About 18 months ago, I stepped out of the shower and into the new reality of cyber security.
Here’s what happened. While I was scrubbing up, the bank that issued my credit card left me a voicemail. They noticed some suspicious activity on my credit card, they said, and unless I called them right away, my card would be cancelled.
Since the voicemail was left on my home landline, it took me a few hours (even after the shower) to notice it. By the time I finally did, it was too late.
My very first credit card – the one I signed up for back in 1998 so I could book a bargain winter resort trip to Cuba – was put out to pasture after 15 years of duty. Panicked and outraged, I called the bank, demanding to know why they cancelled my card so quickly before I had a chance to even figure out what was going on.
That’s when they ushered me into the new age of cyber security. As the bank explained when I finally called them back, I had racked up a string of online charges in the U.S. earlier that day – “Something you’ve never done before,” the credit card service rep remarked. “It’s out of character with your usual purchasing pattern, so we called you first and then cancelled your card before more charges could be made on it.”
Then it hit me: I had used my card that morning to renew my website domain, hosting and SEO package, which is provided by a company in the U.S. It was my firsthand glimpse at how technologies like analytics, algorithms, machine learning and behavioural modeling can spot anomalies – and potential fraud – in credit card and other financial services.
As noted in this Wall Street Journal blog, those same technology tools are now being applied to cyber security by companies like Brighterion Inc. After helping MasterCard suss out suspicious transaction activity, Brighterion has moved into detecting unusual behaviour in IT networks. By tracking how, when and where staff access company email, devices and files (and even how they type), Brighterion claims it can spot a potential cyber attack when network activity deviates from established patterns.
UK-based Darktrace says it combines machine learning and mathematics formulas to “identify human and machine behaviours that represent threat(s) with a high degree of accuracy” involving “network, host and mobile device activity.”
One of the most promising aspects of this technology is the possibility of detecting threats that are brand new and completely unknown. Traditional approaches protect your network from a specific malware, for example, by detecting and defending against that exact set of malicious code. The new approach allows a network “to detect normal and abnormal behaviours as they emerge, without already knowing what it is looking for, and calculate the probability of threat based on the detection of behavioural anomalies,” according to Darktrace.
Expect to see more of this; Gartner predicts that at least 25 per cent of all self-detected enterprise breaches will be discovered via these kinds of behaviour-based technologies by 2018. Big data players like SAS, IBM, Splunk and Teradata are already extending their analytics offerings into the cyber security market as we speak. As IT departments routinely reevaluate their potential risk exposure, this kind of technology needs to be among the data protection approaches they consider.
As for my own personal brush with behavioural analytics, I immediately got a new credit card from the issuer once they verified everything was on the up and up. I also got over my outrage at the quick card cancellation, once I realized they were just using behavioural technology to look out for my best interests.