Cyber security is an arms race. Just as military equipment from the 1970s would no longer cut it on the battlefield, the defences adopted by businesses as recently as a year ago no longer offer adequate protection. It’s a constant struggle to ensure that security professionals are one step ahead of the hackers.
The threat to business systems is developing so quickly that cyber security experts are having to find innovative new ways to tackle it. Predictive analytics, a form of machine learning, is being deployed to boost the sophistication of threat detection systems.
The cyber security threat to SMEs
Research shows that small and medium-sized businesses (SMEs) are falling behind in protecting themselves against cyber crime, and criminals know it. Increasingly, smaller businesses are seen as easy targets.
A recent government survey found that 74% of SMEs had experienced a security breach but only 7% planned to increase security spending in the next year. This is despite the heavy cost: an average cyber attack on a small business costs between £75,000 and £311,000.
Understanding cyber attacks
The biggest threat to SMEs comes through employees. A lack of training might mean that a worker will click on a link within an email that installs ransomware, for example, so the business has to choose between paying to retrieve data or its being erased.
Most of the ways to improve cyber security are well known: install antivirus software and a firewall; ensure employees use strong passwords; keep tight control on who can access sensitive information and system administrator privileges. Yet somehow SMEs fail to implement rigorous security measures.
A lack of cyber security will soon become a costly failing; from 2018, the new EU Data Protection Regulation will impose a fine of up to €20m or 4% of annual turnover when companies allow security breaches to compromise customer data.
Predictive analytics – the future of cyber security?
No matter how many security measures are adopted, eventually a business will experience a successful attack on its defences. The key factor in limiting the damage of such an attack is speed of detection. Sophisticated attacks can go unnoticed for months, although machine-learning-powered solutions, which use algorithms to identify unusual behaviour, can speed up intrusion detection.
However, cyber security experts are now going one step further and using machine learning to predict attacks before they happen. Just as burglars usually spend time researching a property before attempting a break-in, so they know the owners’ routines and key access points, cyber criminals will investigate a company’s systems prior to an attack.
Predictive analytics processes a huge volume and variety of data to detect when usage patterns indicate that an attack is imminent. Managing data at this scale can be a challenge, which is why specialised service providers are springing up to service market need.
Predictive analytics can offer a real advantage in protecting against cyber attacks, but this method will not prove effective forever. For now, it gives a real benefit to companies in preventing data loss with the attendant costs and reputational damage, but if it is adopted as standard then criminals are likely to adapt to pattern randomisation to dodge the detective systems.
For many years to come, however, predictive analytics is likely to prove a worthwhile investment. Is your cyber security up to scratch?