The New Normal: Rebalancing The Cyber-Threat Challenge
Darktrace’s Dave Palmer tells us what organisations can do to avoid cyber-attacks
“The sophistication of attacks is increasing. The impact of attacks is increasing. The diversity of attacks is increasing. The chances of major attacks being successful are increasing.”
GCHQ Director, Robert Hannigan’s warning about the cyber-threat landscape, in a speech this month, is not new and yet bears repeating. Cyber security continues to dominate business pages, two years after hackers took the New York Times website offline, since Edward Snowden stole classified documents from the NSA. Last summer, GCHQ dealt with 100 cyber national security incidents per month in the UK. This summer, the same number was 200 per month. There is no denying the speed and size of the ‘cyber’ problem.
The issue persists, of course, because the very tools and technologies that make our countries, societies and businesses grow and prosper are the same ones that make us vulnerable. The benefits of an open internet and global networks are clear, and we are not about to give them up. Yet, at the same time, we expect to be able to keep information safe within these flexible structures. This is not an easy task, and we are faced with a whole range of adversaries who are constantly trying to get the better of our information systems to steal data, disrupt services and undermine confidence.
Indeed, businesses face human-driven, intelligent and constantly-evolving threats on a daily basis, whose behaviours we cannot predict in advance – try as we might. Tomorrow’s advanced threats will look nothing like those of yesterday. Potential attackers manifest themselves in various forms: criminal gangs seeking direct financial gain, competitors looking to debilitate businesses, ideologues with destructive intent.
At risk
In his recent speech, the Chancellor George Osborne reinforced the point, announcing that the UK government’s budget for cyber security would be doubled to £1.9 billion. Notably, he drew attention to a critical asymmetry between attack and defence: “it is easier and cheaper to attack a network than it is to defend it,” he said, “and the truth is that this asymmetry is growing.” Today the imbalance between attackers and defenders is extremely pronounced, across both private and public sectors. National security is tied up with good corporate security and intellectual property protection. Indeed, most of our critical national infrastructure is privately-owned. While governments can set the tone and environment for better security, private companies must follow that lead if we are to protect national assets and consumer data from the next generation of wised-up attackers.
Company directors are starting to wake up to this fact. The status quo of security is clearly not good enough. The whole idea that you can protect data by building a big wall around it has been blown out of the water, following regular hacks that we read about month after month, when perpetrators have often been active inside their target’s environment for weeks or months prior to the attack being discovered. The fatal inadequacy of traditional defence mechanisms has been proven, together with the persistent inevitability of ‘internal threat’.
The reality is that our companies, national infrastructure and most critical information are at risk – and always will be, as long as they are valuable. Accepting this uncomfortable reality may be hard, but it enables us to take an extremely positive step forward. By assuming that we have intruders or ‘unusual’ activity going on inside our organisations, we are forced to confront what is happening inside our busy, messy and noisy networks. We are more inclined to pay closer attention to this activity, and detect early indicators of threatening behaviours, including by employees or other insiders.
Organisations that are best-placed in this new era of threat therefore take for granted that they will, at some point, suffer infiltration or even become vulnerable due to the actions of a trusted insider. Instead of trying to stop this point-blank, they focus their resources on spotting potentially dangerous entities early enough to stop damage occurring. This new approach to cyber defence is based around the same principles of the human immune system, which protects us so cleverly because it is capable of continually identifying new threats, based on its unique understanding of an individual body.
Using today’s most advanced technologies, anchored on complex new mathematics and machine learning, this process of dynamic threat identification, from within, is now being automated. Immune system technologies detect subtle, emerging threats by iteratively ‘learning’ what is normal and abnormal for an organisation, based on real-time observations of how computers and people typically behave on a day-to-day basis.
The value of a self-learning technology approach is to detect threats you didn’t know you didn’t know about, in real time, whether that is a highly-skilled, criminal hacker exploring your email servers, or a payroll administrator sending large files to a file transfer site. It enables companies to intervene early and curb threatening behaviours, before irrevocable damage is done. It helps towards the ultimate goal of striking a workable and effective balance between supporting a connected, flexible and modern enterprise and ensuring that our data systems and reputation are robustly protected against the plethora of cyber-threats we now face.
If recent events have taught us anything, it is that we have to start planning for ‘when’ and not ‘if’. But just as there is no simple formula for national security, the cyber world is too complex to be adequately protected by one-dimensional systems that obsessively look for specific types of threats, to the exclusion of others. Organisations must steel themselves for continual defence and arm themselves with an ‘immune system’ that will enable defence in the right places. Your immune system may not protect you from every common cold, but it may well save your life – in fact, it probably already has.
Are you a security pro? Try our quiz!