You are here

COMMENTARY

Intelligent tools are only part of the cyber crime solution

HYPER-CONNECTED workplaces and data-driven applications offer huge benefits for businesses, but they also multiply the opportunities for hackers by expanding the "surface area" exposed to cyber attacks.

In response, many companies are pinning their hopes on next-generation cyber-security tools powered by intelligent technologies such as machine-learning. These systems are always learning, adapting and pre-empting unseen methods of attack - but they also have serious limitations hidden behind their complex algorithms.

Without a good understanding of these limitations, business leaders who deploy them may not be able to keep their organisations safe.

Here's what your business needs to know to get the most out of these advanced tools and systems to fight cyber crime more effectively.

sentifi.com

Market voices on:

DETERRENTS, NOT PERMANENT FIXES

Cyber security tools based on machine-learning can observe a network continuously in real time, correlating data across hundreds of millions - even trillions - of events each day.

Typically, researchers train the algorithms that power these tools using large data sets of "previously encountered" scenarios. By learning to spot patterns in known data, the model also learns what to watch out for, and how to react. It learns what's "normal" for a network, in other words, and then flags anything unusual for human review.

However, an algorithm's ability to operate in this way isn't based on a truly independent form of intelligence. Much work is still needed to train such systems so they can learn to reason on their own.

By contrast, hackers do possess reasoning powers, along with their own artificial intelligence capabilities. They can and do learn from and adapt dynamically to different situations.

So what happens when a hacker mounts a cyber-attack that is more sophisticated than any before it - one that can't be tackled using known data? After all, even if a machine-learning system can detect 90 per cent of known attacks, hackers are always seeking to invent new types of threats that the algorithms can't identify.

In short, conventional security tools based on machine-learning can only ever act as a deterrent, rather than a permanent fix. It's this limitation that business leaders need to keep in mind as they review the effectiveness of their security efforts and the adequacy of existing investments.

Of course, this doesn't mean the intelligent tools we use to fight cyber crime aren't powerful. Far from it - in fact we're already seeing encouraging signs that they are having a strong protective effect.

Accenture's recent global survey, titled "Gaining Ground on the Cyber Attacker: 2018 State of Cyber Resilience", found that only one in eight targeted attacks got through security systems in 2018, compared with one in three just over a year ago.

Security teams should feel proud that they are realising greater success in increasingly difficult circumstances. But there is always a possibility that fewer attacks are getting through simply because most of the threats detected last year were very similar to threats in 2017.

It could very well be that enterprise cyber security systems are stopping a greater number of "known" threats, but that they haven't greatly improved their ability to detect new types of threats. This would mean that the very latest and less-predictable threats - the potentially more dangerous ones - could still find their way past existing security systems.

EMBEDDING CYBER RESILIENCE

The good news is that the research community is working hard to understand how to reduce the blind spots in machine-learning systems so that they are better able to identify new attack methodologies.

The emergence of deep-learning capabilities such as Generative Adversarial Networks (GANs), for example, is a promising step forward. Here, two competing neural networks are trained to create increasingly complex ways to out-deceive each other. The basic idea is that by doing this, the systems learn to flag increasingly complex threats that have never been seen before.

At the same time, leading companies are adapting their internal practices to get the most out of the various technological capabilities that already exist - and to mitigate some of their limitations.

For many, this means developing a cyber resilience framework that stretches past relying on technological solutions and reaches deep into its people and process layers.

A truly cyber-resilient business sees managing cyber security risk as an enterprise-wide issue, not just a technological task. In short, it's everyone's responsibility.

Managing cyber risk in this more holistic manner starts with a new approach to training and communication. All stakeholders - employees, partners, and collaborators - need to understand the security repercussions that every decision has on the company's infrastructure, and the risk-based probabilities and impact of their actions.

By continually updating stakeholders on the risks facing the business - and training them to implement basic security guidelines - companies can better influence long-term behavioural change. In the process, they can develop a more effective response to managing cyber risk.

At Accenture, we spend a lot of time examining how to help businesses define, design and drive effective cyber security strategies that can detect and prevent even the most sophisticated and disruptive attacks.

Bad actors are constantly networking, researching and testing new tactics to increase their reward and the scale of the crime. Because of this, we believe breakthrough technologies like machine-learning are vital tools for orchestrating more intelligent defences against cyber-attacks.

But we also recognise that conventional approaches for testing resilience can have blind spots. That's why we recommend that organisations deploy applications based on an intelligent self-learning system that's truly capable of anticipating and detecting threats - and staying ahead of new ones.

Only then can your organisation become more effective in hunting down potential attackers - before they find you.

  • The writer is director of Artificial Intelligence Delivery in Asean at Accenture.