Leveraging digital twins to make cyber security smarter

Digital twins aren’t usually associated with cyber security, but they actually make a perfect pairing. By creating a digital twin of your environment, it’s possible to run AI-enabled attack simulations. These simulations are based on emerging cyber security trends and intelligence from other attacks. Let’s imagine news breaks that a major telco was hacked and you also run a big telecoms business, explains Nithen Naidoo, CEO at Snode Technologies. This is an exceptionally good use case for a digital twin, because you can use the “kill chain”, which outlines all the stages of a cyber attack, from the other incident to understand the attack pattern and assess how well your organisation would have fared were you hit with something similar. With this approach, you can easily identify any gaps and vulnerabilities you might have and see risk through a wider lens.

“So, the digital twin understands the threat, it understands the asset and its context to the business and it understands what value the asset holds for the threat actor,” he says. “Using this data, these models can map existing vulnerabilities in real-time, outlining events that are most likely to occur and what needs to be done to mitigate these risks.” The great thing about a digital twin is that you have to fix the problem before it will reassess your situation, so if you don’t address the issue, it will continue being flagged. Only once this particular vulnerability is handled will the digital twin then review your environment again and alert you if there are any other weaknesses you should be aware of.

So, why aren’t more businesses using this approach? According to Naidoo, all the hype around artificial intelligence and large language models has almost eclipsed this application of the technology in cyber security, especially because a digital twin isn’t a solution that one could traditionally buy off the shelf and quickly put to work. “But this isn’t a drawback. Rather, it’s an opportunity for us as innovators and South African cyber security professionals to recognise that this approach really can help us solve cyber security issues.”

As another example, across the banking and financial services sector, we’re seeing many organised crime groups connecting and colluding with people on the inside to assist with their attacks, notes Naidoo. Using digital twin technology to simulate this kind of event, you can easily assess if you have the necessary internal controls to withstand an attack from a compromised employee. The power comes with leveraging AI to get a more holistic view of your teams so that you can see who might be more susceptible to collusion. If someone on your team has recently been blacklisted, they might be more inclined to help a cyber criminal get into the business because of the potential financial gain. Or perhaps a member of your team recently had a disagreement with management and detailed how they feel undervalued or mistreated by the company on social media. This individual is more likely to participate in malicious cyber attacks as an act of revenge.

“Remember, we always talk about biased and unbiased data when we discuss AI but, technically speaking, there’s no such thing as unbiased data,” says Naidoo. “There are certain defences we can put in place using the information we have and based on our understanding of trends and human behaviour to safeguard the business against common risks.” So, in the case of the blacklisted or disgruntled employee mentioned above, the business might put more stringent access controls on these individuals so they are never given the tiniest opportunity to execute any kind of fraud in the first place.

“This approach to security is novel, but it is accessible and available to anyone wanting to give their teams the chance to practise responding to threats in a controlled environment. This kind of evaluation of your security posture is holistic and will help you to identify the root cause of your problems so that you can address the different factors that contribute to this root cause before something big goes wrong.”