To Stop Hackers, Treat Them Like a Disease

ENLARGE

Photo: Richard Drury/Getty Images

NOT A WEEK GOES BY without a cyberattack making headlines. These, however, are the attacks that should concern us least. The real danger comes from quiet and elusive hackers who infiltrate and blend into a network. Like a secret agent behind enemy lines, these undetectable viruses can have an organization under complete and total surveillance, waiting months or even years before making an attack. When the malware becomes active, which may be for only a few seconds, it can prove fatal.

Last November, around the time of Ukraine’s local elections, a type of malware called BlackEnergy was used to hack into Ukranian media companies, rendering their operating systems unbootable. In December, BlackEnergy targeted power companies in western Ukraine with great precision, causing a blackout that affected more than 225,000 civilians. A month later, in January, BlackEnergy was also detected on the IT network of Kiev’s main airport, including air-traffic control systems.

We’re also seeing an alarming rise of ransomware, a form of extortion in which malware hacks into an operating system, encrypts critical data and demands that the organization or individual pay an exorbitant fee to obtain the decryption keys. The longer the victim hesitates to pay, the higher the cost of decryption.

Our traditional approaches to cybersecurity, including firewalls and antivirus software, are not up to the task of defending against these new types of sophisticated threats. Attackers are increasingly inventive, engineering malware to create evolving viruses that don’t look like anything we’ve seen before, rendering useless our preprogrammed security systems. The problem, in short, is that we’ve been sending a human to a machine fight.

Human operators are easily fooled by malware’s use of machine- learning techniques to blend into a network. This is where machine learning—techniques that train computers to adapt and learn from data with little or no human involvement—becomes a crucial part of the defense arsenal. Advanced—and, more important, constantly evolving—algorithms behave like an immune system for the enterprise. When the network is breached by a suspicious activity, whether from an insider or from an external threat, the system alerts the security team to that anomaly.

Recent advances in mathematics have improved this immune-system approach by adding digital antibodies that have the ability to act when they detect a serious threat. That action might involve isolating the infected machine or slowing down network activity until a human is available to assess the breach. This allows a company to neutralize fast-moving attacks like ransomware.

Nicole Eagan is the CEO of the cybersecurity company Darktrace.

Attackers are getting more sophisticated every day, and there are not enough qualified experts to meet the growing volume of attacks. Machine learning filters the great swaths of notifications that hit security teams every day, guiding the expertise of trained personnel to respond to the threats that pose real danger. There is no way to do this alone. We are going to have to rely on machines to defend us.