Businesses need a tool to identify the anomalies in network traffic because they can signal a potential online attack.
A download of a zipped file from a supposedly trusted email source resulted in local firm Phoon Huat’s picture files being held ransom. Pay up or these files will be locked up forever, said a ransom note that popped up on a laptop screen.
Phoon Huat, a leading baking accessories firm here, did not pay the ransom. Its IT manager Erick Chng deleted the file and removed the laptop from the network. Back-up tapes restored the information.
Ransomware, as a form of cyberattack, is on the rise. According to Symantec’s Internet Security Report 2016, ransomware incidents rose by more than 50 per cent in 2015. Overall, cyber attacks whether it is for corporate espionage, stealing personal information or destroying networks and systems, are on the rise. The result: rising spending on cybersecurity. Research firm International Data Corporation (IDC) reported that by 2020, organisations are expected to spend US$101.6 billion on cybersecurity software, services, and hardware. This is a 38 per cent hike from the US$73.7 billion that IDC for 2016.
The challenge for organisations is that they can’t keep up with new malware which is being developed faster than cyber defence antidotes.
One security company, Darktrace, has come up with a fresh approach. The British company founded in 2013, built a cyber defence technology that flags strange digital activities on the IT network by monitoring what workers normally do to spot the ordinary behaviour. After its machine learning algorithm learns the normal traffic patterns, it highlights the irregularities. A daily report on a customer’s online dashboard offers insights into in-progress and novel attacks, some of which are undetectable by traditional methods such as rule-based solutions. The report also categorises the irregularities from low to high risk so that corporate IT security can attend to them in order of priority.
“Darktrace provides a convenient platform where network traffic anomalies are visually abstracted. We could then zoom in and address the ones highlighted by Darktrace as the highest risk category.”
– Ken Soh, chief information officer of BH Global
Singapore marine lighting company BH Global rolled out Darktrace last year after it spotted suspicious activity in its IT networks. Chief information officer Ken Soh noticed the company’s firewall had been blocking malicious “beacon messages” or “call-back messages” successfully. Something was wrong. It was a wake-up call for deeper visibility of the activities within its corporate network.
After the company, introduced Darktrace technology last year, his IT executives were able to have visibility on anomalies within the network.
Said Mr Soh: “Darktrace provides a convenient platform where network traffic anomalies are visually abstracted. We could then zoom in and address the ones highlighted by Darktrace as the highest risk category.”
Quick discoveries of vulnerabilities are crucial because damage can be contained much faster. Mr Hareesh Ramasubramanian, IT security manager of educational organisation IBO said that it has been documented that on average, if an organisation’s IT department had the capability to address an intrusion by itself, the detection process typically takes 32 days and the containment process then takes one day.
But if the organisation works with or has to rely on third parties, such as regulatory bodies, law enforcement, vendors, and in certain cases, even consumers, as in IBO’s case, it will take about 108 days to detect an intrusion and two weeks to fix or contain the impact, he added.
Since IBO implemented DarkTrace in December (2016), it had received 14 threat intelligence reports. About 94 per cent of the incidents reported, revealed a risk to its information assets.
“We’re able to stop undesirable or malicious activities like unauthorised data transfer, unintentional download of malware, and unauthorised use of software or hardware on our network. Without Darktrace, it would have taken us much longer to detect and address these.”
Darktrace Asia-Pacific managing director Sanjay Aurora said organisations are also becoming more digital with more business processes going online for greater efficiency and reap productivity gains. There is also a deluge of information as a result of data collected by Internet of Things devices like closed circuit TV cameras and sensors.
“It is not possible for human security teams to manage the explosive increase in data stored digitally and carried on IT networks. The attack surface has also increased with IoT as the devices have become new points of entry into the network for malware and other new forms of cyber-attacks.
Darktrace’s Enterprise Immune System technology uses artificial intelligence and machine learning to gather security intelligence against a known set of rules, that is, it looks and learns what is normal and abnormal network behaviour. The company’s technology system is based on mathematical research carried out at Cambridge University in Britain.
Its employees include former British and American government cyber security professionals. Globally, it employs more than 360 people. Its customers are found in 60 countries and include Phoon Huat, BH Global, IBO, Rakuten Securities, Birmingham International Airport, M1 and the United World College of Southeast Asia. Customers pay subscription fees and its renewals are at over 90 per cent. It has an office in Singapore.