Page 44 - Cyber Defense eMagazine for August 2021
P. 44
#1 Leverage cyber intelligence to stay ahead of the game
Staying one step ahead of cyberattacks requires a thorough understanding of knowing where to look,
who the threat actors are, what they are after, when they are planning to launch an attack and how they
intend to do so. Smart city cyber-defenders need to be proactive to gain a pre-emptive advantage. Often,
this means looking into the deepest, darkest corners on the Internet. Over 94 percent of the world’s
information resides in the deep and dark webs, which are frequented by cyber-threat actors trading
restricted information ranging from academic and research data, to financial and medical records.
To minimise the fear of data breaches and cyber threats, smart cities must adopt an intelligence-centric
mindset and leverage deep technology to monitor these platforms. Predictive detection capabilities help
remove the element of surprise from these cyberattacks, allowing cybersecurity agencies to take actions
swiftly and prevent data exfiltration and loss.
#2 Fight AI-powered attacks with AI-powered self-defense systems
Similar to how our immune system continuously self-monitors, learns and heals when faced with
anomalies, the next frontier of cybersecurity solutions should have the ability to identify abnormal foreign
activities or programs through adaptive machine learning.
An automated, self-defense cybersecurity system powered by AI and predictive analytical technologies
will be able to define normal and abnormal statuses, monitor the system 24/7, and respond to and recover
from new threats. Having such a system will reduce the risk of attacks significantly and reduce the
attractiveness of being a hacking target for threat actors.
#3 Rethink the regulatory environment for cybersecurity
While governments have enacted cyber laws, the reality is that is can be difficult to enforce. There are a
few areas within the circle of influence where improvements can be made and scaled.
For a start, incident reporting can be made mandatory and this will generate a body of research data that
can provide insights on threats to the nation, and inform the government on strategies it can undertake
to strengthen its cyber posture. Imposing mandatory risk and vulnerability assessments also helps
governments identify threats early and conduct remediations to close any cybersecurity gaps.
Commencing attack vector assessments can help uncover new attack surfaces as businesses adopt new
digital formats and services.
Beyond that, nations can cultivate a cyber reward culture where the discovery of bugs and vulnerabilities
are rewarded, providing an incentive for the cybersecurity community to share their knowledge and
promote joint solutioning. For example, Singapore conducts its Government Bug Bounty Programme
where ethical hackers are rewarded with a monetary bonus for discovering online vulnerabilities.
#4 Adopt a people, technology, process and governance framework
As much as cybersecurity is a technology problem, it cannot be ignored that humans are part of the
equation contributing to it. Cyber hygiene needs to be emphasised and practiced religiously. Employees
and individuals need to be educated on cyber threats and risks, given the prevalence of phishing attacks
and social engineering hacking campaigns.
Cyber Defense eMagazine – August 2021 Edition 44
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.