Should we invest solely in cyber security - or teach our machines instead?
WE'RE well into February, yet the row over Russia's suggested involvement in November's US presidential election continues.
Before he left office, Barack Obama warned NATO allies to closely monitor any impending elections. Last month top US intelligence directors testified about the suggested hacks at a Senate hearing, where other more sophisticated cyber-attacks and the growing need to fortify cyber-security strategy.
In every modern economy, including Ireland, criminals are fighting a 21st century war, attacking our critical infrastructure and financial systems, using unconventional techniques.
But getting this message across to most businesses seems to be failing, and so they defend themselves with antiquated methods. All the passwords, tokens and other forms of strong authentication are meaningless if a person is tricked into handing over their credentials, inadvertently installs rogue software on their device that performs certain actions, or unwittingly gives a criminal access to their machine or account.
Cyber-security is constantly in today's news and some countries and larger global companies are turning to technology and developing “machine learning” — along with solid fundamentals, like teaching their staff to be more protective of even the smallest snippet of information – to provide a higher level of cyber-security for the future, to address the ever increasing level of threat.
This is not a new term from today's techies who live in darkened rooms. In 1959 Arthur Samuel, an American pioneer in the field of computer gaming and artificial intelligence, defined machine-learning as a "field of study that gives computers the ability to learn without being explicitly programmed".
High-tech cyber-defence will place a new emphasis on detecting attacks, as opposed to simply preventing them. Machine-learning based solutions (the US Government have engaged with SAP to provide a predictive solution to fight cyber-security threats) may become more mainstream in 2017, as companies seek to become smarter and faster, to identify and respond to threats.
Behavioural analytics, for instance, could help organisations use their own data to identify suspicious behaviour within automated processes, such as verifying identities and machine-to-machine interactions. Based on successful suppressions, machine learning would then improve flexibility and efficiency in managing, investigating and responding to new threats.
We have all received that dodgy email from a “bank” or “building society” that on the surface looks genuine. But when opened or executed, the trouble starts – disaster! That's why the new technology behind machine learning must move beyond the common pre-execution machine learning, which only analyses files before they run. The new high performance machine learning, analyses these dodgy files, not just before but during execution, when malicious code often reveals itself.
This forward-looking technology has a lot of potential, when employed alongside other measures to secure e-mail, mobile and other assets. But, as this high performing machine learning goes mainstream, cyber-criminals will continue looking for ways to defeat it - and they're also turning to machine learning. In fact, some cyber-security companies believe cyber criminals are fine tuning their attacks, with the help of machine learning already.
For many Irish companies and organisations, however, high-tech security solutions can only protect to a point. Likewise, passwords and other measures only work when users are diligent and savvy.
These same cyber-security companies believe we are in an “arms race” to prevent the next attack – now there's a term from the past!
:: Trevor Bingham (editorial@ itfuel.com) is business relationship manager at ItFuel in Craigavon. Follow them on Twitter @itfuel.