Author: Kevin Phillips
As the UK has rather publically, and of course deliberately, announced the presence of a new centre to combat cyber attacks, it is acknowledging the rising threat level we face from domestic and foreign computer-based assaults on individuals and private organisations, as well as those aimed at the country as a whole.
The National Cyber Security Centre (NCSC) has been set up as part of GCHQ to “help make the UK a safer place to live and do business online”, with the job therefore to stay one step ahead of anyone who wants to cause harm in any number of cyber attack scenarios. Combating the growing threats of attack is one of the most important aspects of national defence for any country. The same, therefore, must be assumed at the corporate level of any organisation, be they in retail, logistics, or banking. But, with only a finite set of human resources available to combat threats from nearly all sides we face an “us against the world” scenario, which just cannot scale to meet the challenges ahead. So, are we doomed to failure already?
Well, not yet. Sure, if we had to rely on human brain power alone, no matter how clever, educated and down-right sneaky our operatives become, we would eventually run out of resources to keep up with the onslaught. Thankfully, we are not limited to ‘our own kind’ in this cyber arms race. We do have another, potentially limitless supply of combatants to help us out – ‘machines’.
OK, I am being a bit loose with the term ‘machine’ here: I am referring to computer software, and more specifically the rise of the “bot”. Bots are, for want of a better description, “an autonomous program designed to interact with systems or users, often mimicking the behaviour of a person”.
Where there is financial loss at stake, the need to stay on top of cyber threats has become at least as important as meeting regulation. Therefore, banks, building societies and other providers that use digital financial software are at the front of the queue when it comes to criminal intent from hackers.Needing to stay on top of cyber threats has become as important as meeting regulation Click To Tweet
So how can the humble bot help? For a start, bots can be deployed to patrol the perimeter defences of a computer network, supporting the traditional hardware and software ‘concentric circle’ lines of defence by detecting unusual access using ‘signature traits’ to see if activities being undertaken are out of alignment with the expected norm. Of course, once a bot has detected such a presence it needs to raise an alert pretty quickly, and if possible deploy countermeasures to limit the intrusion.
This is a good start, but as with any arms race the attackers will soon learn the limitations of defence bots and simply up their game to create neutralising agents, gaining the upper hand once again. What we really need are bots that know how to evolve on their own, bots that ‘learn’ to up their own game, share experiences with other bots and keep up to date with the intruders. But, is it possible train bots to teach themselves?
The use of Machine Learning techniques is certainly one way that this can be achieved – the ability to adapt when exposed to new data, and improve activity and outcomes accordingly. Here are some activities that could be undertaken by bots to help them learn and improve their capabilities:
- Simulate attacks – set up bots to simulate ‘real world’ successful attacks on existing defences, and collate data on the signature traits that can help detect such attacks in the future.
- Learn from attacks – replay attack simulations to train bots to benefit from prior data collection.
- Bot vs bot – set up attack/defence challenges, where bots try to out-smart each other by creating randomised attack scenarios to outwit the machine learning process.
- Bot teach bot – network bots together so they quickly pass on what they have learned across the system, limiting the chance of intruders breaking through weak points and un-tested areas.
While bots were once seen as one of the threats to cyber security, they really are fast becoming one of the biggest assets that cyber defence strategies have in their arsenal. But this shouldn’t be just the domain of NCSC or other government agencies. The financial services industry needs to wake up and get on board with investing in and building up their own bot defences. The question is, how long do they have before the damaging breaches we have seen over the past 18 months becomes regular, and catastrophic, events?