The two pandemic-driven years gave rise to more viruses than one. While COVID-19 impacted life in the real world, cyber attacks became increasingly common in the digital one.
Businesses were forced to move online, with surveys suggesting that digitisation was sped up by several years across different industries. Remote working became the new norm, and it continues to hold its ground today. E-commerce sales increased by over 40 per cent, and social media usage reached higher levels than ever before.
From personal data and credit card details to emerging technologies such as crypto wallets, cyber criminals found a wealth of new information to target and exploit. Research suggests that 81 per cent of global organisations have experienced increased cyber threats since the pandemic.
Beyond the volume, the nature of these threats has also been growing increasingly sophisticated. Phishing emails have evolved well beyond the infamous ‘Nigerian Prince’ scam and taken on forms which are incredibly tough to detect. Especially in fast-paced industries — where employees transact dozens of emails a day — malicious threats can often go by unnoticed.
Artificial Intelligence (AI) and cybersecurity
The need for AI-based solutions in cybersecurity has become more apparent than ever. Large organisations can receive multiple threats a day, any one of which could result in a significant data breach.
For quite a while, AI was something which organisations — typically those with lower budgets — thought of as nice-to-have, but I think it’s fair to say that we’re now at a tipping point where it’s really regarded as a must-have.– Tony Jarvis, Director of Enterprise Security, Darktrace
Today, cybersecurity requires sifting through an immense amount of data, at a pace which is unfeasible for humans alone.
“You can’t compare a computer to a human in terms of speed,” says Jarvis. “If you’re up against [AI-based attacks], you need to be able to respond intelligently and super quickly.”
“The problem with detecting things too slow is that the attacks keep getting bigger and bigger. You really need that machine-speed to be able to get in, identify something is unusual, clamp it down, and make sure it doesn’t get any worse. Then, the analysts can come in and do what they’re really good at – getting it under control,” he adds.
McLaren Racing was one of the companies which enlisted Darktrace’s services during the pandemic. Being a part of Formula 1, the company not only operates in a fast-paced environment, but a highly publicised one — in other words, a high-profile target for cybercriminals.
“On a race weekend, email traffic goes up by about 17 per cent,” explains Ed Green, McLaren Racing’s Head of Commercial Technology. “We get a lot chattier — with communications, driver planning — so [malicious emails] can easily get somebody. That’s just not really worth thinking about for us.”
With its AI-based solutions, Darktrace allows the team to keep their focus on their operations and the race ahead.
How AI-based cybersecurity works
Pattern recognition is a key part of AI-based cybersecurity solutions. Darktrace doesn’t remove the need for human analysts altogether, however, it sifts through the noise and helps them identify and deal with the real threats.
Using a self-learning AI system, Darktrace is able to analyse data and understand what ‘normal behaviour’ looks like for a particular organisation. Using this information, it can spot anomalies and threats.
“We try to understand every individual organisation and what their environment looks like. We refer to it as a pattern of life – what’s the pattern of life for this user, this machine, or this organisation as a whole,” explains Jarvis.
Instead of looking at specific files or websites, Darktrace focuses on anomalous behaviours and investigates these further. “Not all unusual behaviour is going to be [a threat] but pretty much anything malicious starts out looking quite unusual when it’s getting its foothold in an environment.”
For McLaren, this AI-based solution became critically important in recent years. “We went from having one office to 4,000 offices,” Green explains, referring to the entire company working from home during the pandemic.
Even though some portion of the business was furloughed, the number of cyber attacks remained consistent. The impact of these attacks was even more noticeable now that they were targeting a smaller group of people.
“Prior to [working with Darktrace], our cybersecurity engineers were sat there putting up the guard rails and raising the flag when something went wrong,” explains Green. “It felt very reactionary.”
Using AI has been a game changer because it allows McLaren to respond to threats almost in real time. “It’s very preventive instead of defensive,” Green says. This also saves the company from having to continuously expand its cybersecurity team.
For example, while racing at the Singapore Grand Prix this year, McLaren didn’t have their cybersecurity engineers fly out to the event. “[Without Darktrace], we’d have to grow our team exponentially to deal with the landscape of threats.”
Is human input still needed in cybersecurity?
At first look, this seems to be another case of machines taking over human jobs. However, in reality, cybersecurity remains a collaborative effort. AI simply helps take over the more mechanical aspects of the job.
As Ed Green explains, Darktrace’s involvement has made cybersecurity roles at McLaren more interesting. Prior to that, the engineers were “working at a fun company, but it wasn’t a fun job”.
“[They’d be sitting there] and scrolling through logs all day long. That’s not adding value, it’s not exciting. Darktrace helps the cybersecurity engineers because they can now use their time a bit differently and service proper attacks and interesting breaches. They get to work on more strategic use cases.”
Jarvis agrees that the purpose of Darktrace was never to replace the analysts. “Our job isn’t to put them out of a role. What we try to do — because they’re doing so much day-to-day — is make sure that where they focus their time and effort is really valuable.”
In 2022 alone, Darktrace has helped McLaren identify over 70 incredibly malicious emails, which could’ve led to serious breaches for the company. As cyber threats evolve, cybersecurity must follow suit.
“It’s a cat-and-mouse game,” Jarvis concludes. “We are constantly advancing day-by-day, and so are the attackers.”
Featured Image Credit: Darktrace / McLaren Racing