How can organizations in Asia Pacific turn the tables on increasingly sophisticated and well-funded cybercriminals?

Despite growing awareness and investments in cybersecurity, cyberthreats have not abated; in fact, the risks seem to have increased in frequency and scope.

It’s not as if CISOs are doing less. In fact, their to-do lists have grown substantially longer.

What should business leaders be aware of about the cybersecurity landscape, what technological advances can be employed to effectively mitigate the risks, and what should CISOs be prioritizing to turn the tables on cyber-attackers?

CybersecAsia poses these questions to Max Heinemeyer, VP of Innovation, Darktrace, in an exclusive interview:

Gartner forecasts that 50% of all organizations will be a target of a cyberattack in the next 20 years that will either shut down their entire organization or compromise their most critical systems. Do you agree? Why or why not?

Max Heinemeyer, VP of Innovation, Darktrace

Max Heinemeyer (MH): We agree – cybercrime is incredibly profitable for attackers and it’s often like shooting fish in a barrel. The barriers-to-entry for attacking organizations are only lowering and conducting a ransomware attack today is significantly easier than it was just a few years ago. 

What is more, attackers’ targets are only growing as even the most traditional industries like manufacturing and farming turn to digitization to streamline their operations. A connected world is a hackers’ playground.

The good news is that major technological advancements in cyber-defense are turning the tables on attackers. Over the years, ground-breaking innovations in AI have empowered organizations to detect and respond to emerging threats across their systems at machine speed.

For instance, the launch of Darktrace PREVENT is allowing teams to get proactive with unprecedented tools to anticipate attacks proactively and harden their systems, representing another paradigm shift in the battle against cyber adversaries.

From your latest data, which industry sectors are most targeted globally and in the APAC region?

MH: In June 2022, the IT and communication sector was the most highly targeted industry across our global customer base and in APAC. 

IT companies often strongly interconnected, complex and therefore offer a broad digital target. We’ve seen a sharp increase in software supply chain attacks over the years from the SolarWinds Orion campaign to attacks on Kaseya and Centreon. We can be in little doubt that complex digital supply chains are a hacker’s paradise.

The education sector in APAC was also highly targeted in June, suggesting that hackers continue to see the sector as a weaker underbelly lacking in cyber maturity and manpower. 

Despite growing awareness and investments in cybersecurity, cyberthreats have not abated; in fact, the risks seem to have increased in frequency and scope, with Darktrace data showing that high-priority security incidents increased by 49% between January and June 2022 across your global customer base. What are some current approaches to risk assessment and management, and where are the gaps in these solutions?

MH: Risk management is very fragmented – often based on siloed tools that lack business context. CISOs don’t lack to-do lists – the real challenge is prioritizing the risks, not creating more lists of things that need to be done. In today’s landscape, it’s not feasible for humans to take all of the relevant perspectives into account – they need to know the company inside-out, from every perspective and also think about how an attacker could do damage.

Only AI is capable of dealing with this complexity. One of the goals of PREVENT is to stitch together an organization’s internal and external views and integrate that with our AI’s existing detect and respond capabilities. Insights from each Cyber AI capability continuously provides feedback into other parts of the cybersecurity ecosystem, improving outcomes. This forms a continuous, virtuous cycle, our technology vision: the Cyber AI Loop.

What role does AI play in mitigating the impact of cyberattacks? 

MH: Darktrace’s Self-Learning AI was the first at scale deployment of AI in cybersecurity. Our AI learns a sense of ‘self’ for an organization, its ‘normal’ operations, which allows it to detect the subtle signs of an emerging threat, and then to interrupt that attack in real time.

This is what we call ‘Self-Learning AI’ and today it is plugged into thousands of organizations around the world – working in the background to halt attacks and minimize cyber disruption.

With PREVENT, we’re using AI to get proactive and think like an attacker. It enables the security team to identify, prioritize and test risks, reducing risk and hardening defenses both inside the organization and outside on the attack surface – continuously and autonomously.

What more needs to be done for optimal AI implementation in cybersecurity?

MH: We need to stay challenge-focused and keep the products explainable – nobody wants a black box. That’s why we’ve designed an AI system which keeps the human security team well informed.

Explainable AI leverages natural language processing and visualization to help staff on security and IT teams know what the AI is investigating as well as what it is prioritizing for higher-level human decision making.