Recently the Department for Education came under fire when some of the laptops given out in England to support vulnerable children during lockdown contained malware. It did not dominate headlines – but this incident is another canary in the coalmine for the ongoing concerns around national cyber security.
At a glance, following the spate of attacks we have seen against the public sector at home and overseas, this incident does not seem particularly notable. It does not appear to be a targeted attack, but rather the result of improper laptop refurbishment. Gamarue, the malware reported to be installed on the computers, is a common strain of malware that has been around for over nine years. It is likely that this was a stain of a previous attack, and human error was at play. But this attack raises yet more alarm bells about the vulnerabilities in the government’s network of suppliers.
Complex global supply chains offer those with criminal intent many points of vulnerability that may be tested in the pursuit of compromising the systems or equipment that the public rely on. We saw this in 2018, when 380,000 credit cards were breached due to a vulnerability in a third party web plugin used to process card data at British Airways. The airline consequently faced the biggest GDPR fine in British history.
Data protection and GDPR: what are my legal obligations as a business?
This time, hardware was the source of compromise, but we know all too well from the recent SolarWinds Orion attack that software too can be poisoned. An attack which laid bare the vulnerability of even the most equipped national superpowers in the face of well-resourced and creative cyber adversaries, SolarWinds evidenced a simple truism: today, attackers have many places to hide – the complexity of a global supply chain is their friend.
Supply chain attacks are virtually impossible to detect with standard security tools and procedures, because the malicious software is packaged as legitimate, within your own laptop or software you have typically relied on, and delivered into the heart of your organisation by trusted suppliers.
And so the problem that must be tackled by the governments and businesses urgently is not so much an audit of all their suppliers, but how to manage the pervasive risk that suppliers from all over the world bring. Too many organisations feel blind to what’s going on in their own systems – let alone the risk that their suppliers and partners might introduce.
The good news is that the UK is in a strong position to face this challenge head on. Artificial intelligence, built in Britain, is making major steps forward in this area – detecting the most subtle anomalies in critical systems that might point to a supply chain compromise. Given the ever-increasing scale and complexity of digital environments, it is rapidly becoming critical for cyber security teams across the public and private sector to leverage technologies like AI that can not only detect and investigate, but crucially respond to malicious activity within the network.
Use cases for AI and ML in cyber security
This approach shifts attention to the critical issue at hand: understanding and constantly enforcing ‘normal’ digital behaviour. With an understanding of evolving ‘normal’ activity, we will be better equipped to disrupt and stop attacks at the earliest signs of compromise.
Today, the most cyber mature organisations across the public and private sectors – from NHS trusts to multinational companies such as eBay and Rolls-Royce – are already relying on AI systems to identify exactly this type of stealthy threat that goes under the radar, and stop them as they emerge.