As risks related to cybersecurity and data governance continue to grow and become one of the world's top concerns, technology will become both our savior and curse
In recent years, cyberattacks have proven to be one of the biggest threats to security worldwide. When you look at surveys by international research companies and talk to relevant specialists, they paint the same picture: cyberattacks will increase and the more we progress technologically, the more "sophisticated" these attacks will become. This alarming trend not only points to public and private organizations taking a hit but also individuals en masse.
The picture painted by the World Economic Forum (WEF) at the beginning of January showed that artificial intelligence (AI), 5G and internet of things technologies will add to this risk and that becoming more connected and global will "increase the probability of the issue spreading."
Here are a few of the warnings issued by the WEF: the war between the U.S. and China on an East-West axis means that the world will be exposed to more cyberattacks, as seen in the U.S. 2016 elections. More false information will be spread via ever-developing AI technology. 5G multi-vector attacks will also have the power to damage very large networks and clouds; therefore, institutions should not only think about the necessity of the cloud but also consider cloud security.
But how realistic are the risks? What is Turkey's position among them all? Derek Manky, chief of Security Insights & Global Threat Alliances at Fortinet, shared his insights on the matter. Manky evaluated how strong the institutions and organizations in Turkey are in terms of cybersecurity. "As someone who works in the threat-intelligence field, I think it is very important to interpret the data and uncover the meanings behind it," Manky said. "For example, when I went to Mexico recently, I saw that the situation there was very different from here. Latin America is among the regions where the Mirai botnet is seen the most, while here it is a rare sight. When we look at the malware found in Turkey, we see that there are some botnet sets. When I examined the malware, I saw that cybercriminals used different types of software to infiltrate the systems. These are also very general attacks and not attacks exploiting a deficit or intelligence. If it were, it would have had incredible strength and investment behind it, as in the GandCrab attack. However, when I looked at Turkey's Q1 and Q3 data, I did not see a strong attack on a particular area. So, they try many different methods, and this gives us a scattered picture."
Security analysts have determined that cybercrime cost the global economy $2.9 million per minute in 2019.
Countering threats in Turkey
Stating that such attacks take place in two ways, targeted and experimental, Manky also commented on the attacks in Turkey. "When we look at the techniques and weapons used in the attack, we see that DoublePulsar is the most popular tool here. Since these attacks are actually an experiment, they cannot infiltrate the system. If they had leaked, we would have seen a lot more ransomware load," he continued. "We see that tools like DoublePulsar have worked in the past, but ransom software is not installed with this tool, which means the patches are up to date. Meanwhile, abused devices are trying to reach the devices that control them. These botnets have been around for five years. We see them in Turkey every month. The problem here is continuity."
Pointing out that cyber threats remain in electronic systems for up to 200 days and that they are not detected until they do damage is the biggest problem, Manky recalled that cybersecurity might sometimes be a war in vain. Manky has very realistic comments on this issue. "States form emergency response teams against cybersecurity threats, and we work with them. Even though the agreements we make cater to different levels of threats, all of these teams are established with the same purpose: to detect threats and work with business partners like us to understand what these threats are and start working against them," he further stressed. "This war can actually be like spitting in the wind because when you download a server, the virus can transfer to other computers or the owner of that infrastructure installs different servers by registering on another domain. However, this war still needs to be fought."
AI insight not enough
So, can the predictive abilities of AI foresee the future of cyber attacks? Manky proposes not relying on AI in detecting. "Not yet. It's like predicting the weather. We have our own AI models, and we use them to study trends. We examine mobility using trends, algorithms and things like that. Foresight is one of them," Manky noted. "If you ask why it cannot be implemented, this is related to the plans made. We will come to this stage in a couple of years. When it comes to AI, it is necessary to learn how to crawl before we can run. The crawling part is when AI understands and blocks the threats. The walking part comes when we combine the crawling phase with some forecasting models. In self-healing networks, we progress to running. When they understand everything that is going on, they will take matters into their own hands. For example, when a principle is not working, it will notice it and be able to reconstruct it without human intervention."
Manky underlined that Fortinet, specialized in protecting the cybersecurity of states, has established a special unit on intelligence, which is the most critical area of cybersecurity. "We have come a long way after establishing our own intelligence network 17 years ago," he recalled. "When designing a product, you need to think about the future and produce in this direction by thinking how the technology will be in the coming days. Another point we differentiate from others is our Security Fabric ecosystem, which integrates communication and automation between machines to share information very quickly and prevent attacks in a very short time. AI also sets us apart from the rest. The initiative element of AI is not included here because initiative means learning from experience and then acting on its own."
Derek Manky is the chief of security insights and global threat alliances at California-based cybersecurity company Fortinet.
One wrong move
Referring to the cyber security-AI pairing, which is regarded as one of the hottest topics of this year in technology, Derek Manky stated that AI could also have negative consequences in cybersecurity. "For AI to be effective, you need to trust it, and trust is something that needs to be earned. Today, if the AI system makes a wrong decision, it can lock all traffic, which means that millions of dollars are lost over a false alarm. Hence, it takes years to produce a working model. It took us five years to release an antivirus that blocks the latest malware," he added.
A $6 trillion industry
Manky said the vast majority of analysts predict that cybercrime will be a $6 trillion industry worldwide in the coming years – even larger than the international drug trade. "I am also a member of the expert team at Interpol and even with the abuse of only one corporate email, we see many incidents where CFO executives are targeted, interventions are made in payment transactions which end up with money being stolen. This money is then transferred to offshore accounts, which is called payment diversion. I remember we were tracking more than $300,000 in just one fraud case," Manky further explained.
Years to catch cybercriminals
"The fact that cybercrime has no limit and that criminals can quickly switch between regions is one of the biggest problems we encounter in our war against them," Manky continued. "Cybercriminals do not hesitate to take illegal actions, but we pay attention to the rules and act accordingly. States are now working on imposing sanctions and regulations for cybercrime, the type of measures enforced for criminals in the physical world such as deporting criminals or sharing intelligence. For example, a police vehicle chasing a car in Germany can drive at full speed in the Netherlands, and then it has to fill in many documents. A similar thing happens in cybercrime. These works should be completed as soon as possible. Based on my experience, I can say that this will take three to five years."