Solve people-centric security challenges with machine learning (VB Live)
Cybersecurity has always focused on essentially protecting the machine layer. This started with protecting networks using firewalls and then devices using endpoint detection systems. But data breaches and cybersecurity events are still on the rise, and exponentially growing.
“We believe this is because there’s essentially a person behind every data breach, and it’s not all about just protecting the machine layer,” says Ed Bishop, co-founder and chief technology officer at Tessian. “We think that to solve today’s most advanced threats, we must focus on protecting the human layer.”
Your employees now control your organization’s most sensitive systems and data. People make mistakes. People break rules. People can be hacked. Ultimately businesses are only as secure as the people who are the gatekeepers to these digital systems and data.
Ninety-one percent of attacks begin with a spear phishing email, Bishop says. On the outbound channel, misdirected emails are the number one digital data security incident reported under GDPR (Europe’s data governance policy). When it comes to human digital interfaces, email is the highest risk interface that employees interact with.
“It’s no surprise that email plays a central role in data breaches,” he says. “Email is the main artery of communication, and a channel through which some of the most sensitive information in an organization is shared. Combined with the ubiquity and openness of email as a system, human error plus email is always going to be a major security threat to organizations.”
Bishop points to the 2018 example of a Dutch operation of a French film company that was a victim of a targeted spear phishing attack. It relied on a common technique: The attacker spoofed the email address of the CEO and then emailed the finance director explaining that they were in acquisition talks with a Dubai-based company.
It wasn’t a single email used to trick the end user — there was back-and-forth communication channel over an extended period of time which resulted in the finance director wiring multiple sums of money to a bank account controlled by the hackers.
In this example, over the course of many emails, the hackers built legitimacy and trust. Once trust was established, the attacker was able to ask the victim to transfer large sums of money. In the end the company lost a total of 90 million euro, and the CEO and finance director of the Dutch operation were both held responsible and fired.
“We think this is a great example of the human element in security breaches, and why just focusing on the machine layer, for example looking for payloads such as attachments containing malware or links to malicious websites doesn’t really solve the most advanced threats,” Bishop explains. “We believe technology has a role in solving these human layer security problems, built for people first, rather than built for detecting machine layer threats.”
To truly understand the human element, you need to use advanced technologies like AI and machine learning, Bishop says. You need to train models on billions of data points collected from historical email data sets to understand the intricacies of human-to-human relationships. You need to understand natural language. You need to be able to ascertain the intent of an email. You need to know all the relationships across your organization, who speaks to who, what they speak about, how they communicate, whether they use formal or informal styles, and so on.
It’s impossible to capture these dynamic features with if-this-then-that rules or policies, which is really what machine learning and AI have done in disrupting the security market. What’s more, for problems as complex as understanding human behavior over email, it’s not enough to use basic machine learning techniques. A more advanced approach is required, called stateful machine learning.
With standard machine learning, you give raw data directly into the machine learning model — for example, a sequence of bytes in a piece of malware. The model generates features and makes predictions with no understanding of the time-series relationship between each data point it analyses. This approach is fine for many machine layer problems in security but understanding human behavior is different. In contrast, stateful machine learning takes into account all of the relevant data points from the past up to the current moment in time to calculate features and make accurate predictions within a matter of seconds. It is this understanding of time that is critical to making accurate predictions about human behavior.
“If you extrapolate across the number of emails they have, companies sit on huge data assets,” Bishop says. “Enterprises need to be asking how they’re leveraging that asset to help protect their people better. Training and awareness is an important piece of security, but I truly don’t believe we can rely on our people being right 100 percent of the time. We need to invest in technologies to help them and empower them to make smart security decisions themselves.”
To learn more about developing a robust, people-centric security strategy, how stateful machine learning works to protect a company’s human and technology assets, and more, don’t miss this VB Live event.