igor - Fotolia

Cyber security breaches reported to ICO double in a year

An increase in cyber security incidents reported to the Information Commissioner’s Office is further evidence of the need to shift to automated, artificial intelligence-led defences, says Huntsman Security

UK organisations are being overwhelmed by security breaches, with the number of incidents reported to the Information Commissioner’s Office (ICO) nearly doubling in a year.

The number of security breaches reported to the ICO rose from 1,089 in 2015 to 2,048 over a similar time period in 2016, a freedom of information (FOI) request by Huntsman Security revealed.

The increase was due mainly to people disclosing data in error, such as accidentally emailing a customer database to the wrong recipient, and breaches by malicious outsiders.

The FOI request also revealed that financial firms were most at risk of costly fines by the ICO, attracting over a third of all penalties levied, despite being accountable for only 6% of all reported breaches.

Other sectors got off more lightly, indicating that breaches in the finance industry were of a more severe nature.

Healthcare and local government organisations reported the highest volume of incidents to the ICO, with 941 and 202 recorded breaches in the past year, respectively.

But, despite a reputation for poor performance in previous years, local government showed some signs of improvement compared with many other sectors, with the number of security breaches rising by only 14%.

Overall, 70% of all incidents reported by government bodies were due to disclosure of data in error, which suggests reducing or identifying possible signs of human error or anomalous activity should be a priority, said Huntsman Security.

UK utilities firms reported just two breaches to the ICO over the past 12 months, but given the high value of these firms as targets, that is unlikely to be the full picture.

Huntsman Security warned that was likely the case across the board, and there were almost certainly many more unreported or undetected breaches.

Barrage of cyber threats overwhelm security teams

“The average organisation is subject to multiple breaches, of which only some will be detected, so the figures reported to the ICO are likely to be understated,” said Peter Woollacott, CEO of Huntsman Security.

“The root of the problem is that organisations are under such an intense barrage of cyber activity that threat alerts, many of which turn out to be benign, are overwhelming cyber security teams. There is simply too much data to analyse and verify manually,” he said.

“Organisations are under such an intense barrage of cyber activity that threat alerts are overwhelming cyber security teams”
Peter Woollacott, Huntsman Security

Genuine threats require immediate attention, said Woollacott, but frequently the investigation of benign and even false alarms wastes valuable time and resources.

Verizon’s DBIR 2016 gave a clear illustration of this problem, he said, revealing that while 84% of attacks compromise their targets in days or less, under a quarter are detected within that timeframe.

 “Quite simply, no news is bad news; if breaches aren’t being detected, it most likely just means security analysts are having difficulty finding the needles in the haystack,” said Woollacott.

“To help them see through the noise generated by security alerts, organisations must find a way to automate threat verification and eliminate the wasted effort that results from false alarms,” he said.

Detect cyber threats through artificial intelligence

Woollacott is among those in the security industry advocating greater use of machine learning technologies to identify otherwise “invisible” threats.

“Security analysts can easily identify those that really matter, and as a result, significantly reduce their time at risk from cyber threats. This in conjunction with automation and streamlining the incident management process means that organisations can put themselves, the ICO and the wider public at greater ease that our data is safe in their hands,” he said.

Huntsman Security has patented key aspects of behaviour anomaly detection to detect anomalies in real time and so provide early warning of cyber threats, data leakage, malware and fraud.

Artificial intelligence (AI) and machine learning-led cyber security technology was in the spotlight at two major industry conferences in Las Vegas in 2016, signalling a firm trend in cyber defence research.

At the Def Con hacker conference, attendees witnessed the final rounds of the eight-hour Cyber Grand Challenge (CGC) run by the US Defense Advanced Research Projects Agency (Darpa).

While at the Black Hat security conference, security firm SparkCognition unveiled what it said was the first AI-powered “cognitive” antivirus system, called DeepArmor.

According to UK information security startup Darktrace, cyber security will be mainly automated based on AI in future.

 “We believe we are the only ones at the moment focusing only on learning from the behaviours of people and systems within the business rather than on algorithms that look for known types of attacks,” Darktrace co-founder and director of technology Dave Palmer told Computer Weekly.

Read more about artificial intelligence

Read more on Hackers and cybercrime prevention