Non-malware attacks pose more of a business risk than commodity malware attacks according to 93 percent of cybersecurity researchers.
The study by endpoint security company Carbon Black interviewed more than 400 cyber security researchers and finds that 64 percent say they’ve seen an increase in non-malware attacks, such as remote logins and in-memory attacks, since the beginning of 2016.
Attitudes to artificial intelligence and machine learning are also explored in the survey. AI is considered by most cybersecurity researchers to be in its nascent stages and not yet able to replace human decision making in cybersecurity. 87 percent of the researchers say it will be more than three years before they trust AI to lead cybersecurity decisions, with 74 percent believing AI-driven cybersecurity solutions are still flawed.
70 percent say machine learning-driven security solutions can be bypassed by attackers. Nearly one-third (30 percent) believe attackers could ‘easily’ bypass ML-driven security.
“Based on how cybersecurity researchers perceive current AI-driven security solutions, cybersecurity is still very much a ‘human vs. human’ battle, even with the increased levels of automation seen on both the offensive and defensive sides of the battlefield,” says Carbon Black co-founder and chief technology officer, Michael Viscuso. “And, the fault with machine learning exists in how much emphasis organizations may be placing on it and how they are using it. Static, analysis-based approaches relying exclusively on files have historically been popular, but they have not proven sufficient for reliably detecting new attacks. Rather, the most resilient ML approaches involve dynamic analysis — evaluating programs based on the actions they take.”
You can find out more in the full report which is available on the Carbon Black website and there’s a graphic showing the most common non-malware attacks below.
Photo Credit: Olivier Le Moal / Shutterstock