What if you could predict the likelihood of a hacker breaching your organisation? And what if you could predict how this breach would impact your organisation? Would it make a difference if you knew a disruption to IT was caused by a third party vendor or if an outage would affect the IT of the company itself?
AI in cyber security can help predict when a breach will occur and a range of predicted loss costs and what makes up those costs.
This foretold knowledge is incredibly useful because it gives decision-makers “something to get their teeth into and compare cyber in a like-for-like way with other business risks,” explains Jonathan Pope, CEO and co-founder at Corax — the cyber risk modelling and prediction platform.
Tech Nation’s cyber security cohort: Corax company profile
Turning (non-technical) heads
Traditionally, one of the main problems with cyber security surrounds understanding, or a lack of. Those with non-technical backgrounds towards the top end of an organisation — typically, the CEO, CFO and the board of the business — have trouble comprehending the “technical security stuff ” and they need something that helps them understand it.
The emerging role of the CISO has gone some way to solve this. These individuals communicate the reality of an organisation’s security situation in a digestible manner to the key stakeholders.
But, what if the process could be automated?
The main challenges facing the cyber security industry
AI in cyber security: predict and quantify
AI can provide faster and more accurate benchmarking predictions and expected loss costs of cyber events to an individual and groups within companies — in plain English. The technology is a key part of this quantification process.
For an AI solution to accurately predict and quantify the likelihood of a breach and how it will impact a business, it will have to understand what a company looks like it before it can start its calculations.
“We need to know what it does, how big it is (in terms of revenue and staff), what the type of data is it might hold and what technology and third parties it uses,” continues Pope.
In terms of understanding how big it is, what type of data it holds and how it could be stolen or compromised, this information could be found through public sources. This is often readily available for larger publicly-traded companies, but for smaller private companies, it’s a challenge.
“You have to estimate these details,” says Pope. “And AI is used for that estimation process.”
ML and AI in cyber security: real opportunities overshadowed by hype
The random forest model
As mentioned, AI can be used predict the probability of a hack or a breach — it does this with what Pope calls a random forest model. The ‘random forest’ is made up of lots of decision-trees and each decision-tree has a branch — and the questions that are asked by the model at each of the junctions in that decision tree are based on the characteristics of companies that have had a breach previously.
“One of the things we use as a data feed is on previous, historical breaches of companies,” he explains.
As a hypothetical, Pope refers to a French manufacturing company of 50 people: “how similar is it to other companies that we know have been breached and what are the characteristics of those? For example, do we see a matching of vulnerabilities on a specific regularity or is this type of technology exposed to the Internet? If there is a link then we know that there is a correlation between that and the chance of being hacked.
“Those are the sorts of questions that get asked within the decision trees in that random forest model — it’s important for predicting what are the chances of an organisation experiencing a hack over the next 12 months.”
AI prediction in action
When the Marriott announced its data breach last November, we pulled up what our report on Marriott Hotels was for the 24 hours previously. And it said there was an 78% chance of them experiencing a breach in the next 12 months.
We saw in our prediction of the expected loss costs something between $330 million and $600 million. This is a pretty large range, but we can’t yet test the accuracy of that until Marriott actually reports the losses. That takes a little bit more time to come out.
— Pope.
IT disruption from a third party
AI can also predict the probability than an IT disruption will be caused by a third party, using a “probabilistic graphical model,” which is similar to Google’s PageRank algorithm.
When you think that Google ranks websites based on the number of other websites that it’s connected to, an AI-enabled model can do the same, except it ranks companies based on the number of other companies they are connected to over the internet.
This helps create a map of an organisation’s interconnected ecosystem; where the AI can identify which company is at the top and which companies are further along in the supply chain. It can then predict the chance of any given organisation in that ecosystem experiencing or inheriting a business interruption event from third parties.
Third party failures: a problem for the majority of organisations
Wildfire
This use of AI in cyber security can further help predict ‘wildfire’, cyber quake-type events.
If solutions can look at a database of millions of companies and the interconnections between them, it’s easy to establish that many of them are using a particular cloud accounting software provider, for example.
“That could be dangerous,” warns Pope. “You could take an awful lot of companies offline or make it difficult to file their annual tax return or to process their invoices, based on their shared reliance on a similar internet service. That’s a really important consideration at a macro level.”
Actions
So what should an organisation do once it’s told the likelihood of it experiencing a data breach?
Pope suggests that in an ideal world, the CFO of an organisation should pick up the phone to their insurance broker and say we’re pretty sure there will be an event; we want to make sure we’ve got adequate insurance coverage for this, and help for when it does happen — immediate response help or breach response.
“That helps them understand how much insurance coverage they should have. It’s not if, it’s when, and therefore, how can we be best prepared for it,” asks he asks?
It’s all about translating the “technical security stuff” into something that the CFO or the board can digest and explain to their insurance broker.
Cyber insurance: Information Age’s comprehensive guide to cyber liability insurance
AI in cyber security
The role of AI in cyber security will become increasingly critical to mitigating threats. Why? Because of the increasing volume of data relating to this issue.
This increasing volume of data is coming from increasing technology being interconnected and exposed. The more technology and interconnection via the internet, the more data and the more difficulty making sense of that data. The only way organisations can do this effectively is with AI.
Corax is part of Tech Nation Cyber — the UK’s first national scaleup programme for the cyber security sector. It is aimed at ambitious tech companies ready for growth.