4. Hone your instincts - Research leaders must train their teams to develop the acumen to identify a threat as important before that fact becomes obvious to all. Good threat researchers, for instance, have been warning for years that IoT vulnerabilities are the next big menace - before the Mirai IoT botnet appeared last September and made it plain to the world. Threats emerge and evolve swiftly. If a security provider is slow to research on them and react, its customers will be slow to get protected.
5. Amass data - The more data a threat research team has access to, the greater the potential of its research outcome. Enlightened research organizations share - not hoard - information. At Fortinet, for example, beyond tapping the 3 million sensors we have deployed around the globe, we actively exchange threat intelligence with organizations like INTERPOL, NATO, KISA and other security technology providers through the Cyber Threat Alliance. In recent months, we have also succeeded in bringing on board more government entities and carriers globally. That's a positive development, as it helps all parties build a bigger threat database to monitor, block and trace malware back to their sources.
6. Invest in research technology - The days of manually analyzing threat information have long passed us by. Effective research teams need advanced tools to interpret and correlate the reams of data coming through to them every second. While today we have Content Pattern Recognition Languages (CPRLs) to help identify thousands of current and future virus variants with a single signature, the future belongs to technologies like big data analytics and artificial intelligence. Soon, AI in cybersecurity will constantly adapt to the growing attack surface. Today, human beings are performing the relatively complex tasks of connecting the dots, sharing data and applying that data to systems. In future, a mature AI system will be able to automate many of these complex decisions on its own.
No matter how advanced AI becomes, however, full automation - or the passing of 100% of the control to machines to make all the decisions all the time - is not attainable. Human intervention will still be needed. Big data and analytics platforms allow malware progression to be predicted but not malware mutation. Only the human mind could have foreseen that ransomware like Wannacry would embed the National Security Agency's vulnerability exploits to propagate on unpatched systems.
Malware evolution will intrinsically follow human evolution and how people blend new technologies into their everyday life. If in the coming years, for instance, self-driving cars and wearable IoT find widespread adoption, cybercriminals will - as they have always done - find ways to ride the wave and exploit those cars and devices. Likewise, cryptocurrencies, if they continue to find favor at the rate they gained momentum this year, will attract herds of hackers.
Sign up for Computerworld eNewsletters.