In May 2021, Ireland’s state health service provider, HSE, was forced to shut down its IT systems following a ransomware attack. As healthcare workers struggled to continue operating from paper records, outpatient appointments in some parts of the country plummeted by 80%.
It was not the first high-profile attack to capture the public’s attention during the pandemic. 2020 witnessed an unprecedented spike in ransomware attacks, as cybercriminals sought to capitalise on uncertainty and change.
For BlackBerry chief evangelist Brian Robison, it’s been difficult to watch. “What gets me so frustrated is HSE didn’t have to shut down,” he says. “These attacks are actually preventable. But people don’t like to change until they’re forced to by a compelling event.”
Using AI to prevent rising threats and chaos from cyberattacks
With more than 20 years’ experience in the cybersecurity sector, Robison has watched the threat landscape evolve first-hand. As chief evangelist at BlackBerry, he hosts Hacking Exposed events, demonstrating the techniques used by real-word threat actors in order to educate CISOs about today’s most pressing security challenges.
The early stages of the pandemic saw institutions scrambling to get employees up and running in a remote capacity. “A lot of organisations had already been toying with the idea of flexible working, mainly supporting high-level senior executives to do so, but it was a mad rush to get everybody operational with that type of workflow,” says Robison. “What we saw was essentially security taking a back seat to enablement.”
As vast swathes of the workforce were confined to their homes, it quickly became clear just how unscalable many existing technologies were. For example, says Robison, legacy VPN suffered bandwidth capacity issues as organisations steeply increased user numbers.
At the same time, companies began to realise how much they rely on the IT function, with security elevated to the top of the boardroom agenda and tech leaders consulted on key business decisions.
Ultimately, how well an organisation fared came down to the platforms and culture already in place – and where security sat in the enterprise. “For the past 30 years, the IT world has created a ‘castle and moat’ approach where you have to be behind the corporate firewall,” reflects Robison. “A lot of these companies had their heads in the sand, saying ‘everything is good as long as we can plug into this network’.”
The dramatic shift to remote working quickly exposed the vulnerabilities of this model. But crucially it also created a space for change.
“Sometimes something really horrible has to happen for people to wake up and realise that they literally cannot go back to doing the same thing,” says Robison. “Unfortunately, it’s something that could have been predicted and had much less of an impact.”
Now that the initial hurdles have been overcome and there has been time to evaluate which technologies work, Robison believes we can expect to see significantly less investment in traditional VPNs and firewalls, with businesses instead focusing their efforts on Zero Trust models, which assume all users and networks to be hostile by default, requiring strict verification for every device.
A new paradigm
As enterprises start to consider longer-term security strategies fit for the “new normal”, automation and machine learning will play a growing role in their thinking. However, Robison stresses that it is the way in which this technology is built and used that is key in determining success.
“AI is a huge buzzword and major component in basically every cybersecurity product, but every vendor has different definitions and uses for it,” he explains. “Most of them see it as a force multiplier to reduce workloads, but they’re not using it in a way that’s actually doing something proactive for customers.”
The problem, Robison continues, is that this type of AI cannot investigate intent – namely, was the user consciously doing something malicious or did they just click on the wrong thing? Moreover, he says, most vendors use AI to detect and respond to threats when they have already occurred, rather than preventing them in the first place.
If organisations are to avoid falling victim to ever-more sophisticated threats, Robison contends, then it is necessary to move beyond this “old, archaic paradigm” and embrace new ways of using AI.
“We don’t want our customers to become victims – it’s our job to step in and prevent the attack,” explains the BlackBerry chief evangelist. “The best way to do that is to put AI out there where the attack is potentially going to happen, on all of the various endpoints, to make decisions right there. That’s the fundamental difference between what we are doing and what pretty much everybody else in the cybersecurity industry is doing right now.”
The pandemic has only served to spur BlackBerry’s development of products and services for exactly this purpose. “It’s changed the focus of our business – we’re doubling down on our cybersecurity portfolio to make it even better at preventing attacks,” reflects Robison. “Our massive efforts are paying off; organisations are able to avoid being victims of ransomware because they’re using a modern security solution.”
For Robison, it has been frustrating to watch the latest spate of criminality, when there is an alternative. He points to the Colonial Pipeline attack in early May, the aforementioned HSE breach in mid-May and JBS attack in early June, in which the meatpacking supplier acknowledged paying out around $11m.
“The 2015 version of our software could have prevented these attacks,” he sighs. “Our AI predicted that malware was going to be malware six years before it was ever written, before it was even a thought in the author’s mind. That’s the power of what we do.”
At some point though, he continues, organisations will realise they no longer have to be victims. For those willing to embrace proactive AI solutions, there is an opportunity to transform security strategies and future-proof against emerging threats.