Data has been dubbed ‘the new oil’ and recent years have seen businesses across the world scrambling to exploit the enormous volume of customer and business information which is in their possession and ripe for analysis.
The insights this data can yield aren’t only useful for sales and marketing departments looking to boost their bottom lines by cosying up to customers, or to operations teams keen to cut costs and increase efficiencies.
Data has also become the new, not-so-secret weapon in the ongoing war being waged against hackers and cyber-criminals, here in Australia and around the globe.
It’s what powers the machine learning software that’s designed to pull these illicit operators up short; faster than the most switched-on team of cyber-security professionals could ever hope to do.
Getting machines on the team
Machine learning refers to the process by which computers take data and ‘learn from it’ without being explicitly programmed to do so. The more of it the better, given the ultimate goal is to optimise the way the machine performs the specific task in question.
Analysing bulk data about an organisation’s users, devices, systems and workflow patterns allows machine learning-driven cyber-security programs to construct models against which potentially abnormal activity can be gauged and, if necessary, dealt with.
Historical activity logs can be less than optimum for this purpose, particularly if they’re from enterprises with evolving environments which may have, for example, recently rolled out an Internet of Things (IoT) installation, or other new mobile devices and endpoints.
What’s needed to power a highly effective machine learning-driven security model is not batch analytics-based hindsight but a rich flow of high quality, real time data. This continual stream of information ‘teaches’ the software about what’s happening on the network in the here and now. Armed with this insight, the software can do a better job of identifying unauthorised and potentially sinister activity before damage is done.
Spotting the anomalies
How might this play out? Consider the example of the purported network admin, logging in from a print server outside standard working hours, who immediately attempts to search for open share documents across the network. Not unauthorised but certainly unusual – and that’s where the power of machine learning can come to the fore. Extensive analysis of user and workflow patterns is likely to allow the software to flag the fact that the time, location and pattern of activity all fall outside the normal parameters.
Resisting the rising tide of threats
Utilising every cyber-security tool and technology at their disposal has never been more important for Australian enterprises. Hackers and cyber-criminals continue to hone their craft; finding new ways to breach barriers and wreak organisational and economic havoc for the unlucky and ill-prepared.
Recent months have seen plenty of well-publicised instances of this occurring, most recently in February when the Australian Parliament suffered a sophisticated cyber breach which may have exposed government computer systems to state sponsored foreign hackers.
It’s an experience broadly familiar to all too many local organisations – according to PwC’s 2018 Global Economic Crime and Fraud Survey: Australian Report, almost 50 per cent of Australian businesses experienced a cyber-attack between 2017 and 2018.
Survey respondents listed cyber-crime as the most disruptive economic crime of the day and the most significant threat to growth.
The global digital revolution has highlighted the value of data and a gamut of companies of all stripes are finding out firsthand the truth in the assertion that, in the twenty-first century, it is indeed the ‘new oil’. When it comes to cyber-security, the new oil is also the good oil.
Machine learning-driven software which exploits the power of network activity data to create a dynamic defence that’s sophisticated, responsive and individualised will become a key protection pillar for enterprises which value the security and integrity of their data. At a time of rising risk, that should be all of them.