What makes our immune system so exceptional is its understanding of the self. It knows what is part of ‘us’ and what is not.
“What the immune system knows is what makes up your fingers, hands, toes and major organs,” explained Dave Palmer, director of technology at Darktrace and former network security specialist with the British intelligence services. “It doesn’t know what the flu or colds look like; it simply learns what is you and tries to spot the bad stuff based on recognising things that aren’t you.”
This is an ability we take for granted. In cyber security, for instance, the current method is all about profiling the attacker: reacting to the threat as it is encountered. The problem is that the threats are moving faster and faster. The attacks have also become much more brazen in the past 12-18 months, said Palmer.
“What we’re seeing more and more is this idea of really aggressive, noisy malware that encrypts data within your company. What that is saying is ‘I’m going to get a strategic foothold in your company. I don’t care if you notice because I will have such a tight grip of your data and your devices, and you’ve got no choice but to deal with me’”.
The risk of attack has also spread to smaller targets. “With accountancy specifically, your ‘risk surface’, as we call it, isn’t just yours, it’s your clients’ too. We’re all in a very long supply chain now, the economy is massively digital.”
According to Palmer, the reality is that these attacks are completely indiscriminate. Fraudsters work down long lists of potential victims and key them in. “We’re long past that idea of ‘Oh, I don’t have anything worth stealing so hopefully they’ll go after someone else’”, said Palmer.
So, what now?
It all seems quite apocalyptic - but exciting developments in network security are changing the way threats are dealt with. The enterprise immune system is modelled after its biological equivalent. It profiles the network (its users, devices, data etc.), instilling a sense of self in your practice and your clients’ businesses.
“The reality these days is most of the attacks take the form of either wittingly or unwittingly getting someone on the inside to help you,” said Palmer. “It’s not a hooded teenager, cutting through the firewall - you get people to do it for you.”
What a company like Darktrace attempts is to reverse the cyber security paradigm. The new approach assumes cyber attacks are going to make their way in, the same way we accept our immune systems will face assault on a daily basis. “What we say, using this idea of the immune system, it that it’s possible to learn how your business works,” said Palmer.
This is done by analysing multiple data sets, and mathematically characterising what constitutes ‘normal’ behaviour: What every single device and person does within the business and how data moves around its systems. “With that understanding”, explained Palmer, “you can spot bad guys purely on the way that the way the behaviour gets changed when someone hacks your computer and takes it over.”
The approach to how everyone - not just massive companies - approach cyber security will have to evolve, said Palmer. “Attacks are going to get faster and faster and have a more immediate strategic impact on businesses.
“Rather than relying on internal security teams responding faster and faster - which is, frankly, not realistic - what we want the machine to do is respond on your behalf. It may not solve the issue, but at least it will stop the attack in its tracks for a little while.”
“Imagine the consumer confidence lost if you have to write to all your clients to say, ‘oh sorry guys, we’ve lost everything - can you please send me everything that’s happened in your financial affairs and taxes in the past 5 years?’”.