A download of a zipped file from a supposedly trusted e-mail source resulted in local firm Phoon Huat’s picture files being held ransom. Pay up or these files will be locked up forever, said a ransom note that popped up on a laptop screen.
Phoon Huat, a baking accessories firm in Singapore, did not pay the ransom. Its IT manager Erick Chng deleted the file and removed the laptop from the network. Backup tapes restored the information.
Ransomware, as a form of cyber attack, is on the rise. According to Symantec’s Internet Security Report 2016, ransomware incidents rose by more than 50 per cent in 2015.
Cyber attacks whether it is for corporate espionage, stealing personal information or destroying networks and systems, are on the rise. The result: rising spending on cyber security.
Research firm International Data Corporation (IDC) predicts that by 2020, organisations are expected to spend US$101.6 billion on cyber security software, services, and hardware. This is a 38 per cent hike from the US$73.7 billion in 2016.
The challenge for organisations is that they can’t keep up with new malware which is being developed faster than cyber defence antidotes.
One security company, Darktrace, has come up with a fresh approach. The British company founded in 2013, built a cyber defence technology that flags strange digital activities on the IT network by monitoring what workers normally do to spot the ordinary behaviour.
After its machine learning algorithm learns the normal traffic patterns, it highlights the irregularities. A daily report on a customer’s online dashboard offers insights into in-progress and novel attacks, some of which are undetectable by traditional methods such as rule-based solutions.
The report also categorises the irregularities from low to high risk so that corporate IT security can attend to them in order of priority.
Phoon Huat was a customer of Darktrace. So was Singapore marine lighting company BH Global.
It rolled out Darktrace’s software last year after it spotted suspicious activity in its IT networks. Chief information officer Ken Soh noticed the company’s firewall had been blocking malicious “beacon messages” or “call-back messages” successfully.
Something was wrong. It was a wake-up call for deeper visibility of the activities within its corporate network. After the company introduced Darktrace technology last year, his IT executives were able to have visibility on anomalies within the network.
Said Soh: “Darktrace provides a convenient platform where network traffic anomalies are visually abstracted. We could then zoom in and address the ones highlighted as the highest risk category.”
Quick discoveries of vulnerabilities are crucial because damage can be contained much faster.
Hareesh Ramasubramanian, IT security manager of educational organisation IBO said that on average, if an organisation’s IT department had the capability to address an intrusion by itself, the detection process typically takes 32 days and the containment process then takes one day.
But if the organisation works with or has to rely on third parties, such as regulatory bodies, law enforcement, vendors, and in certain cases, even consumers, as in IBO’s case, it will take about 108 days to detect an intrusion and two weeks to fix or contain the impact, he added.
Since IBO implemented Darktrace in December 2016, it has received 14 threat intelligence reports. About 94 per cent of the incidents reported, revealed a risk to its information assets.
“We’re able to stop undesirable or malicious activities like unauthorised data transfer, unintentional download of malware, and unauthorised use of software or hardware on our network,” said Ramasubramanian.
Darktrace Asia-Pacific managing director Sanjay Aurora said there is also a deluge of information as a result of data collected by Internet of Things (IoT) devices like closed circuit TV cameras and sensors.
“It is not possible for human security teams to manage the explosive increase in data stored digitally and carried on IT networks. The attack surface has also increased with IoT as the devices have become new points of entry into the network for malware and other new forms of cyber attacks.”
Darktrace’s Enterprise Immune System technology uses artificial intelligence and machine learning to gather security intelligence against a known set of rules.
That is, it looks and learns what is normal and abnormal network behaviour. The company’s technology system is based on mathematical research carried out at Cambridge University in Britain.
Its customers are found in 60 countries and include Phoon Huat, BH Global, IBO, Rakuten Securities, Birmingham International Airport, M1 and the United World College of Southeast Asia.
Grace Chng is a veteran tech writer
