The issue was made worse because though a patch was quickly released, it required every single computer impacted to be manually restarted.

However, just months later there are signs that it was a wakeup call for IT and cybersecurity specialists. Instead of ignoring the issue and hoping it was an isolated incident – as has happened following past cyber attacks and security breaches – most are responding.

According to the findings of the recently released OTRS Spotlight: Corporate Security 2024 study, 93% of all IT and cybersecurity specialists and teams indicated that they’ve already taken measures to better prepare for the next incident – including diversifying their IT and software landscape.

More than one-third (39%) of the professionals surveyed said they have introduced additional testing for new patches and updates. A year ago, around half of those surveyed (49%) had employed automated routine tasks while retaining human control over critical decisions. Since the incident, the proportion has increased to 57%.

“It’s a cat-and-mouse game: attackers are taking advantage of new technologies such as artificial intelligence and machine learning to attack more frequently, more quickly, and with greater sophistication. On the other hand, security teams are chasing after them and trying to streamline and speed up their processes through automation,” said Jens Bothe, vice president of information security at the OTRS Group. “But it is an unequal battle.”

LESSONS LEARNED – WILL IT LAST

The CrowdStrike incident occurred less than two months ago, and it is clear that while IT and cybersecurity specialists haven’t forgotten about it, it is old news for everyone else. Those on the frontlines of cybersecurity have long paid attention to attacks and responded.

Yet, the severity of this incident – which wasn’t even an attack – highlights how even a small glitch can bring networks crashing down like a house of cards.

“I don’t know that the CrowdStrike disaster gets the attention of companies any more than the long string of other security issues that preceded it,” explained Dr. Jim Purtilo, associate professor of computer science at the University of Maryland. “We can hope! But if they haven’t noticed by now then it takes a serious optimist to believe they’ll say ‘this time for sure!’”

As a wake-up call, the incident also highlighted that no one is immune to cyber breaches.

“These cyber incidents have become a common part of doing business, forcing companies to prioritize reducing end-point security risk in the long run,” said technology industry analyst Susan Schreiner of C4 Trends.

“Companies are increasing their investments in CrowdStrike as well as in its competitors, which provide real-time protection and comprehensive threat visibility against advanced endpoint threats like malware and ransomware, network security, application security, and cloud security, based on financial and other reports,” Schreiner told ClearanceJobs.

SHIFT IN THE JOB MARKET

The incident also served as a reminder that there remains a high demand for skilled cyber professionals in the job market.

“It is expected that by 2025 there will be 3.5 million unfilled cyber security jobs due to a lack of skilled professionals and a growing need to secure more and more systems, according to eSecurity Planet,” added Schreiner. “Competitors to CrowdStrike have seen an uptick in business such as Palo Alto Networks, Fortinet, SentinelOne with its Singularity Platform, Trellix with its Endpoint Security Suite, Sophos with its Intercept X, Symantec with its Endpoint Security Complete, and Microsoft with its Defender for Endpoint, as well as others.”

SHORT MEMORIES

Though the efforts to ramp up security have increased, it won’t make the IT and cybersecurity community immune from future glitches or attacks. Due diligence will need to be maintained around the clock, and systems regularly secured and patched.

This may have been a reminder that security isn’t something that can be scaled back due to budget demands.

“Given that cybersecurity is a costly investment for companies in a climate where their survival is based on performance, cybersecurity is akin to an ‘insurance’ for them. It is clear that cybersecurity is here to stay and will likely become a standard investment for companies across the board,” Schreiner told ClearanceJobs.

In the short term, may also cause IT and cybersecurity teams to more closely examine their networks, but that alone may not solve the problem .

“If anything then the insidious nature of this problem – a classic demonstration of supply chain challenges – might make someone toss up their hands in frustration and conclude that volume of vulnerabilities baked into today’s complex market leaves little more to be done,” warned Purtilo. “A security officer might have felt they were offering diligence by leveraging one vendor’s packages, but there they are relying on services that themselves turned out to be vulnerable.”

Even worse, the FDD suggested that those in charge at the command may lack the necessary skills to lead the force of cyber warriors.

“In the U.S. military, an officer who had never fired a rifle would never command an infantry unit. Yet officers with no experience behind a keyboard are commanding cyber warfare units. This mismatch stems from the U.S. military’s failure to recruit, train, promote, and retain talented cyber warriors,” wrote retired Rear Adm. Mark Montgomery and Dr. Erica Lonergan from Columbia University’s School of International and Public Affairs in the FDD report.

It called for the creation of a new independent armed service — a U.S. Cyber Force — alongside the Army, Navy, Air Force, Marine Corps, and Space Force. Such a force doesn’t need to be as sizable as the U.S. Army or States Navy, at least not initially. Instead, it could begin as a far leaner force, akin to the United States Marine Corps or United States Space Force, about 10,000 strong.

“As the Space Force has shown, a smaller service can be more selective and agile in recruiting skilled personnel,” the FDD report further explained.

THE ARMY COULD LEAD THE WAY

In their report, Montgomery and Lonergan also called for placing any new Cyber Force within the Department of the Army – much like how the U.S. Marine Corps is in the Department of the Navy, while the U.S. Space Force is in the Department of the Air Force.

Once established, this would see that each military department would lead two service branches – as the U.S. Coast Guard is now within the Department of Homeland Security and outside the Department of Defense’s (DoD’s) larger umbrella.

One issue might be that any Cyber Force billets would draw from the 133 teams currently spread across all the services that conduct everyday cyberspace operations. Moreover, the authors noted that a CYBERCOM could be treated much more like the U.S. Special Operations Command (SOCOM), which also draws forces from across the services and has some of its own acquisition authorities. But they also addressed the fact that SOCOM and CYBERCOM have stark differences.

“In the SOCOM model, each of the services provides the force employer — SOCOM — with expert personnel who possess skills suited to their particular domain. For instance, an Army Ranger trains for special operations on land, while Navy SEALs possess skills tailored to maritime special operations. Rangers and SEALs are not interchangeable. The Army cannot train SEALS, nor the Navy Rangers. Thus, SOCOM actually gains strength from this one-of-a-kind distributed force-generation model,” the report noted.

Citing a U.S. Navy captain, the authors suggested that SOCOM’s “Success is achieved by allowing each of the service-specific commands to specialize in discrete types of warfare, technologies, and operational environments” while “Cyberattacks will not be, nor are they currently, service-specific nor sector-specific, so it does not make sense to have created service-specific mission teams, different designators, MOSs, etc., to respond to the broad scale of cyberattacks.”

ADDRESSING THE CYBER THREAT

The cyber threat isn’t going to go away, and just as Space Force will serve to protect the domain of outer space, a Cyber Force could protect cyberspace.

“Headlines are filled with vulnerabilities to our infrastructure and power grids – as well as security breaches or ransom attacks,” said Susan Schreiner, analyst at C4 Trends. “While the call for a cyber force sounds like Star Wars – it may not be that far-fetched.”

That could be true given that a few years ago, Space Force may have sounded like something out of Star Trek.

“With AI, it’s also likely that more nefarious actors will emerge, and take a wrecking ball to our personal data as well as adversaries, resulting in unfathomable damage and destruction,” Schreiner told ClearanceJobs. “Science fiction might be paving the way for companies, regions, and countries to think more expansively, cooperatively, and differently as new tools and approaches need to be developed to tackle, and more effectively manage the threats posed by the increasing complexity and multi-facets to our security, privacy and safety.”

AI NOT PEOPLE FOCUSED

Though a Cyber Force remains hypothetical, there is the opinion that perhaps it is looking at the problem incorrectly, as well as a possible solution.

Instead of a 10,000-strong force, technology industry analyst Rob Enderle of the Enderle Group told ClearanceJobs, “While it is clear we need a much stronger Cyber Force, the focus, given the timing, should be on spinning up AI-driven defenses not people. People just can’t react quickly enough to modern threats without substantial AI support and more people, without adequate AI assistance, would likely just get in each other’s way and not provide better protection.”

The fact also remains that enterprises can barely fill the current cybersecurity openings, so creating and then growing a Cyber Force could present challenges. The result could be exactly what the FDD reports said should be avoided.

“This should be a quality over quantity effort and even finding 10,000 qualified people would be problematic in the current market let alone 10 tech folks who work well with others and like doing security work,” added Enderle. “So, I agree, we need a much stronger cyber force, but I think much of it should be staffed by AIs, and AI human teams, otherwise it will be incapable of doing what needs to be done. “

It has a repository of 20,000 Smart Replies that will continue to grow with time, Google spokesperson Emma Ogiemwanye told TechNewsWorld.

“It’s difficult to do anything at all communications-related when you’re traveling,” remarked Susan Schreiner, a senior editor/analyst at C4 Trends. “If you can find a quiet corner to do this, it certainly is a way to get a handle on the inbox.”

Smart Reply will be available in English in Google Play and Apple’s App Store.

How Smart Reply Works

The Smart Reply system is based on a pair of recurrent neural networks, one of which is used to encode incoming email and the other to predict possible responses.

The encoding network examines incoming emails word by word and produces a list of numbers, known as a vector, that captures the gist of what’s being said.

This vector is independent of syntax. For example, it will come up with similar vectors for the questions “Are you free tomorrow?” and “Does tomorrow work for you?”

The second network takes this thought vector — which can be thought of as a meme — and creates a grammatically correct reply one word at a time.

Gmail is using long short-term memory network architecture for the neural networks because it will work even when there are long delays, and it can handle signals with a mix of low- and high-frequency components.

The LSTM architecture homes in on the part of an incoming email that will be most useful in predicting a response.

Google engineers developed a machine learning system for mapping natural language responses to semantic intents. Knowing how semantically similar two responses are lets the system suggest responses that vary in both wording and underlying meaning.

There will be some mistakes at first as the system may fail to interpret memes correctly all the time, but “people will be forgiving because I think they do understand that, for anything, there’s a learning curve,” C4 Trends‘ Schreiner told TechNewsWorld.

Gimme a Good Digital Assistant!

“I’m quite bullish on the notion of digital assistants, but so far, no one has actually studied how professionals work,” commented Mike Jude, a program manager at Frost & Sullivan. “If they did, they’d focus as much on telephone answering as they do on emails.”

The ideal assistant “would be able to answer your phone, take a message, and then email the message to you,” he told TechNewsWorld. “Additionally, it would be able to filter your emails into buckets like urgent, routine and garbage” and would be able to take dictation.

Digital assistants “wouldn’t try to answer your emails because emails are evidence, and most people are becoming fairly thoughtful as to what they put into them,” Jude said.

“Most people who get lots of email approach it like this: They consider the source, consider the topic or title, and respond if necessary,” he pointed out. “Actually opening an email to see what kind of response the machine would suggest adds time,” and selecting a response from those offered “forces you to play an unending game of 20 questions.”

Guarding Users’ Privacy

The privacy of Smart Reply users is protected because no humans read incoming emails, Google said. The researchers had to get machine learning to work on a data set they could not read.

“Google is in the data-collection business,” C4 Trends’ Schreiner said. Data gleaned by the Smart Reply system on incoming emails, even if it’s just to create more fine-tuned responses in the future that will be stored in Google’s servers, “is just more information for their ad analytics.”

To read the full article, click here.