Machines-humans must team up for robust cyber security
There can be no doubt that the Fourth Industrial Revolution has ushered in a flood of benefits via digital transformation.
Organisations now engage citizens and customers, empower public officials and business employees, optimise operations and reinvent business models as never before.
But an explosion in device prevalence and data creation has expanded the attack surface for those that would rain on the parade.
How should we discuss our escalating concerns about cyber security?
Should we talk about insidiousness?
The average attack package takes less than 48 hours to take control of a network and will remain there for 146 days before detection.
Should we talk about employee training?
More than 63 per cent of network intrusions occur through compromised user credentials.
What about cost?
Organisations around the world take a combined annual hit of $500 billion and the average loss from a corporate data breach is $3.8 million.
These global findings from Microsoft’s “Lean on the Machine” report, and others, are reflected in regional research.
For example, a recent Microsoft survey discovered that more than 80pc of large GCC enterprises still used user names and passwords as the sole means of network authentication.
Only around 11pc use a 2FA SMS notification to support username-password authentication.
About 7pc reported using fingerprint-scanning and just under 1pc had adopted facial recognition.
Getting ready and staying steady:
This is a vital realisation, because while the insidiousness of the threat landscape, employee knowledge gaps and frightening costs are all worthy topics for discussion, our solution lies in discussing readiness.
If we are ready for whatever the digital bandit throws at us, all other concerns melt away.
The average large enterprise combs through 17,000 threat alerts a week, wasting time chasing false positives and prioritising responses.
Lack of visibility and in-house expertise weaken defences and response effectiveness. We are not ready.
So how do we get ready?
Well it may surprise you to learn that technology is only part of the solution.
Recent progress in the cyber security arena – new-found successes not only in detection, but in prediction – has come from combining big-data analytics, machine-learning and human expertise.
Security analysts sift out the most suspicious alerts and provide feedback that allows software to become smarter.
A hybrid in action:
One example of a working system is MIT’s AI2, which has been in operation for more than two years.
The system trawls through some 40m lines of data logs each day, using specialised algorithms to present only the 100 or 200 most nefarious-looking entries for human analysis.
It takes feedback from the analysts that allows it to improve real-time performance, and as of April 2016, it could detect 85pc of cyber attacks.
It took AI2 just three months of learning to get that good and the human element was key.
MIT’s system generates 80pc less false positives than machine-only solutions.
If we want to be ready, this is our way forward. Microsoft is a strong believer in this approach.
We have built an entire cyber security ecosystem of layered architecture, specialists, data-sharing and partner solutions around it.
Every month, we scan more than 18bn Bing searches and process 450bn authentications.
We subject 400bn emails to checks for phishing campaigns and hidden malware, and more than 200 cloud services are monitored for security risks.
Protect, detect and respond:
The Microsoft Intelligent Security Graph powers real-time detection, response and remediation, using advanced analytics to pull together threat intelligence and security data from our own environment and those of our trusted partners.
Insights from the Graph enable us to protect our own products and services as threats arise.
Microsoft’s Advanced Threat Analytics monitors behaviour and allows our customers to react as fast as their attackers, reducing false-positive fatigue.
And we also offer Windows Defender Advanced Threat protection (ATP), a unified platform for preventative protection, post-breach detection, automated investigation and response.
This, we believe, is what being ready looks like. Our attackers will not relent, so neither should we.
The author is regional director for modern workplace and security at Microsoft Gulf