Machine learning: Disrupting the cyber security industryEd Bishop, co-founder and CTO at Tessian, explains to Information Age how machine learning is disrupting the cyber security industry; more than any other
Despite the emergence of apps like Slack and Yammer for internal employee communication, email is still the dominant form of external employee communication for enterprises.
The dominant form of communication
“In a similar way that computers, servers and devices communicate with one another through data packets transmitted via TCP/IP, employees communicate with one another through natural language and documents shared via email,” says Bishop.
The rise of account takeovers and the downfall of ransomware
“When email was created in the early 1970s it was the first ‘killer app’ for the web. Now, over 280 billion emails are sent every day, but email was never designed to be used at such scale,” he continues.
There are three properties of email networks that make them especially vulnerable to cyber security threats, according to Bishop:
- Email networks are open gateways by design
Employees have to be able to send and receive communications from outside the organisation without restriction. This makes it easy for malicious outsiders to send emails into the network and for employees to leak data out of the network.
- Email networks have human nodes
Unlike computers, people are unpredictable. Employees make mistakes (misaddressed emails), break the rules (unauthorised emails) and are easily tricked (spear phishing).
- Email networks are dynamic
The communication patterns and behaviors of an employee evolve on a daily basis. This means that the cyber security threats on email networks are constantly evolving.
Machine learning: Disrupting the cyber security industry
Machine learning is disrupting cyber security to a greater extent than almost any other industry.
“Many problems in cyber security are well suited to the application of machine learning as they often involve some form of anomaly detection on very large volumes of data,” explains Bishop.
“Also, the threats in cyber security evolve over time as employees or attackers change their behaviour. Previously, cyber security vendors would build static, rule-based systems in an attempt to identify behaviour that indicates a threat. This led to lots of false positives and a low success rate.”
Applying machine learning to products — Tessian CTO
Now, the next-generation of companies are using machine learning to successfully identify anomalies and adapt to changing behaviour in real-time. The industry has seen this trend in AV with Cylance, in SIEM with Darktrace, and in email with Tessian — the company Bishop co-founded.
A challenge in effective machine learning cyber security surrounds building scalable systems to handle very large datasets — the ability to gather live data to ensure systems are adapting to human behaviour in real-time.
Fighting fire with fire
There have definitely been cases reported of hackers using machine learning in their attacks.
But, according to Bishop, the use of machine learning by hackers is not where the focus should be from a threat perspective.
Cyber security training
“When you look at the data and look at the cause of the majority of breaches, it’s clear that there is a much simpler reason why attackers are getting through. Instead of targeting the computers, hackers are actually using social engineering to attack the most vulnerable link in any organisation — their employees.”
“The cyber security industry has typically focused on preventing attacks on computers and this has left organisations exposed to attacks on their employees — the humans.”