‘Cyber Criminals are using Artificial Intelligence to Break into Advanced Security Systems’

It is no hidden secret that while on the one hand companies are using new age technologies like Artificial Intelligence (AI), Machine Learning (ML), and blockchain to truly embrace digital transformation, cyber criminals are using the same to enfeeble cybersecurity systems in place in order to carry out cyber crimes. Therefore, it is high time companies start discussing an sharing ideas on how to tackle this menace. Consequently so, in an interview with DataQuest, Venkat Krishnapur, Vice-President of Engineering and Managing Director, McAfee India, spells out on how the cybercrime domain has evolved, how organizations like CERT-In and the Government of India are handling this issue and the steps needed to be taken to develop a robust cybersecurity system.

Q. With the advent of digital transformation and the ‘IoT era’ with technologies like AI, ML, and blockchain, how has the cybercrime scene changed over the years and which are the sectors affected most by cyberattacks?

A. As more and more people get online and start using the internet for transactions as well as storing and sharing their financial and personal data online, there’s been a proportionate spike in cybercrime as well. The e-commerce boom, growth in the number of digital payment platforms and their adoption has also fuelled this trend. As per information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total of 22,207 Indian websites including 114 government websites were hacked during April 2017 to January 2018. While ransomware attacks and crypto-jacking threats are on the rise, criminals are now harnessing the power of new age technologies such as AI and ML to break through advanced security systems.

Also Read: Cybersecurity Needs to be a Built-in Process Rather than Being Bolted on Top: Dr. Sanjay Bahl, Director General, CERT-In

While BFSI and IT/ITeS sectors are key contributors to economic growth, they are also highly vulnerable to attacks by cybercriminals. Since these verticals are primed for growth in the future with significant initiatives and mandates driven by government policy, they will continue to be prime targets for cyber-attacks in India.

Phishing emails to employees, vendors and customers to access web servers, malwares to steal information such as credit card details, banking passwords and email credentials from computers, mobile phones, Denial of Service (DoS) attacks targeting trading system networks to gain access to trade secrets, sensitive financial information and client data are some of the key vulnerabilities organisations will continue to battle.

Q. Apart from making it mandatory to report every breach, how else is the government addressing the cybersecurity challenge and helping in combating bank frauds?

 A. Cybersecurity is vital to secure the integrity and stability of India’s financial sector. A high volume of 150,000 online transactions (out of the total 2.3 billion) got compromised on a daily basis in India, (CERT-In, Feb 2018) which emphasizes the need for developing an expansive security strategy and framework. Apart from mandating reporting of every breach, the Union Budget 2018 announced the creation of a separate CERT for the financial sector, which will cohesively work with market regulators to develop a detailed roadmap that covers various aspects related to banking, securities, insurance and pension.

This is a positive move by the Government that will also architect a security infrastructure for India’s ambitious "Digital India" initiative and other large-scale digitization plans, such as the roll-out of 2 million Aadhaar-based swipe machines and promoting NPCI's UPI-based cashless payment app infrastructure - BHIM (Bharat Interface for Money). The CERT-Fin will need to be sufficiently equipped to identify and deploy technology components for each area as per the process set up for the various services. The Government also needs to ensure that state of the art tools and technologies are deployed, and these go through proper maintenance regularly to address the growing risks in the sector.

Q. What are the investments and infrastructure required to develop a robust cyber defense system?

 A. A recent Gartner research mentioned that spending on information security products and services in India expected to reach US$1.7 billion in 2018, an increase of 12.5 percent from 2017. In 2019, the market is expected to total US$1.9 billion!

We have noticed rising awareness levels among the C-suite executives about the business impact of security breaches and the evolving regulatory landscape. While this has helped CISOs procure additional budgets for security projects, there is a need to get the basics right and utilizing security budgets judiciously to improve the security maturity of their organization.

CIOs /CISOs now have the added responsibility that goes beyond the monetary and infrastructure investment that will foster a culture of cybersecurity within an organization. Building the culture of security into the vision and values of an organization will ultimately activate all the security best practices and investments in technology.

 Q. It has become imperative to provide a product to consumers that has all the four pillars of digital transformation – AI, cloud, cyber security and IoT  - What initiatives is McAfee taking to address this challenge and how is the company embracing digital transformation?

A. McAfee follows a holistic, automated open security platform which allows different products to co-exist, communicate, and share threat intelligence with each other anywhere in the ever-evolving digital landscape. Globally, McAfee oversees 538 million total endpoints, 450 million consumer endpoints, 88 million corporate endpoints and 82,350+ corporate customers. Building on our “Together is Power” principle, we are working towards creating a collaborative security environment where our products work in tandem to increase protection and speed up the detection and correction process.

Through our partnerships with players like Cisco, IBM Security, Netmagic and others throughout the industry, we further aim to close information gaps, breaking silos and providing the visibility we need to protect our most important assets from cybercriminals. To further fuel our innovation, we are moving quickly to go beyond the standard forms of advanced analytics and adopt a multi-layered approach known as “human-machine teaming.”

We’ve also widened our portfolio, with products for security analytics, application security and cloud security, in addition to antivirus technology. Our new MVision line of products will extend the breadth of devices under management and make McAfee's portfolio simpler, inclusive and comprehensive. Given that we get close to 5 pieces of potential malware every second – the volume, variety and velocity of the data coming in sets McAfee up very well to do pattern recognition and classification using ML/DL and AI techniques – something that McAfee has done across its products to improve effectiveness and detection. We plan to expand in the areas- cloud security, analytics, data science, and deep learning to help customers make better decisions and get better forensics.