Why you need a prevention-first security strategy

Against a backdrop of growing and evolving threats and skills gaps, organisations of all sizes need to reconsider their cybersecurity strategy

It’s not quite Nostradamus, but being able to predict the future using the power of AI and mathematics could be the best way to defeat ever more confident and sophisticated cybercriminals.

Governments and businesses may have raised the white flag in response to the 50% year-over-year increase in weekly attacks across the globe last year – according to Check Point Research figures – but software security giant BlackBerry says they do have the power to fight back.

“If you look across the market at the moment, the most common method of defence against cyber-attack is detect and response,” says Keiron Holyome, vice president UKI and emerging markets at BlackBerry. “The industry has given up on trying to prevent attacks happening, but we are putting prevention at the back, centre and front of our strategy. We are using technology in the right place to stop malicious activity getting near to your networks.”

Growing threats
Holyome is referring to BlackBerry’s AI prevention first approach. Its suite of Cylance AI products includes ‘CylancePROTECT’, which ‘identifies and stops attacks at the door’. It can detect and prevent potentially harmful code in less than 50 milliseconds and can predict malware attacks on an average of 25 months prior to appearing online.

These attacks are increasingly coming from a range of sources such as state actors and are aimed not just at government or big business but also at innovative start-up firms and their lucrative IP (intellectual property).

Indeed, in its 2022 Annual Threat Report, BlackBerry highlighted a ‘cybercriminal underground optimised to better target local small businesses’. It said small- and medium-sized businesses were facing upward of 11 cyber threats per device per day. And 2019 research from Ponemon Institute found that over 70% of SMEs had suffered a breach and, such is the financial and reputational impact, that 60% of those attacked go out of business within six months.

The industry has given up on trying to prevent attacks happening, but we are putting prevention at the back, centre and front of our strategy

Criminals, it added, were also increasingly engaging in their form of a ‘shared economy’ with groups ‘sharing and outsourcing malware allowing for attacks to happen at scale’. Other dangers are coming from public cloud platforms which are unwittingly hosting malware, email and text phishing and ‘watering hole’ attacks where criminals look for weak-spot websites within a targeted organisation. The increase in hybrid working during the pandemic is also putting extra strain on security with sensitive data being accessed from bedrooms and garages.

Supply chain weakness
Another area of vulnerability is the software supply chain which Holyome says is increasingly being used as an ‘attack vector’. There are two elements to this, with the first being weaknesses in the traditional supply chain such as tyre suppliers to a car manufacturer.

“At some point, they will have access to say your e-procurement systems but even if they are not connected to your internal networks then you could be impacted by a ransomware affecting their business,” he explains. “What are the implications for your company if you have to close for seven days and you operate a just-in-time system? Ensuring that there is cyber resilience throughout your supply chain is critical.”

The software which makes up the supply chain is also crucial. Due diligence needs to be done on all software which suppliers are employing. “There could be issues of software vulnerabilities within software. Don’t just allow random installs by ensuring that you have a good corporate policy around deployment,” he adds.

Prevention first
Detect and response can also be an answer, identifying when employees click on dodgy malware links, but it is not enough, Holyome warns. “It can be both time and cost inefficient. If you rely on it, then you are allowing malicious activity to happen in your environment. That can cause huge financial and reputational issues for your business and loss of critical customer and client data.”

It is why BlackBerry has been developing Cylance AI since 2014. It is now on its 7th generation of products. Based on a mathematics model, the AI continuously analyses changes occurring on endpoints in a network, uncovering threats that would be difficult, if not impossible, for a human analyst to find quickly enough to mitigate. When a potential threat is identified, Cylance AI thwarts it in real-time by taking decisive, automated action. But it is also continuously learning.

“It develops and evolves over time. It learns based on the previous bad behaviour data it has seen and adapts its model intuitively,” Holyome states. “We have a predictive advantage in securing systems against legacy malware and we can predict what is likely to form the nature of a future attack and again prevent it.”

He says Cylance AI also has an advantage over signature-based models which are constantly having to run file updates. There will be a period within that which leaves a network out of data and exposed to attack. “Updates for Cylance AI are much less frequent,” he says.

So how predictive is Cylance AI? Mystic Meg or Nostradamus himself? Holyome says his stock position – given the vicissitudes and uncertainty of life – is to say that CylancePROTECT can stop 99% of potential attacks. One example is the Colonial Pipeline ransomware cyber hack last summer where the US energy company was forced to shut down its pipeline system. The group had to pay $5million to the Russian-based cybercriminals DarkSide to restart its operations. “We got hold of that virus after the attack and found that even using our 2015 version of CylancePROTECT it would have been able to predict and prevent it,” Holyome says.

Indeed, in a recent test, BlackBerry’s suite of Cylance products was, on the independent Mitre ATT&CK testing framework, 100% successful in preventing both the Wizard Spider and Sandworm attack emulations early before any damage occurred. Similarly, its CylancePROTECT solution recently earned the maximum AAA rating from cybersecurity testing organisation SE Labs.

Talent gap
BlackBerry believes that its sophisticated technology can also help lessen the impact of the huge talent gap in the industry. “There is an enormous lack of cybersecurity skills and expertise with SMEs especially struggling to hire cyber security professionals,” says Holyome. “Cyber criminals don’t switch off at 5pm on a Friday and re-start at 9am on Monday. They are taking advantage of the lack of dedicated employees including increasing attacks on holidays like Christmas when they know nobody is in the office.”

He says its products can ease this worry for hard-pressed bosses and staff. “No signature updates reduce an IT manager’s workload plus the prevention-first strategy decreases pressure to recruit specialist security skills,” he says. “Our AI is very much fire and forget. Just let it do the hard work for you.”

And hard work it will be Holyome warns. “Threats are increasing not decreasing. Companies of all sizes can’t ignore this and need to reconsider their cybersecurity strategy,” he says. “They must understand that security is a journey, not a destination and approaches should continually evolve to meet new threats. Detect and response can leave you vulnerable. Prevention first is the answer. Who wouldn’t want to know the future and stay safe?”

For more information and to download the BlackBerry 2022 Threat Report, visit blackberry.com/threat-report-2022

Promoted by BlackBerry