AKAMAI and CONNECT MEDIA recently hosted 10 of Australia’s premier hi-tech leaders for an executive conversation on mitigating the latest cyber-attack threats.
With new attack vendors being discovered almost daily, AKAMAI’sEnterprise Security Architect provided a first-hand account of the emergence of a new security paradigm. Next followed a robust discussion on how to effectively militate against dynamic and mutating attack patterns.
As one of the world’s largest procurers of bandwidth, AKAMAI delivers a formidable portion of the internet. With a hundred and twenty terabytes per second of traffic – and visibility over 15 to 30 percent of global web traffic – AKAMAI absorbs billions of attacks a day.
This data is manipulated by a team of data scientists to create actionable threat intelligence that is then embedded in their security portfolio. Conversation around the table was anchored in this veritable intelligence.
To begin, we detailed the forces provoking change across the entire security ecosystem. The attack surface is expanded dramatically, feeding on devices on The Internet of Things with characteristically archaic security controls. In this sprawling environment, mitigating attacks with legacy perimeter defence methods is no longer feasible.
We identified that relying on a conga line of point security solutions merely serves to create complexity, with each threshold presenting an attack surface the attacker can compromise. And with bots morphing to leverage machines with different IP addresses, IP addressing is no longer sufficient to block an attack. The new defence mantra is not if, but when, as best security practice shifts to protecting critical assets and stopping the attack earlier in the kill chain. A new security paradigm is emerging, one that recognises that infiltration is a constant state for large organisations.
And as an attendee aptly analogised:
There was strong interest in the work AKAMAI is undertaking to trap bots mimicking the human touch. Akamai are leveraging artificial intelligence and machine learning to identify attacks at layer 8 – the human layer. By identifying human and machine characteristics, or neuromuscular actions – the movement of a gyro, accelerometers, patterns in key presses, straight line coordinates and human imperfection – AKAMAI is making real-time, intelligent decisions to protect against evolving bots.
By deploying user behavioural analytics – including orientation and acceleration events – to project a pictorial view of a user’s session, AKAMAI can determine in real-time whether or not the user is legitimate. All this information is fed to an AI engine that is constantly learning human behaviour and being trained to detect new bots.
Conversation around the table then gravitated towards minimising the user impact of modern security controls. As one attendee surmised, ‘It’s all about user impact and how you provide the level of security without obstructing the experience.’
There was a strong consensus that relying on ReCAPTCHA as a default security measure severely hinders the user experience. By only turning to ReCAPTCHA after exhausting other avenues, enterprises can greatly reduce the impact on user experience on their website.
In a security environment that is constantly mutating, the consensus was that it is impossible to implement a solution today and expect for it to work seamlessly in the future. You need a system that is constantly evolving to combat changing threats.
One such stage of this evolution is the concept of data injection. Enterprises can tamper with, and therefore render valueless, the data that is fed to malicious bots and nefarious competitors. As one attendee noted:
Importantly, this form of data injection also creates a legal vector for action – by manipulating injected data assets, an enterprise can clearly trace the mutation to competitors and attribute that the data was stolen.
No model better captures the seismic change erupting across the security landscape than the concept of Zero Trust. Zero Trust represents a deep shift in mentality, one which reflects the swarming business case for bring your own device and that recognises that 50% or more of breaches originate inside an enterprise’s network.
Zero Trust shifts access controls from the corporate security permitter to individual devices and users, dissolving the trusted enterprise perimeter in favour of a ‘never trust; always verify’ approach. In James’ words, ‘VPNs are dead’ – and the delegation agrees.
With cyber-security locked on a trajectory of moves and countermoves, the importance of engaging in continuous industry dialogue cannot be understated.
Leaders around Australia are realising that maintaining a technical knowledge of the changing trends, threats and solutions in the cyber security domain bears heavily on corporate and personal success.
AKAMAI and CONNECT MEDIA will be continuing this series of executive conversations across Australia, empowering leading organisations to stay in the fight – in whatever form it takes.
Dr Stefanos Fotiou is responsible for the planning and implementation of the United Nations Economic and Social Commission for Asia and the Pacific’s work…
Sustainability and Adaptive Retail – Insights Report
As Director of the Centre for Industrial Sustainability at the University of Cambridge, Professor Steve Evans plays a central role informing and influencing the…
The ongoing pandemic has had a consequential impact on all sectors of the national economy, but perhaps none more than the airline industry. As…
To download this Insights Piece as a printable .PDF, click here. To watch the full Panel Discussion, click here. To help define the next…
INTRODUCTION The COVID-19 pandemic is a paradigm shifting event, a crisis of health and a business revelation. The ongoing pandemic has not so much…
Achieving the twin goals of digital convenience and security is a dynamic undertaking in today’s hypercompetitive, digitally entangled environment. Technology is advancing at an…
INTRODUCTION Businesses are beginning to accept that our current operating environment, defined by distance, is not a fleeting affair. The seemingly immutable practices that…
The fourth industrial revolution is rapidly outgrowing its adolescence. Technology is advancing at an exponential rate that is simply unprecedented in human history. And…
Deepening fissures in globalisation, hostile trade wars, a drift towards isolationism and populism—all signs of a global paradigm shift impacting the movement of goods….
We are mining the complexities of the world around us in greater detail than ever before. While this ongoing interrogation has yielded great advances…
Customers, the protagonist of our retail narrative, are fundamentally changing. They are shopping in the moment, and that moment has become ubiquitous. Brands are…
INTRODUCTION Technological decisions within the Healthcare sector have long been guided by risk aversion principles. Digital transformation was perceived as an unnecessary risk to…
Government has long endured its reputation as a digital laggard and rarely elicits the envy of corporates when it comes to data and technological…