As the number of sophisticated cyber-attacks increase, and in the wake of the TalkTalk hack that has left yet another listed company reeling, cyber security has fast become the burning issue of boardrooms around the country. Cyber-threats are pervasive. Within the information security community, it is accepted that the very concept of a clean network, free from ‘intrusion’, is a fool’s paradise.
Some organisations have been too slow to take this reality on-board however, taking comfort in strong access points and passwords, while at the same time embracing the digitisation, interconnectivity and remote working practises that make these kind of cyber-attacks inherently feasible. Online businesses are particularly vulnerable, their revenues dependant on an operational website, as well as operating in a fiercely competitive field where consumer trust is critical.
In his recent speech on cyber security, the Chancellor George Osborne made a point of praising the UK’s online business prowess. Britain is “enriched by the internet”, he said, with a far higher proportion of British retail done online than in any other country in the world. And he recognised that, because of this openness to innovation, new-age commerce and global marketplaces, it is impossible to create a “hermetic seal” around the country.
It is encouraging to see the UK government has taken a strong position to set the standard for cyber security in the future. But it ultimately falls upon the guardians of our nation’s most critical information assets to put that plan into practise – and the legal sector has an important part to play in that transition.
Part of the problem is the wrong perception that information security is a purely technical challenge, delegated to the IT department and based around blocking viruses from the network. But today’s advanced threats are human-driven – intelligent, patient, stealthy. Their tactics and behaviours are difficult to predict in advance.
Indeed, the combination of extremely well-resourced and talented hackers, distributed across the world, together with the boom in big data and big networks has created a perfect storm for cyber security. Insider threat is also hugely underestimated and poorly addressed. Legitimate users of your systems pose the greatest risk of all, whether they have malicious intent or not.
We know that threats of all kinds are growing in number too. Last summer, GCHQ dealt with 100 cyber national security incidents per month. This summer, the same figure was 200 per month. Each of these attacks damages companies, their customers, and the public’s trust in our collective ability to keep their data and privacy safe. So what are we doing about it? How do we defend against threats inside our systems, when we don’t know what to look for?
A combination of skilled people and exceptional technology is clearly needed. But first, all levels of organisations must accept the defence challenge as an ongoing struggle, rather than an exercise in due diligence. Indeed, consumers are starting to force that change, increasingly demanding for robust cyber security strategies to be proven as a condition of custom.
Technology needs to enable businesses in the task of finding finding fast-moving, subtle threats and damaging insiders – a task that is inherently uncertain. Indeed, everyone and every interaction should be considered to be on a spectrum of ‘suspicious’. The trick is to use advanced filtering and categorisation to join the dots, and understand where a cluster of behaviours or events might point to malicious activity – which then gets escalated to a person to investigate. New technology today is capable of this feat, helping the people that are responsible for cyber defence to focus on high-priority issues and intervene early in dangerous scenarios that have the potential to develop.
The human immune system is similarly based on the idea of intervening early, and defeating, emerging threats that it spots. It is only able to identify these threats in the first place, however, because it has learnt a sense of ‘self’ – meaning that it understands what is inherent to its environment, the human body, and what is manifestly ‘abnormal’ or ‘anomalous’. It must undertake this process quickly too, eradicating a bacteria or virus before it has spread.
Indeed ‘immune system’ technologies are now widely adopted by companies that need the capability of intervening early in suspicious activity, without requiring to constantly feed the system with pre-categorised threats to look for. The entire value of a self-learning technology approach is to detect the threats that you didn’t know you didn’t know about – whether that is a state-sponsored attack, a criminal group looking to make a quick buck, or a disgruntled employee who wants your firm to suffer.
This ability to shine a little on the very subtle threats that are hiding on your network, irrespective of how your own business and employees change and evolve over time, is a game-changer. Messy, data-rich networks can be transformed from big liabilities into places of insights and opportunities for the defenders of information assets. Instead of sitting at the perimeter, an organisation immune system sits right at the heart of the network, and shows you what you are missing.
Advances in machine learning and mathematics, principally from experts in Cambridge, have enabled these technologies to work on today’s large-scale networks. These innovations mean that the computer is going closer and closer to taking ‘value’ judgements about what looks ‘weird’, based on the computer’s own comprehension of what ‘normal’ looks like.
We need all the help we can get from these advanced, machine learning approaches, which essentially do the heavily lifting of analysing, correlating and surface areas of genuine concern. No one wants to deal with 100 red alerts every day. Our challenge is make cyber defence manageable and practical – prioritising the most immediate problems and fighting to live another day.
This may sound precarious – but the reality is that cyber-threat is here to stay. We must start planning for ‘when’ and not ‘if’. Fortifying the network perimeter is simply not enough, and you will get caught out. They are already inside. It’s time to lift up the stone, and uncover the creepy-crawlies blithely circulating beneath.
Dave Palmer, Director of Technology, Darktrace
Image source: Shutterstock/lolloj