regional sales team and drive continued growth in this sector.

Lee joins Proficio from Tata Communications, where he successfully created and implemented sales and marketing programs for their Managed Security Services portfolio. Prior to Tata, he held various product, sales and strategy roles at StarHub and BlackBerry, where he continually exceeded revenue goals and played an integral role in defining their Managed Services business roadmaps. He was recently the keynote speaker for SCS Cloud Conference 2019, where he spoke on the topic of security in a digital world, focusing on cybersecurity in the cloud and IoT.

“I’m excited to have KJ join the Proficio team,” said Alex Tok, Managing Director, APAC for Proficio. “His deep industry knowledge and proven track record of success will be a tremendous value to our company. With the recent launch of our next-generation platform, KJ will play a key role in strategically accelerating our expansion in the APAC region and continue to strengthen our position as a leader in the managed detection and response services space.”

Proficio recently rolled out their new next-generation platform based on a universal bus architecture, which leverages machine learning and big data technologies, and was recently named a Leader in Markets and Markets SOC-as-a-Service market report.

“In this time of great uncertainty, cybersecurity has never been a more critical area for businesses,” says Lee. “Proficio provides unique and highly effective cybersecurity services, that are in very high demand. Their commitment to protecting their clients is unparalleled, and I am looking forward contributing to the company’s continued success.” 

About Proficio
Founded in 2010, Proficio is an award-winning managed security services provider (MSSP) offering a full range of cybersecurity services through global security operations centers (SOCs) in San Diego, Singapore and Barcelona. Proficio’s services include managed detection and response (MDR), 24/7 monitoring and alerting, Security Orchestration, Automation, and Response (SOAR), AI-based threat detection, Risk-based Vulnerability Management, and Risk Scoring. Proficio’s innovative approach to managed cybersecurity services combines proprietary software, credentialed security analysts, and the industry’s most advanced technologies to help organizations defend against advanced threats. www.proficio.com.

 

Contact:
Kim Maibaum
kmaibaum@proficio.com

Cloud Expo Asia Singapore | Oct 9-10 2019

SIA’S LARGEST DIGITAL TRANSFORMATION EVENT
RETURNS TO MBS ON 9-10 OCTOBER

Whatever is mission-critical for you and your business, accomplish it at Cloud Expo Asia. At the Asia’s largest tech gathering, the impossible becomes possible. Innovation and agility become possible. Efficiency and strategic competitiveness become possible. Staying relevant in a fast-paced business world becomes possible. With new enhanced virtual streams across an expanded TWO SHOW LEVELS for 2019 and with all the sharpest minds, key speakers, leading exhibitors and up-to-the-minute topics explored, it’s the complete cloud experience.  Make it your mission to be there.

TARGET: SingHealth Patient Data Breach

Singapore authorities reported on a cyber-attack affecting SingHealth, the largest group of healthcare institutions in Singapore. This cyber-attack is the largest known cyber-attack targeting organizations based in Singapore that has been reported by Singapore news media. The cyber-attack appears to have resulted in a data breach affecting around 1.5 million patients who visited SingHealth between May 1, 2015 to July 4, 2018. The data breach included personally identifiable information such as names, NRIC, address, gender and race. Around 160,000 of these patients also had their outpatient prescriptions stolen. The Prime Minister of Singapore’s personal information was targeted as part of the attack.

The attack was first identified by database administrators from the Integrated Health Information System (IHIS) on July 4, 2018, when they identified anomalous activity on one of SingHealth’s IT databases. By July 10th, investigators confirmed it was a cyber-attack, with data stolen between June 27 and July 4.

Although attribution to the exact party that performed the attack is speculative with the data that is publicly available, a statement by the Singapore Health Ministry stated that “It [the attack] was not the work of casual hackers or criminal gangs.” We expect to be able to understand more about the attackers once more technical data is available.

Proficio Threat Intelligence Recommendations:

  • Ensure that any sensitive data is encrypted, and limit access of employees and other stakeholders by their roles using the principle of least privilege. Passwords that are stored should be encrypted, and strong password policies should be enforced.
  • Review the organization’s data retention policies on the duration and the types of PII data that should be stored. To further limit data exposure, companies are advised to purge customer’s PII if it is unneeded for business purposes and not required anymore to be retained by law.
  • Any potential victim can check if their data have been compromised by accessing the following website: https://datacheck.singhealth.com.sg.


General Information – Click Here