One of the most chilling foes that science fiction has come up with is the concept of the Borg, first introduced in Star Trek: The Next Generation. Combinations of biological and artificial intelligence, they ravage and forcibly assimilate civilizations across the galaxy. Fighting them often proves futile because of their ability to adapt their tactics and techniques rapidly after they are confronted with something new.
Typical cyber attackers, in other words.
But just as clever sci-fi authors cooked up the Borg, they failed to envision any sort of evolution on the part of our ability to deal with the threat they posed. In a recent episode in the franchise, I saw that they were still able to overwhelm defenses by moving faster than their opponents. When a Borg somehow got on the bridge of a Federation vessel, it was able to touch an exposed wire and use that access to take over the entire Federation fleet. As I said, typical cyber attackers. Typical non-automated defenses, as well.
Or did some bright kid in the Federation come up with an idea on how to automate responses, brought it up in a meeting, and it either got shot down by an executive in a different department or it’s bogged down in discussions about which team will own the project? That would be what wipes out humanity—not the Borg themselves, but our inability to overcome bureaucratic inertia. Sure, the Borg are wiping out entire planets, but budgets are tight and we’re not sure how this automated response thing will impact production…
And if you think that makes no sense, then I ask only that you repair things in your own shop before you criticize another. Because the Borg are here, right now, and we’re all thankful that they’re only attacking our computer systems. Operational technology is next, and when those devices go down, we are looking at potentially major disruptions in production and even loss of health and/or life. Present-day cyberattacks are automated. Get the idea of a kid in a hoodie out of your head; your attacker is likely to be someone who started a process and then let the code run its own show. Do you want to be the starship captain barking out verbal orders to modulate frequencies and when to fire, or do you want your own AI to handle all those details, and do so effectively?
We have lots of tools deployed to fight cybercrime when it comes our way. Get them automated with a security orchestration, automation, and response (SOAR) tool, like Swimlane. Plug them in and define what should happen so that when an attacker’s AI hits your organization while you sleep, your AI responds and shuts it down while the attacker sleeps.