The art of cybersecurity — protecting people and their devices from hackers and other computer-based attackers — has undergone a dramatic but largely invisible transformation over the last few years. At one time, computer and information security was based on the fortress principle. The outlook was defensive. The goal was to wall off attackers, and guard the drawbridge that allowed access to the outside world.
But the breakneck pace of technology has made the old-style cyber-fortress as obsolete as a medieval castle. Attackers can slip into today’s online networks through hundreds of smartphones and other mobile devices, or parachute down from “the cloud.” At the same time, the amateur hackers of old have given way to sophisticated organized-crime rings.
Taking the Fight to the Enemy
But this new era of cyberthreats has also inspired a new generation of cyber-professionals to come up from the bunkers and engage cybercriminals and other bad actors on multiple fronts.
At CIOInsight, Karen A. Frenkel sketches out how new technologies, along with these more aggressive approaches, are changing the shape of cybersecurity. Key weapons in the new arsenal of active defense are “big data” analytics and artificial intelligence.
In the tech world, big data is not just a reference to the sheer volume of data. It is also a shorthand term for new kinds of data, from complex software output to social media messages. This type of data is also sometimes called “unstructured” data, to distinguish it from traditional types of business data such as lists of credit card accounts.
By detecting subtle patterns in unstructured data, active defenders can pinpoint malware attacks and take action to bring down the attackers. But because the patterns are subtle — and because big data really is big — cybersecurity teams are also enlisting artificial intelligence (AI) technology to hunt through terabytes of data in search of tiny cues that an attack may be underway. AI observers never get tired or distracted, so attackers cannot sneak past them.
The Dark Web: A Walk Through the Online Mean Streets
Along with AI, human intelligence is also on the case against cybercriminals in the form of cyberdetectives working the mean streets of the internet. These hard-boiled investigators keep their eyes on the so-called dark web marketplaces where cybercriminals trade their tools and their stolen goods.
As Ryan Francis reports at Infoworld, the criminal markets of the dark web have developed their own street language of computer crime. Like traditional gangland argot, some of it borrows from the professional language of cops. To security professionals, FUD stands for the fear, uncertainty and doubt that attackers seek to spread, but on the dark web FUD means fully undetectable.
Other terms from the cyber underworld include “crypters” that encrypt malware in order to help it evade detection, while “binders” attach malware to innocent programs to sneak it past security. And because the cyber underworld is full of crooks, “rippers” are people who promise valuable malware or stolen data, but don’t deliver on it.
The dark web also features its own online stores and discussion forums for hackers, including online stores for criminal purchases. Some of these underworld websites are high-end marketplaces that hackers can only enter by invitation. Others are low-end flea markets of cybercrime, where rippers prey on unwary would-be hackers.
But even the sophisticated crooks who shop at the high-end boutiques of cybercrime need to be careful, because cybersecurity professionals are finding new ways to keep an eye on them. One slip can land a hacker in an old-fashioned, brick-and-mortar jail cell.
And even as today’s cybersecurity teams take the fight to the bad guys, a new generation of tomorrow’s professionals are coming up. Many are learning their chops through the Air Force Association’s CyberPatriots program, which lets high-school and even middle-school students gain hands-on experience at the cutting edge of cybersecurity technique and technology.
Cybercop hopefuls can also ply their talents as part of the team at Northrop Grumman. Check out the careers page for more details.