For one “homicide archivist,” a former crime reporter named Thomas Hargrove, predictive analysis tools are shedding light on the chaotic behavior of serial killers. Over seven years, 61-year-old Hargrove amassed data on 751,785 U.S. murders between 1976 and today. While working as a crime reporter in 2010, Hargrove used that data and wrote a simple algorithm for profiling incidents that led to the capture of killer Darren Vann. Hargrove is considering expanding his project to include arson and hopes it’ll continue to solve murder cases in the future.
While comparing highly intelligent sociopaths to greedy hackers armed with malware isn’t exactly fair, a predictive, analytics-based approach is becoming essential in the fight against cybercrime in 2018.
Cybercrime risks grow by a million percent (literally)
You’ve heard there’s been a lot of growth in the variety of security threats, but in reality, you’re looking at a million percent growth—no joke.
Let’s break it down: Security researchers discovered 250,000 total unique strains of malware in the 20 years span between 1986 and 2006. But in 2017, over 360,000 unique malware samples were identified each day. Roughly calculated, that’s an annual increase of 1,048,320 percent between 2006 and present.
Don’t use old data to protect the present
The majority of organizations, according to 2018 IDG research, use signature-based intrusion detection solutions that compare threats by looking backward at a database of historic risks. These endpoint security tools are iterations of software built for a very different threat vector.
Fifteen years ago, when researchers discovered a measly 34 malware samples a day on average, signature-based systems were already gaining skeptics. In 2002, Norwegian Network Security Research chair Arnt Brox pointed out that sig-based tools were only as strong as the database, and called for predictive analysis tools that detect real-time risks:
“Because of the hackers’ tendency to continually test and probe, it is only a matter of time before they discover a way around even the most sophisticated signature-based intrusion detection systems.”
Turn to predictive analysis for hope
Lately, hackers are hijacking endpoints for mining cryptocurrency, using an incredibly hard-to-detect method known as cryptojacking. The “new normal in cybercrime,” per Anthony Giandomenico, includes new strains of ransomware, “industrial malware,” and steganography, which embeds images with malicious code.
So far, the biggest 2018 cybercrime trends are unprecedented. A steganography attack on the world’s biggest winter sporting event in 2018 was most likely developed by hackers in just a few days—and came as a total shock. When it comes to the wiliest members of society, predictive analysis is the only way to stay ahead of the malware game.
4 keys to proactive cyber risk protection
During 2017’s Black Hat conference, the vast majority of security pros had no idea about the rise of cryptojacking or steganography, which has defined 2018. A survey of conference attendees ranked ransomware as the greatest emerging threat, gaining 34 percent of votes.
Yesterday’s systems and solutions for endpoint protection aren’t going to cut it today. How can you protect your office IT from cyber miscreants?
1. Clean up your office tech environment
Adding safeguards and predictive analysis capabilities is important, but you should also make sure you’re not dealing with any gaping holes in your network security. If you’re not watching the following high-risk endpoints in your office—like unsecured printers or employee-owned mobile devices—you can guarantee they’ll be targeted by hackers, including:
- Any PC or mobile device used for checking emails
- Any internet-connected device, including printers and IoT tech
- Any device with a shared administrative password, such as VoIP phones or routers
2. Patch everything
Security hygiene is exactly as glamorous as it sounds. It’s used to refer to maintenance-type activities, like running software patch updates. Think it’s irrelevant? Some of last year’s most virulent cyber attacks, including WannaCry and Petya, succeeded because they exploited vulnerabilities in unpatched systems.
Just 25 percent of patches are applied within a week of release. But in many recent incidents, it takes hackers a lot less than a week to develop exploits. To make matters worse, 25 percent of all patches are never even applied.
3. Discover patterns in chaos
Security researchers are reasonably wary of hypersensitive systems for detecting security risks. False positives are overwhelming, and if you’re drowning in non-events, you may not notice an actual hack because of alert fatigue. Like Hargrove’s algorithm that watches for patterns in victim demographics and geography to attribute killings to serial criminals, the smartest solutions for detecting risks act similarly. Watch for the following:
- Signs that attackers are trying to obscure activities or presence
- Unusual credential-related activities in memory or on disks
- Sudden increases in user account privileges
- Movement throughout the company network
It’s a sign you’re facing a serious threat when more than one of these things happens at once.
4. Detect and respond
What about endpoints that are actually engineered to detect and respond to threats? Not every endpoint needs to be a risk—some solutions are built with security in mind, like modern printers designed to detect, respond, and even self-heal from attacks with unique security features that:
- Detect risks with continuous monitoring and run-time intrusion detection tools
- Prevent malicious code execution by self-healing the BIOS during reboot
- Check firmware and notify IT if integrity is compromised
- Verify and restore security settings if modification is detected
Hackers are notorious for constantly being on the move and upgrading their methods to avoid detection. If your endpoint security solutions are stuck in 2001, you won’t be able to counter them. Modern predictive analysis and proactive tools are your best bet to survive the chaos and keep your networks safe.