Virtual cyber-analysts to tackle a wave of cyber-attacks

Automating the most common tasks performed by cybersecurity analysts is possible thanks to innovative systems equipped with Artificial Intelligence

Computer attacks are the order of the day. Victims range from public institutions, such as the State Public Employment Service (SEPE), to large companies and ordinary users. No one is spared. The problem has reached a sufficient level for the National Institute of Cybersecurity (Incibe) to allocate 260 million euros in 2021 to strengthen corporate cybersecurity capabilities. Teleworking and the digital wave, a consequence of the pandemic, has been compounded by the weaknesses in IT security and has opened the back door to criminals. 

In 2020, Incibe managed 133,155 incidents, 24% more than in the previous year. And this year the figure is expected to continue to rise. Today, IT security experts can hardly cope. Spain has a shortfall of more than 29,000 cyber security experts to deal with the situation, according to the International Consortium for Information Systems

Security Certification (ISC). In response to this, security companies have been resourceful and have developed virtual cyber analysts, equipped with Artificial Intelligence capable of identifying and automating common tasks. 

For example, Prosegur's cybersecurity unit, Cipher, has created Waldo, a cloud-native automated analyst based on microservices architecture (a system composed of small independent services). Waldo's goal is simple: to answer two operational questions relevant to day-to-day cyber-security. The first is to identify the most repetitive tasks for analysts, mainly those at Level 1 in Security Operations Centres (SOCs), where network security is prevented, monitored and controlled. 

Once recognised, their second task is to learn from the incidents and automate the response. This tool avoids human error and reduces mean time to repair, which is essential to reduce the consequences that cyber attacks can cause, say Cipher experts. In the event that the organisation suffers a security incident, this virtual cyber analyst can examine its knowledge base to classify it and give clear instructions to the SOC analysts. "Our goal is that, through automation and continuous learning from security incidents, our teams will be more effective in their daily work," says Jorge Hurtado, vice president of Cipher EMEA (Europe, Middle East and Africa). 


Defend, detect, and respond

As a result of the pandemic, companies had to reinvent themselves overnight. Their IT equipment went from a 24-hour controlled environment (such as the office) to a vulnerable and potentially at-risk space (such as our homes). Defending, detecting and responding is the main objective of analysts, many of whom are overwhelmed by the increase in cases. "Losing this battle is not the option," stress the experts at Cipher. The consequences can be catastrophic. 

The costs of cybercrime globally will be around $2.2 trillion this year, which is likely to increase almost fivefold to $10.5 trillion by 2025, according to estimates by the World Economic Forum (WEF). Even when companies do all the right things, they will still be at a serious disadvantage. Because unlike many other operational risks, cyber risk is primarily a borderless criminal activity in which only 0.5% of offenders are prosecuted, according to an article published by the WEF. "Companies are completely outgunned," the document says.

In addition, attacks are becoming increasingly sophisticated and structured. "Cybercriminals, often organised, profit at the expense of unsuspecting companies and unsuspecting citizens," warns Incibe. The main risks relate to malware (a malicious programme that extracts information from systems), fraud (phishing), where the identity of a company or person is impersonated, and security flaws or weaknesses that allow offenders access to the network, according to the institute. 

threats and providing analysts with information and context about them is also the task of intelligent systems like Waldo. "The system will take responsibility for the response and can take action automatically," says Cipher's Hurtado. The expert stresses that as threats continue to grow and become more complex, the global shortage of cybersecurity talent continues. "This type of project is more important than ever," he concludes.