I was recently invited to a Roundtable Media Event held by Darktrace to unpack the new era of cyber security threats. Held on Thursday 16th June, it was led by Tony Jarvis, Director of Enterprise Security and Dave Palmer, Chief Product Officer.
The following is a synopsis of the event and a deeper dive into what was covered.
Most Significant Security Threats in Australia Today
- Ransomware
- Lower barriers to entry for cyber crime
- Technology supply chain attacks
- Account takeovers
- Out of hours attacks
Insights About Ransomware
Given that the ACSC reported staggering $33 Billion losses to ransomware for Australian businesses, it’s unfortunate that 88% of Australian businesses are assentive to paying the ransom. The knock-on effect being that ransomware units are more actively targeting Australian businesses given the higher than average rate of success – a full 20% higher than in the USA. This highlights the necessity to focus more on the risk assessment of ransomware, as well as the need for its early detection to be held in primacy.
Key Insights on APTs (Advanced Persistent Threats)
- A quarter of the domestic incidents Darktrace identifies are against Australian critical infrastructure
- The Australian Federal Budget is putting money into cyber security at a country level, with a boost in further cyber security capabilities of AUD$10B
Key Insights on The Australian Healthcare Industry
- Cyber attacks doubled in 2021 compared with 2020
- Financial services attacks decreased by 35%, largely in favour of targeting healthcare
Darktrace’s AI-Led Capability
There was a decisive study which illuminated that many vendors claiming their technology used “AI” were not telling the truth, whether unintentionally or through marketing overreach. Through a diligent audit, reality didn’t bare this out for nearly half of those surveyed.
I’m always sceptical when vendors claim this, so I wanted to ask the hard question; how does Darktrace’s AI work? The response “Darktrace leverages mathematical researchers for our AI capability”. Expounding, it was stated that the Darktrace Cyber AI Research Centre, based in Cambridge, UK, focuses on how adversaries and defenders may employ artificial intelligence to combat the ever-increasing threat of cyber-attacks. The Darktrace Cyber AI Research Centre, with its suite of PhD-level mathematicians, scientists, and AI professionals, has made significant gains in increasing our understanding of the security landscape. Their recent whitepaper specifies the root of their AI capabilities, with their 100+ patents (protected or pending) covering AI and Machine Learning, helping power our collective insights into attack paths models.
Self-Learning AI
Other products on the market leverage a human to make assumptions “yes, you got that right” or “no, you got that wrong” and it becomes more refined over time with the human element – Darktrace doesn’t need to do that. Their real-time AI capability learns entirely independently – humans are not influencing it – which is different from other technologies.
Their Director of Enterprise Security, Tony Jarvis, stated;
“Not all unusual traffic is malicious, but all malicious traffic will be unusual or abnormal.”
This is what Darktrace is looking for: the “unusual” traffic. The traffic that falls outside of that regular pattern.
False/Positives
Darktrace doesn’t look at one anomalous behaviour and then assign it as “bad” and subsequently raise an alert. Instead, their AI will identify and assess a parcel of abnormal traffic patterns and then make the alert, therefore reducing the ‘trigger finger effect’ and thereby the volume of false-positives. Darktrace then hones in on that group of unusual activity which provides accurate determination that this definitely doesn’t belong, which can be further investigated in greater fidelity.
Key Takeaways
- Ransomware is still on the rise, with 88% of companies still paying the ransom in Australia
- ACSC reported a staggering $33 Billion losses to ransomware
- A quarter of the incidents Darktrace sees is against Australian critical infrastructure
- Darktrace leverages mathematical researchers for their AI capability
- Their capability learns on its own, humans are not guiding it – which is different from other technologies
————–
Who is Darktrace?
Darktrace is an AI company, and they were first to apply artificial intelligence to cyber security. Their AI machines have a sense of “self” which allows them to understand if a cyber attack is occuring, and then can allow them to interrupt in real time. This is what Darktrace calls “Self Learning AI”. Darktrace is currently plugged into 6,800 organisations worldwide.
Tony Jarvis | Director of Enterprise Security, Asia Pacific and Japan
Tony Jarvis is Director of Enterprise Security, Asia Pacific and Japan, at Darktrace. Tony is a seasoned cyber security strategist who has advised Fortune 500 companies around the world on best practice for managing cyber risk. He has counselled governments, major banks and multinational companies, and his comments on cyber security and the rising threat to critical national infrastructure have been reported in local and international media including CNBC, Channel News Asia and The Straits Times. Before joining Darktrace, Tony previously served as CTO at Check Point and held senior advisory positions at FireEye, Standard Chartered Bank and Telstra. Tony holds a BA in Information Systems from the University of Melbourne.
Dave Palmer | Chief Product Officer
Dave is the Chief Product Officer at Darktrace, overseeing the mathematics and engineering teams and project strategies. With over 13 years’ experience at the forefront of government intelligence operations, Dave has worked across UK intelligence agencies GCHQ and MI5, where he was responsible for delivering mission- critical infrastructure services, including replacing and securing entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. He acts as an advisor to cyber security start-ups and growth-stage companies from the UK Government’s Cyber Security Accelerator and CyLon. His insights on AI and the future of cyber security are also regularly featured in the UK media. He holds a first-class degree in Computer Science and Software Engineering from the University of Birmingham.
