12:47, September 22 70 0

2017-09-22 12:47:06
The 60 second interview: Predicting the future is futile

Darktrace account director John Dyer talks to The Lawyer ahead of this year’s Business Leadership Summit in association with Propero Partners, which focuses on the law firm of 2025.

Predicting what the threat of the future will look like in an attempt to anticipate and pre-empt it is futile. Attackers’ motivations and approach change dynamically – we have already witnessed the evolution of cyber-crime from data theft and defacing of websites to more insidious and potentially catastrophic ‘trust attacks’ and fast-moving ransomware that can wreak havoc within minutes. The attack of the future will be supercharged by AI, and will take advantage of the growing complexity of law firms’ networks and the increasing digitisation of sensitive data.

More and more connected devices are being invented and plugged into corporate networks every day, introducing a host of unforeseen vulnerabilities. One of our customers in the legal space had their board room videoconferencing system breached unbeknownst to the security team – for at least two weeks, the audio from the board room was being livestreamed out to someone over the internet.

This kind of attack is eye-opening, but at the moment it doesn’t scale very well – having somebody listening all the time, in case strategically useful, or monetizable information gets mentioned is a daunting task and very expensive. However, with the massive progress that’s being made in translating and understanding human voice by machines, it will become much easier to extract meaningful insights from audio files. An attacker can simply program the software to listen out for a certain voice, or a client name, or a phrase like “M&A”, and start streaming or recording the conversation only when it’s of interest to the criminals.

First and foremost, we need to recognize that it is no longer possible to keep cyber-threats off your network. Already, the traditional approach of deciding what ‘bad’ looks like and attempting to stop such predefined threats at the perimeter of the network is failing. While border defenses are good cyber hygiene and offer protection against known attacks, the reality is that novel, stealthy attacks will get through the border and into the network. Law firms need to arm themselves up with the tools needed to remediate in-progress attacks as soon as they emerge on the network, and well before they have caused any damage. The latest class of AI technology can not only detect nascent attacks, but also generate an autonomous response in real time, halting attacks in their tracks.

Secondly, knowing what devices are on your network is very important. You might be surprised to learn that in our experience, security teams often underestimate the number of devices connected to their network by as much as 25%! This can be down to BYOD (bring your own device) policies, as well as the proliferation of ‘Internet of Things’ (IoT) devices – whose responsibility is the security of the internet-connected air conditioning unit in the new office? And does your office manager consult your security team before buying and plugging in a new connected coffee machine?

Finally, and perhaps most importantly, cyber security needs to become a boardroom issue for law firms. The key to engaging with the C-suite is to talk about the business, not about technology. Understanding what worries the Board most should drive the security strategy. Security risk can never be reduced to zero, and it is vital that the Board and security team agree what is most important so that sensible plans and trade-offs of time and resources can be made.

AI and machine learning are going to be essential to defend law firms against rapidly evolving cyber-threats. In an age of limitless data and complex networks, there is simply too much happening, too quickly, for traditional security methods to be able to deal with.

To catch advanced threats, it is often necessary to look across a number of slight, subtle changes in order to establish a pattern of abnormality. Humans can be very effective in performing this nuanced task, however they do not have 24/7 attention spans, and get bored. This is why we need machine learning and artificial intelligence.

Cutting-edge AI technologies can mimic the human immune system to defend sensitive client data and intellectual property from cyber-attacks. By learning what ‘normal’ looks like, our immune systems can distinguish ‘us’ from ‘not us’ to quickly identify and respond to potential threats. In the same way, ‘immune system’ cyber defense technologies create an evolving understanding of what is ‘normal’ for a network, and intelligently detect emerging threats that other security tools miss. The system can also automatically fight back against cyber-threats, catching and stopping attacks before they become a crisis, and buying back precious time for the security team, in this fast-moving battle.

I’d work from Barbados!