After being hit by a ransomware attack in 2016, Singapore baking goods supplier Phoon Huat decided to delay the launch of its e-commerce service. Although it did not incur financial losses, it was a wake-up call to beef up its cyber defences.
Short of IT expertise, it turned to Darktrace, a fast-growing cyber security company that uses machine learning and probabilistic mathematics to detect and respond to cyber threats in real time.
Like many of its peers, Darktrace has benefited from mounting cyber threats, with its revenues increasing by over 500% year-on-year in the Asia-Pacific (APAC) region. In an interview with Computer Weekly, Sanjay Aurora, APAC managing director at Darktrace, gives his take on the recent ransomware attacks, the role of IT security specialists as machines get smarter and the company’s strategy for the region.
Darktrace has been growing in the triple-digit range in the APAC region. What do you think the company got right in the region?
Whether it’s a small company, telco, bank or airline, companies have always been aware of cyber security issues. While they have built walls, signatures and rules, they have no idea of what’s going on in their networks. Our success has not been our ability to protect them against particular threats, but in giving them unprecedented visibility into their networks within hours, enabling them to detect a spectrum of threats from ransomware and insider threats to sophisticated threats like cameras and biometric devices being hijacked. No other tool, technology or approach has been able to do that and that’s the reason why we’re growing so rapidly across the world, including the Asia-Pacific region.
Let’s talk about the unprecedented WannaCry ransomware attack. Could such an attack be averted with Darktrace’s technology, even if organisations did not apply the Windows patch?
Ransomware attacks happen all the time. If you look at the threat landscape today, it’s been dominated by known threats that call for rules and signatures to be applied. Anyone wearing a red shirt is bad, so you should stop him at the gate. There will be some zero-day attacks, but where we’re heading is towards “unknown unknowns”, where artificial intelligence (AI) is being used by attackers in a cyber arms race. How do you protect yourself then? In such cases, the traditional approach to cyber security completely fails. With our machine learning capabilities, we’ve not only protected organisations such as an NHS agency against ransomware threats like WannaCry, we can also respond to threats through Darktrace Antigena, which can react autonomously against in-progress cyber threats. In fact, a law firm in Australia told us that our system had saved them from a zero-day ransomware attack.
Notwithstanding the loud, brazen attacks like WannaCry, the bigger threats are actually stealthy, silent attacks that use sophisticated techniques like subtly changing a couple of rows in a database once a month so you can’t tell what’s real or fake. Likewise for the internet of things (IoT) and industrial control systems like power plants and train systems, attackers can just listen in and do damage when they want to. That’s where machine learning can come in to detect these kinds of threats.
Darktrace is going into the security of industrial control systems with its Siemens partnership. This is a nascent space, since operational technology (OT) specialists are only beginning to come to terms with the security implications of industrial IoT. Do you think more threat actors will start to exploit this while OT operators are learning how to secure their systems?
OT is typically run as air-gapped systems where nothing comes in or goes out. But thinking that such systems are secure is a myth, because if you look at the way air-gapped systems are updated and the fact that their operating systems are so old, there are ways to get into those machines. What we are recommending is for organisations to get an overall view of their IT and OT networks with Darktrace, so they can differentiate what’s truly air-gapped, whether there are compromises happening and what’s normal and abnormal behaviour in their networks and be able to defend against attacks.
Read more about cyber security in APAC
- The computer networks of two universities in Singapore were breached in April 2017 by hackers looking to steal information related to government or research.
- Threat intelligence feeds provide valuable information to help identify incidents quickly, but only if they are part of an intelligence-driven security programme.
- WannaCry’s spread in Asia-Pacific accounted for just 10% of detections worldwide, indicating the ransomware’s limited reach in the region.
- Singapore and Australia will conduct joint cyber security exercises, among a raft of measures to secure critical infrastructure and bolster cyber security know-how.
With AI and machine learning advancing quickly, there’s a risk that people would leave machines to do the job of securing their systems. Do you agree? What’s the role of IT security specialists as machines get smarter over time?
You will need machines to defend against cyber attacks. Human beings will not be able to detect and defend against attacks at the rate that we’re seeing today. Machines will get smarter in understanding the network and take actions against threats, just like the human body does.
“Human beings will not be able to detect and defend against attacks at the rate that we’re seeing today”
Sanjay Aurora, Darktrace
That means security teams will no longer be fire fighters like a traditional security team would – and always reactive and a step behind. One of our customers in Australia has formed a team of discovers who use intelligence to discover what’s happening in their networks, so they can improve their security posture and stay a step ahead of attackers instead of fire-fighting. Human intelligence will still be needed to find threats that are still in the nascent stages.
The failure of British Airways’ IT systems caused major delays across the UK and Europe. While cyber attacks were ruled out, the implications of global systems going offline due to cyber criminal activity can bring economies to a standstill. What do you think should be done to secure these so-called supranational information infrastructures?
These issues are top of the agendas of governments, politicians and board members, so new pacts and treaties are being signed, which is a positive sign. To global organisations like the International Baccalaureate, it’s hard to have a centralised security team who knows what’s happening everywhere. They will still need the same visibility and defence mechanisms beyond perimeter defences. Visibility is still fundamental to secure cross-border systems.
Threat intelligence feeds typically provide data on known threats such IOCs (indicators of compromise). Do you think such feeds still have a role to play in helping organisations understand and identify threats in their networks, given that unknown threats are likely to pose a bigger problem?
The relevance of threat intelligence feeds will not go away – it’s still useful to know what’s bad but to rely solely on those feeds will not work. We can do research and know a lot of stuff through threat intelligence, but to think that we are safe because we have patched our systems after detecting the past nine threats is a fool’s paradise.
What’s the next area of growth for Darktrace in the APAC region?
In terms of geography, we’re already present across the region from Japan and India to New Zealand through direct offices and partnerships. The next area of growth will be Antigena, which we are looking to deploy for existing customers in addition to the organic growth that we’re seeing. As for talent, we continue to depend on the brightest graduates from top universities such as the National University of Singapore and Columbia University, who have been trained by the right people and are doing an amazing job, whether they are in our sales, pre-sales, marketing or analyst teams. This has allowed us to scale and learn much better.