Malware, Network Security

Government cyber defenses should look to AI, behavior analytics, Cisco report

As threat actors weaponize more technology, Cisco researchers warned government agencies should look to behavior analytics in order to meet new, self-propagating, network-based threats in 2018.

Advances in malware, the increasing use of encrypted web traffic, email threats and sandbox evasion tactics are all adding to the threat landscape designed to undermine government efforts to protect critical infrastructure and public data, according to Cisco's 2018 Annual Cybersecurity report.

The increased use of cryptojacking, Internet of Things (IoT) attacks, and Distributed Denial of Service (DDoS) attacks were also among the emerging threats government agencies need a plan for.

“Democracy's adversaries and multiple state-sanctioned actors now have the expertise and tools necessary to take down government networks,” the report said. “Even worse, they have shown the capability to damage critical infrastructure and services, crippling entire regions in the process.”  

Researchers said that government agencies must secure data and infrastructure in a way that promotes resilience of governance and public services by leading in the securing the data of both the agency and private citizens, keeping key infrastructure and assets secure and staying ahead of emerging technologies used by adversaries.

One of the proposed solutions was greater adoption behavior analytics tools with 88 percent of government security professionals feeling that they have a good understanding of the value that behavioral analytics can bring to their cybersecurity initiatives.

“This is a good sign, and indicative that past efforts to educate the public sector on emerging technologies is bearing fruit,” researchers said in the report.

The report also said governments should be aware of the overwhelming adoption of cybersecurity frameworks based on national standards and guidelines including NIST and CJIS. Small and large utility companies alike were found to be high profile targets and were also found to report benefiting significantly from adopting the policies.

The study found 59 percent of utilities report using a standardized information security framework is serving them well while 38 percent reported that it was serving them very well.

Researchers also argued the need for more agencies to adopt machine learning and artificial intelligence to help monitor encrypted network communications used by various malware samples. Half of the global web traffic was encrypted as of October 2017 and as the volume increases, adversaries appear to be widening their embrace of encryption as a tool for concealing their activity.

Overtime advanced behavioral analytics capabilities can enhance network security defenses and eventually learn to automatically detect unusual patterns in web traffic that might indicate malicious activity, researchers said. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.