When cyberattacks take an average of 99 days to discover, and hackers say they can infiltrate some systems in less than 24 hours, those 98 days could mean the difference between shutting down a crisis before it starts, and scrambling to rebuild from epic loses.
Narrowing that timeframe from attack to detection could help firms head off significant damage, but tracking insidious infiltration can stymie even the most attuned cybersecurity departments.
But what if the computer systems could essentially police themselves?
“In the cyber-world, intelligence has played — up till now — a less prominent role,” Eric Hoh, president for Asia Pacific Japan at FireEye, tells CNBC. “I think that companies need to really pay more attention to knowing your attackers and understanding what valuable information you have that people would want.”
It’s not so far-fetched an idea, considering how many businesses now track big data, as ComputerWorldUK notes. Corporate systems can track customer activity in such detail that retailers can create predictive, targeted marketing, better estimate stock needs, or analyze potential supply chain disruptions. Putting such systems to use for tracking cyberattacks could crunch reams of data much faster than cybersecurity experts having to feed information to software in batches at a time.
To offer an example: Imagine a phishing attack in a shipping department. What if one email account suddenly shows an uptick of a few percentage points in activity. IT experts may notice this eventually, but it’s hard to scour the accounts of thousands of employees, to see something as small as a 4 percent shift in activity, turn attention to that account, and send defenses as needed. It’s almost needle-in-a-haystack activity. But AI security infrastructure might catch that uptick as out of the norm, and turn its attention to that account — before the phishing attack infects the entire company.
Darktrace, founded by University of Cambridge math experts, says its machine learning capabilities mimic the human immune system — like white blood cells, their systems seek out diseased interlopers, and then figure out ways to destroy them.
The UK-based firm, according to CNBC, “uses machine learning capabilities — advanced algorithms that can adapt and learn — and probabilistic mathematics to learn the normal ‘pattern of life’ for every user and device in a network and detect anomalies.”
“Darktrace has identified 30,000 previously unknown threats in over 2,400 networks, including zero-days, insider threats and subtle, stealthy attacks,” the firm’s website says. The City of Las Vegas counts among their clients, according to Business Weekly UK.
As with all automated systems, though, mitigating one set of risks could open doors to another. What if someone with nefarious goals turns the AI system against itself?
So how can firms vet AI/machine learning processes when it comes to cybersecurity?
“We know from experience that attacks will simulate what [information security] vendors are doing,” cybersecurity analyst Adrian Sanabria explains in ComputerWorld UK. “I wouldn’t be surprised if they’ve already duplicated the industry’s machine learning work, and are working to determine ways to get around it, if they haven’t already.”
Ensuring that any supply chain partners have quality security research and data science teams, ComputerWorld UK notes, is key to gaining confidence. Redundancy, too, is key, as with any part of a reliable supply chain. Machine learning is one of many cyber-risk assessment and protection tools. Understanding all potential weak points, and employing best practices for all potential risks, weaves a blanket of protection that makes it increasingly difficult for accidents, problems or hackers to penetrate.
If cyber attacks are a concern for your organization, contact Interos Solutions today to learn more about how we can help you protect your critical intellectual property.