How Machine Learning Will Influence Cyber Security in 2018

It’s no secret that cyber security is a growing industry. The global market value increased by over 10% in 2017, and is projected to be worth $232 billion (approx. £165 billion) by 2022. There are significant changes in the industry that are driving the growth. Notably, biometrics and fingerprint ID, cloud-based apps (think Software as a Service) and mobile applications have promoted this new focus on cyber security, primarily on an individual level.


This focus on the individual does not detract from the major task at hand, that is, protecting businesses from malicious breaches. Instead it serves as a reminder that personalised security measures only add to the complexity of protecting sensitive data.


The primary role of cyber security remains to be ensuring data remains only in the hands of those with permission and authority. In 2018, there is a growing focus on machine learning as a method of providing advanced levels of protection. Harnessing computing power and automatic processing can give businesses a significant advantage over human-only cyber security measures. We will discuss the role that machine learning has to play in the arena of cyber security.


Common flaws in data breach detection


Many businesses fall into the trap of thinking that good anti-virus software is all that’s needed to make a digital environment secure. Others believe that multiple layers of protection coupled with sensitive alarm programs are a better way to go. Unfortunately, both strategies have their weaknesses. In particular, businesses that focus on alarm systems and additional software solutions end up ignoring most of the alarm indications, because they are triggered without cause in the majority of cases. True attacks may end up being ignored thanks to the overwhelming number of alerts that are false. In either case, a singular focus on one method of protection will necessarily leave gaps to be exploited.


Can machine learning change cyber security protocols for businesses?


Yes. Machine learning can be applied very strategically and effectively to cyber security efforts. In essence, machine learning algorithms are programmed to progressively get better at a task over time. As the algorithm is exposed to more cases and situations, more data is considered and accounted for. As it ‘learns’ it becomes far more effective at its prescribed task. In addition to ‘on the ground’ learning, machine learning algorithms can also rely on established data sets to learn from. There are millions of examples of both harmful and benign executive files, and countless examples of spam emails. When the algorithm has a large pool of experience to draw from, the amount of false negative and positive alarms is significantly reduced.


When it comes to cyber security, machine learning processes focus on understanding what actions and behaviours are considered ‘normal’ within individual workstations and the network overall. It can do this by watching and recording every action taken on every workstation, for example. Over time, the program can begin to differentiate between normal and expected anomalies (such as a spike in network traffic or downloads from a foreign IP address while travelling for work), and unexpected anomalies, which have a far greater chance of being malicious incursions. In addition to these data-driven analyses, machine learning algorithms also need to master the art of context. Algorithms need to be taught the difference between authorised and unauthorised access to files or servers. Context would take into account information like who operates the machine, where the machine is located and the roles the machine is likely to be commanded to carry out. When actions are taken that are out of this context, the machine learning should send an alarm to the human team to investigate. As context is much harder to learn as there is little in the way of established data sets, this can take additional time.


This is in contrast to typical security measures, which are more likely to watch for specific indicators or markers being triggered in the system as a sign of an attack in progress. A situation like the foreign IP address above may set off an alarm 100% of the time when using traditional cyber security protocol.


How will machine learning change a response to an identified threat?


Machine learning styles of monitoring are constantly processing every single change that occurs within a defined ecosystem. It is possible that a program like this will identify a dangerous anomaly very quickly and alert human teams to take action. From a behavioural standpoint, cyber security teams may be more likely to act promptly when alerted by machine learning processes, simply because they are far more likely to be genuine threats. Machine learning may also be able to produce specific data sets that can point response teams to the exact location and method of the breach.


Are there other benefits to using machine learning style surveillance?


Yes. Traditionally, stationary workstations were well protected against hackers. Office-based networks are likely to be shored up with plenty of defences. In contrast, staff who work from home or take portable devices like laptops and tablets can be relatively unprotected. Because the mobile devices are enabled to access business networks, they create a level of vulnerability that traditional protective behaviours do not take into account. Inserting machine learning code into portable devices and home-based tech may help close a door that hackers have been exploiting unchecked.


As 2018 continues, the role of machine learning in cyber security will become clearer. There is a great deal of scope for this technology to aid businesses. As hackers advance, the likelihood of an anomalous attack increases. It is foolish to assume that traditional methods of protection are enough.


About EC-MSP, your IT support partner

EC-MSP are one of the most trusted IT support providers in London. If you would like more help advice and support with inserting machine learning into your data security protocol, or any other IT support issues, contact us today to see how we can help.