Threat Hunting With Cybersecurity
Cyber crime is fluid, adaptive, and opportunistic… Your security protocols should be too
D/SRUPTION interviews Max Heinemeyer, Director of Threat Hunting at Darktrace
Back in 2016, a string of high profile cybersecurity attacks propelled the protection of digital data to the top of the boardroom agenda. From large corporations to small businesses, cybersecurity breaches have become a harsh reality. Big companies that harness and store masses of data would appear to be the most obvious targets, but it’s smaller firms that have provided cyber criminals with easy pickings. In fact, Juniper Research has found that half of all small businesses in the UK alone have fallen prey to hackers.
The situation, it seems, is that SMEs feel they are less at risk of attack – and consequently fail to set up appropriate security protocols. But this year, under the EU’s GDPR initiative, attitudes towards cybersecurity have been forced to change. Now, organisations have to step up their digital security or face hefty fines. Unfortunately, this is not as straightforward as it sounds.
Getting serious about security
Darktrace, the world leader in Cyber AI, autonomously detects and defends against corporate cyber threats. Max Heinemeyer, Director of Threat Hunting at Darktrace, explains that cybersecurity has become a paramount concern for all organisations. However, there is still a distinct inertia when it comes to implementing stellar security. Are businesses taking cybersecurity seriously enough?
“It depends,” considers Heinemeyer, who heads up a team of 30 threat hunters at Darktrace. “I would say more than last year, but there are still businesses who don’t take it as seriously as they should. It’s a very powerful tool that is being used and abused.”
That said, he believes that businesses are gradually realising the extent of the risk and putting strategies in place to reduce their chance of being targeted.
Choosing a cyber solution
As hackers constantly adapt their techniques, basing cybersecurity initiatives on what has happened before is not guaranteed to discourage cyber crime. Despite this, there are certain trends that businesses can use to inform their security protocols. One, explains Heinemeyer, is that if a target becomes too difficult to infiltrate, the attacker will look for weaker links in the target’s network. This can include the individuals associated with the company, its email systems, or its suppliers.
“Something we are seeing a lot at the moment are supply chain attacks. For example, a company might have interns that aren’t as clued up about cybersecurity, or maybe they work with trusted partners who can be targeted instead. Such supply chain attacks are becoming more prevalent.”
Another trend has followed the rise – and fall – of cryptocurrencies.
“Attackers are shifting their focus from classic banking trojans to installing cryptocurrency miners on people’s computers. Instead of stealing banking details, the malware transforms computer electricity into cryptocurrency. Now that the price of cryptocurrencies has fallen, we’ve seen a shift back again to banking trojans.”
Changes in markets can offer clues as to how hackers might choose to levy their attacks. In future, we can expect to see the use of narrow AI in cyber breaches. But where should a business start when building fluid, responsive cybersecurity protocols? In Heinemeyer’s view, the most important starting point is awareness.
“It comes down to awareness, and having people in the company that understand the threat. Following the ostrich approach and burying your head in the sand is not going to help anybody. It’s so easy to conduct cyber crime these days, so the one big thing to do is have someone who can drive cybersecurity initiatives, assess the current state of security, collaborate with experts, and follow government guidance.”
This, he says, is vital – no matter the industry. Additionally, there are a number of key considerations that all businesses should make.
“There are always a few basics that companies should follow, like making sure they have good cyber hygiene, educating their employees and partners about basic cybersecurity practices, and choosing strong passwords. There’s a lot of good guidance out there.”
This guidance can come from official organisations like the National Cyber Security Centre (NCSC), or from cybersecurity vendors like Darktrace. Instead of simply providing software, Darktrace acts as an advisor to its clients, working closely with customers.
An ongoing battle
The adaptability of hackers and inertia in businesses has made the cybersecurity landscape tricky enough, but another challenge comes from a lack of talent.
“There is a cyber skills gap,” says Heinemeyer. “There are not enough cybersecurity experts out there to meet the demand that is growing. Companies are building their own internal security centres and they are training their own analysts and threat hunters. But still, the problem scales too much and – as humans – we struggle to scale with it.”
Instead of relying on humans, Darktrace has chosen to shift responsibility and power to machines. The company uses comprehensive 2D and 3D visualisation to train its junior analysts, which means that it can hire people who don’t have a background in cybersecurity. The platform allows them to build up their skills quickly, leaving the hard work to automation.
An ongoing problem is misunderstanding. While businesses of any size can find themselves at the mercy of cyber criminals, the mentality of ‘why us?’ persists. Are official organisations doing enough to help businesses (and society) understand cybersecurity?
“I think the UK government, like most Western governments, does its very best to educate the public and offer guidance and help,” says Heinemeyer. “I think the NCSC are really good at what they do. They have some really good material out there for small to medium companies like cheat sheets and PDFs. The UK is doing everything it can and is investing in doing even better.”
In the east, Heinemeyer identifies Singapore as a leader in cybersecurity initiatives. Last year, the Singaporean government introduced a bill allowing anyone serving in the Singaporean army to receive cybersecurity training and certification. It was also recently announced that the US National Counterintelligence and Security Center will distribute informative materials to privately held companies to promote increased awareness of cybersecurity.
So, there is a light at the end of the tunnel. More people have recognised the threat of cyber attack, and understand that cyber crime can happen to any organisation or individual.
“If I told my family four or five years ago that I was working in cybersecurity they wouldn’t have understood what I was talking about,” says Heinemeyer. “But these days, even my grandparents know what that means, because of the media attention it has received.”
Cyber breaches go hand in hand with the digital world. Governing bodies and the technological community will have to provide more attention, more publicity, and more information about avoiding attacks and what to do when one occurs. Heinemeyer’s threat hunters are locked in a difficult dance with cyber criminals – but by tapping into AI and automated, visual platforms, cybersecurity vendors can out-manoeuvre their opportunistic opponents.
For more interviews and insights from D/SRUPTION, sign up to our free newsletter.