Raconteur

Cyber-Risk & Resilience 2017

Issue link: https://raconteur.uberflip.com/i/916170

Contents of this Issue

Navigation

Page 4 of 7

RACONTEUR.NET CYBER-RISK & RESILIENCE 5 17 / 12 / 2017 the personal data of their customers is now a commercial imperative. Using traditiona l data, such as name, address, email, date of bir th, IP address and biometrics such as voice, f ingerprint and iris scan, are being joined by behav- ioura l characteristics that are unique to the individua l. This is necessar y as much of the traditiona l persona l data is availa- ble via public record or can be purchased on the dark web. However, behaviour isn't a tangible piece of data that can be purchased, which ma kes this form of se- curity highly attractive for enterprises and organisations. The issue has been analysing the masses of data a consumer's digital footprint could contain. This is the province of AI and ma- chine-learning that can see patterns in the data collected and accurately assign this to an individual as their digital ID. Just checking information on credit agencies, for instance, is no longer robust enough in the face of cyber- criminals who can create synthetic personas. To combat spoofi ng attacks, AI and ma- chine-learning are being used widely in a variety of security applications. One of the most recent comes from Onfi do that has developed its Facial Check with Video that prompts users to fi lm them- selves performing randomised movements. Using machine-learning, the short video is then checked for similarity against the im- age of a face extracted from the user's iden- tity document. For all enterprises and organisations, the authorisation of payments is vital. Johan Gerber, executive vice president of secu- rity and decision products at Mastercard, explains their approach: "Artifi cial intel- ligence and machine-learning are crucial security capabilities to interpret the com- plexity and scale of data available in today's digitally connected world." How you behave online will become a crit- ical component of your identity. However, AI and machine-learning systems will need to be sophisticated enough to understand when someone changes their behaviour, without it being malicious. For instance, when you are on holiday, your digital foot- print changes. AIs would need access to your travel arrangements to ensure your credit card isn't declined because of anom- alous behaviour. These systems are com- ing from a new breed of security startups, including Checkr, Onfi do and Trooly, that understand cyberthreat. It is also becoming clear that those busi- nesses that use more sophisticated securi- ty and identity verifi cation systems lessen their instances of cyberattack. The Fraud and Risk Report 2017 from Callcredit illus- trates this as only 5 per cent of businesses that have been victims of fraud this year have used any sort of behavioural data for fraud insights. Essentially, businesses that aren't getting hit by fraudsters are using more sophisticated techniques. Last year 63 per cent of cyberattacks in- volved stolen credentials, according to Veri- zon's Data Breach Investigations Report. "By monitoring to ensure that all systems and DIGITAL IDENTITY Ghosts in the machine that know who we are A proactive and dynamic response to digital identity security is now critical. Latest fi gures from fraud prevention organisation Cifas show there has been a sharp rise in identity fraudsters applying for loans, online retail, telecoms and insurance products. Simon Dukes, chief executive of Cifas, says: "We have seen identity fraud attempts increase year-on-year, now reaching epi- demic levels, with identities being stolen at a rate of almost 500 a day." Proving your identity has always been es- sential, but none more so than across the digital landscape. It's not surprising that ar- tifi cial intelligence (AI) and machine-learn- ing are being rapidly developed as an aid to identity authentication. The risk of chargebacks, botnet attacks or identity theft is leading enterprises to de- ploy intelligent systems that are not simply looking at publicly available data to identify a person. Earlier this year, for instance, Sift Science announced its Account Takeover Prevention that can detect and block illegit- imate login attempts. The C yber Security Breaches Sur vey 2017 revealed that just under half (46 per cent) of all UK businesses identified at least one cybersecurity breach or attack in the last 1 2 months. This rises to two thirds among medium-sized firms (66 per cent) and large firms (68 per cent). Protecting Are we entering a new age of behavioural tracking with the emergence of artificial intelligence and machine-learning, will this offer new levels of personal data security and will our behaviour online become the only password we need? DAVE HOWELL data are behaving normally instead, enter- prises can allow people to get on with their work and only intervene when someone is trying to access areas they shouldn't," says Piers Wilson, head of product management at Huntsman Security. The current level of development with AI and machine-learning has already deliv- ered new security systems that are in use today. Mastercard's Decision Intelligence is a good example. However, AI and ma- chine-learning are far from autonomous and still require high levels of supervision. They can clearly search vast quantities of data to respond to a specifi c question or task, such as authenticating the identity of a shopper. AIs can identify a change in be- haviour and highlight an anomaly, but is this behaviour a threat? Greg Day, vice president and chief se- curity offi cer at Palo Alto Networks, con- cludes: "There is a bigger impact that machine-learning will have on the cyberse- curity industry and that has to do with the collection and aggregation of threat intelli- gence. When cybercriminals ply their trade, they leave behind digital breadcrumbs known as 'indicators of compromise'. "When collected and studied by ma- chines, these can provide tremendous in- sight into the tools, resources and motiva- tions that these modern criminals have. As such, access to rich threat intelligence data and the ability to 'learn' from that data will ultimately empower organisations to stay one step ahead of cybercrime." As we all tend to fall into habits, including how we access digital services, our purchas- ing decisions, what devices we typically use, for how long and from which locations, these behaviours can all be used by AIs to build a profi le of an individual. If this behaviour is deviated from, the AI can easily spot this change of pattern with- in the data that defi nes who we all are. This "contextual intelligence" is the basis for rapidly developing security systems that could not function without advanced AI and machine-learning. ARTIFICIAL INTELLIGENCE: DEFENCE AND ATTACK SURVEY OF CYBERSECURIT Y PROFESSIONALS KPMG 2017 We have seen identity fraud attempts increase year-on- year, now reaching epidemic levels 12% have deployed/are planning to deploy machine-learning/AI technologies for cybersecurity analytics and operations 30% claim to be very knowledgeable about machine-learning/artifi cial intelligence (AI) in relation to cybersecurity analytics and operations AWARENESS OF MACHINE- LEARNING IN CYBERSECURITY SURVEY OF CYBERSECURIT Y PROFESSIONALS BEST-BACKGROUNDS via Shutterstock We use artifi cial intelligence in protecting ourselves from cyberthreats We consider the use of artifi cial intelligence by attackers to be a future threat to us YES NO DON'T KNOW Enterprise Strategy Group 2017 4% 72% 24% 40% 28% 32% F rom terrorist attacks to major cy- berbreaches, the world suddenly seems to be more dangerous and unpredictable than it has been in the last half century. These alarming events come against a background of po- litical and economic instability. On top of concerns about the security of employees, IT systems and supply chains comes pressure from investors, clients and regulators to ensure organisations are ready to act quickly to pre-empt or at least mitigate problems caused by these events. "We find that organisations often create their own crises," says Jake Hernandez, global consulting director at AnotherDay, a fast-growing strategic security consulting firm that focuses on forethought and pre- vention to enable its clients to operate as safely as possible. "Either they haven't had the time to do any crisis planning or they've done too much and overcomplicated the process with vast documents and complex, unworkable procedures." Adding to this challenge is the way in which news of an incident is reported. Social media supports the instantaneous spread of information and has made news dissemination faster than ever before. Whether it's a suspected terror attack, a natural disaster or a data breach, infor- mation about an event will travel around the world in seconds thanks to the rapid rise of the citizen reporter. Quite understandably many organisa- tions have considerable concerns about social media but, as well as simply spread- ing news about a crisis incident and adding to the threats faced by firms and others, social media often plays a construc- tive role. Facebook, for instance, recently launched Safety Check which, it says, is a way for members to "connect with friends and loved ones during a crisis, offer or find help for people in the affected area". It was to harness the power of publicly available social media, starting with Twit- ter as the fastest purveyor of news wher- ever and whenever it might be breaking that Dataminr was founded in 2009. Dataminr processes all publicly availa- ble tweets in real time and detects indi- cations of breaking events. Using propri- etary algorithms and machine-learning technology, Dataminr sends clients real-time alerts so security teams can quickly prepare the most effective re- sponse to unforeseen incidents. Corporations depend on Dataminr to help keep their personnel, facilities, op- erations and interests safe around the world. Political and terror-related risks have always been around, but these days the key is the speed at which they're re- ported thanks mainly to social media, Social media: giving you a head start in a crisis Social media has transformed the reporting of serious incidents – now companies are using it to get a head start in crisis management and the ability of organisations to react with equal alacrity and agility, as they begin to exploit the power of social media as a source of news. "In this volatile atmosphere, what mat- ters is the speed of the alert," says Tim Willis, director of Europe, Middle East and Africa corporate security at Dataminr. The company was able to inform its customers that last month's Oxford Circus incident, for instance, was not in fact a terrorist inci- dent, before anyone else. Following its first alert about the event at 4.46pm, by 5.11pm it was sending updates to inform clients that the incident ap- peared to be contained. As a result, crisis management teams were able to stand down their crisis procedures far earlier than if they had relied solely on traditional sources of information. AnotherDay uses Dataminr's services to turn the ocean of public data provided into useful, actionable information that its clients can use in their crisis-response procedures. "We have the Dataminr app running con- stantly on our desktops at AnotherDay and our consultants have it on their smartphones wherever they are in the world, so we can all receive alerts for terrorist incidents, cyberat- tacks or other threats," explains Mr Hernan- dez. "We can then use our understanding of our individual clients' operations to put these alerts into context. We can say to an insurer, for instance, 'This is what has just happened, this is what it means for you and this is what other companies like you have done in similar situations'." Both Dataminr and AnotherDay are brought in by departments ranging from the communications team, corporate security, human resources and, increasingly, in these days of "just-in-time" delivery, those respon- sible for supply chain management. One Dataminr client that transports refrig- erated medicines across Turkey was able, following an alert about political instability in the country, to keep drugs in their refrig- erated warehouses. Had they been trans- ported, they would have deteriorated when road blocks delayed the lorries, impacting storage conditions and costing hundreds of thousands of pounds. "Companies are realising that not only can they reduce their risk, but they can gain an advantage over their competitors that aren't managing such risks as well," says Mr Willis. Not only is it imperative to respond quickly to risk when it arises, but also to plan for it. Mr Hernandez points out: "Organisations are suffering cyberattacks, for instance, all the time. But more and more are realising that they need to be proactive in handling these attacks. We're also seeing more compa- nies address a greater range of risks at the C-suite level. This means that organisations can co-ordinate their efforts and take a more holistic approach. After all, prevention is better than cure." For more inforamtion please visit www.another-day.com www.dataminr.com COMMERCIAL FEATURE We have the Dataminr app running constantly on our desktops at AnotherDay and our consultants have it on their smartphones wherever they are in the world WESTMINSTER TERROR ATTACK On March 22, Khalid Masood, 52, drove a car into pedestrians on London's Westminster Bridge, then stabbed a policeman before being shot and killed near the Palace of Westminster. Within two minutes of this attack, at 2.41pm, Dataminr delivered a flash notification from an eyewitness at the scene to its clients around the globe, including AnotherDay. "Gun shots outside Parliament now," the alert read. From the rapidly rising volume of tweets, Dataminr issued a second alert at 2.46pm, discovered from a Twitter user based in the Palace of Westminster with more information. "This was an example of the kind of major incident that firms associate with the word 'crisis'," says Mr Hernandez. "We've normally worked with a client to develop their plans and train their team so that we can say, 'This is what we've planned and trained together for. Now that it's happening and, given how we understand you're likely to be exposed, here's what we think you should do'." WESTMINSTER TERROR ATTACK TIMELINE Tweet volume: westminster or #westminster 2:30PM 3:00PM 3:30PM About five minutes ago we heard a bang, and then screams, from our office in the Palace of Westminster 2:46 PM A car on Westminster Bridge has just mowed down at least five people 2:47 PM We were called at approx 2:40pm to reports of an incident at #Westminster Bridge. Being treated as a firearms incident - police on scene 2:52 PM Police are closing off the streets around Westminster Bridge and Parliament 3:29 PM Gun shots outside Parliament now 2:41 PM In House of Lords on lockdown as there's been a shooting outside. V scary hoping everyone is OK. Getting reports of co-ordinated attack 2:52 PM BREAKING: Middle- aged man drove 4x4 across Westminster Bridge, ploughing into eight to ten people, drove into railing, stabbed PC and was then shot 2:52 PM Police, security, House staff and armed unit have us locked down in Parliament. Staff locked in office. All safe but thoughts with injured 3:52 PM Attack occurs UK INCIDENTS OF BOMB THREAT/EXPLOSIVES-RELATED CORDONS IMMEDIATELY REPORTED ON SOCIAL MEDIA Reports by area, between September 2016 and 2017 AnotherDay/Dataminr AnotherDay/Dataminr 28 Northern Ireland 56 London 31 Midlands Scotland 10 South West 18 South East 17 North East 24 North West 25

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - Cyber-Risk & Resilience 2017