We’re only a few months into 2017 and cyber attacks seem to be hitting the headlines even more regularly than last year.
Recently, it was Wonga. In the same week, it was announced that cyber breaches have cost UK companies £42m since 2013. The week before that, it was revealed that Chinese hackers had been carrying out sustained cyber attacks for three years across the globe.
As a result of this boom in cyber crime, startups and companies across the world are harnessing new ways to handle the sophisticated attacks and spending is thought to be around $106.1bn in 2017, according to research by IDC.
Artificial intelligence (AI) and machine learning are just two types of technology that are fighting cyber breaches on the front line.
Why is artificial intelligence used in cyber security?
AI is now considered crucial to the role of cyber security, protecting companies from attacks and identifying threats at first glance.
It can speed up the process of noticing attacks, which is beneficial in preventing a full-scale breach being unleashed.
Alex van Someren is an early stage investor at Amadeus Capital. He has a background in creating security hardware businesses and so is interested in investing in startups that focus on big data and cyber security.
“When we originally decided that we would invest across these themes, big data, AI and cyber security, we didn’t necessarily appreciate quite how much they were going to intersect in the way that we do now,” he tells Verdict.
The reality of it is that the volumes of data generated, for example in networks where you’re looking for malicious actors or the implications of hacking attacks, actually need to be analysed using automated tools because it would be impossible to analyse them otherwise. AI has brought the solution to that kind of challenge straight to the table.”
For Marco Essomba, co-founder at chief technology officer at security consultancy iCyber-Security, when making the decision to build the company’s own security platform it made sense to incorporate AI from the beginning.
“Humans can’t keep up with a number of attacks and the type of advanced persistent threats, as they’re called. It’s quite obvious that we needed to use AI to tackle the workload,” he tells Verdict.
The analysts are doing a great job but they just can’t keep up with the amount of data, the number of logs and the number of requests, so yes it was quite obvious that AI is going to play a big role.”
Who are the startups in this space?
Cyber security startups are a growing element of the London startup scene, thanks to the programmes and investment available to encourage this. Last year, the UK government announced it wanted to increase its cyber security spend to £1.9bn, which will be used to shore up UK defences and support the country’s growing cyber security industry.
Accelerator programmes such as Cyber London, which was Europe’s first cyber security accelerator programme co-founded by van Someren, and now GCHQ’s accelerator programme are offering new companies mentorship and investment.
Startup Cyberlytic, started by St John Harold and Stuart Laidlow, began by answering a request from the Ministry of Defense (MoD) to help the department manage, contain and prevent the volume of alerts on its security systems. After being awarded the contract, Harold and Laidlow ended up going through the Cyber London programme to help them raise capital and build the team.
We are a web-application security company, using machine learning and AI to identify malicious activity in http traffic. We look at how a web user on their browser interacts with the web server and the responses the web server replies back to the user,” explains Harold.
Since officially launching in 2015, Cyberlytic has gone on to work financial institutions, retail companies and is a cyber security supplier to the UK government
As well, StatusToday was started with the help of another accelerator, EntrepreneurFirst, before applying for the GCHQ accelerator.
As a very young startup, we were very keen to engage with GCHQ to understand how to mature the technology and the business. One of the things it’s helped us with is we got access to very senior experts within GCHQ, both technical and commercial, who helped us refine the technologies. Our machine learning capabilities certainly have improved as a result of the conversations and discussions we’ve had with them,” Ankur Modi, chief executive at StatusToday, tells Verdict.
Cambridge-based Darktrace launched in 2013 but it already has 24 offices worldwide and is known as one of the UK’s most well-known startups.. Fighting cyber breaches with algorithms is here to stay.
Are companies catching on to the idea of AI?
According to research by global services firm PwC, they are. In a survey looking at investment in security software, 23 percent of respondents said they were planning to invest in artificial intelligence and machine learning over the year.
PwC US co-leader in cyber security and privacy, Christopher O’Hara, said technology such as machine learning and big data analytics will rapidly evolve in this industry.
We believe that the application of data science to threat intelligence and security-incident management will be the future of how companies address threat intelligence,” he said.
Over the past few years, a better understanding of AI has meant that companies are more willing to embrace the technology.
About two years ago, there was a very good distrust of AI and whether it could actually work for any organisation,” says Harold. “But now organisations are starting to realise that actually this self-learning process is actually very useful.
Will we get to the point where all companies will have AI security software?
The benefit to incorporating AI technology into cyber software is clear: AI can crunch the data faster than a human, making it a more efficient use of a security analyst’s time, as well as being able to spot mistakes a human wouldn’t be able to.
In the realm of security, AI fills many gaps in cyber defences driven by human dependent manual process. Most importantly, it brings the smart automation able to effortlessly run through vast data sets, round the clock, 365 days a year – a big step forward compared manual threat detection,” says Modi.
For Harold at Cyberlytic, the most interesting aspect is that machine learning and AI systems can spot zero-day attacks. “There are usually no more than a standard attack, where an attacker has changed a little bit of the code, so a traditional system couldn’t detect it anymore,” he explains.
But because of machine learning, we’re not looking at exact matchers, we’re looking at similar characteristics – we’re able to detect these little nuances and changes. We’re able to proactively detect these attacks without ever having seen them before.”
As cyber criminals become increasingly sophisticated, having AI makes it easier to cope with attacks and potential breaches.
In some instances, there are attacks happening every couple of seconds, it’s just relentless,” says Essomba. “So yes, I foresee that AI is going to play a massive role because without it, it’s going to get harder for analysts to really cope.”
How will automation in cybersecurity affect employees?
Despite concerns that automation will lead to job losses, security is one of the areas where AI could lead to job gains. According to a report by PwC, by the 2030s five percent or more of UK jobs will be in areas related to new robotics and AI that do not exist now.
The reason cybersecurity could lead to job gains alongside automation is the sheer amount of growth the sector is seeing. As attacks and the threat of attacks grow, more people and more sophisticated technology will be needed to fight them.
IDC’s report which said security spending will rise in 2017 found that companies are investing more in security technology because of major hacks such as Sony and Yahoo.
Sean Pike, IDC’s vice president of security products said:
Today’s security climate is such that enterprises fear becoming victims of the next major cyber attack or cyber extortion. As a result, security has become heavily scrutinised by boards of directors demanding that security budgets are used wisely and solutions operate at peak efficiency.”
As well, the attacks really are growing. Recently, PwC’s UK cyber security practice and BAE systems released a report on how a Chinese hacking group has been carrying out sustained attacks on companies all over the world via their supply chains.
PwC said the group has conducted “one of the most prolific espionage campaigns” it had seen, working 10-hour days, similar to a working day, that fit China’s time zone.
It’s not as simple as saying that AI will solve all the cyber security issues in the world though. The skills gap in the industry is huge. Tech conglomerate Cisco believes there are around 1m unfilled roles in this sector worldwide because of the lack of people with the right knowledge, which could increase to 1.5m by 2019.
The skills shortage [facing the industry] is the biggest challenge. There’s almost zero percent unemployment in cyber security, there’s massive demand. The shortage is a known issue and companies are suffering because of it,” warns Essoma.
Governments, as well as companies, need to ensure they are encouraging investment in skills training to shore up defences against cyber attacks.