Colonial using AI to stay ahead of hackers
Staying ahead of the threat is the goal of an artificial intelligence cyberdefence technology now being used by Colonial Group International in Bermuda.
Colonial is the first insurance company on the island to deploy Darktrace’s Enterprise Immune System, but it is not expected to be the only one for long.
It has only been on the market for three years, but there has been a remarkably rapid take-up of the technology by companies and organisations in more than 60 countries. It is now being used by 2,000 clients.
Bermuda’s sophisticated international business environment, particularly its insurance and reinsurance sector, and financial services, are seen as potential clients for the AI cyberdefence technology.
Dave Palmer, director of technology at the British and US-based Darktrace, told The Royal Gazette that the insurance industry, by nature, is more acutely aware of potential risks and the need to deal with them.
“Insurance companies have got on board. It’s because they have to think about risk in a broad sense, and they have a confident mindset,” he said.
Companies that deploy Darktrace’s Enterprise Immune System also tend to speak to others about its potency and effectiveness, which has been a factor in the growth of the use of the system, added Mr Palmer.
With Colonial now using the Darktrace technology, it is expected there will be heightened interest among the Bermuda business community.
“Customers have been very happy and have recommended us to others. Also, the cybersecurity community almost always works together. That has benefited us and allowed us to explode into all these countries and types of businesses.”
Colonial has fully deployed the system at its Bermuda headquarters and is in the process of putting it in place at its offices in the British Virgin Islands, the Bahamas, the Cayman Islands and Turks and Caicos.
Ben Mobley, Colonial’s technology security officer, said the group was now using the system as its default security tool.
As cyberthreats evolve and become harder to detect, the Darktrace system uses self-learning AI technology to get a jump start on threats and breaches.
Mr Palmer said cybercrime has long been associated with the idea of people stealing bank data, and credit card and healthcare details, and selling this data on the black market. However, the value of this information has diminished and no longer commands big dollars.
In order to make more money, there has been evolution of criminal business models. One technique is ransomware, where a computer system, data or network is put beyond use until a ransom is paid.
There have been long-term attacks on banking networks, such as Swift, where attackers infiltrated the system and gained important authorisations using in-depth knowledge of the environment they had breached.
“We are seeing how being able to change data is more powerful than simply stealing,” said Mr Palmer.
As an example, he said an energy company could make a costly mistake when positioning an oil rig if data that showed a targeted location was likely to be profitable proved to have been maliciously changed by a cyberattacker.
“We are going to see a move away from blunt threats,” said Mr Palmer.
The Darktrace system uses machine learning technology to monitor the normal use of every device on a network, the speed of traffic and the patterns of each user’s daily use. When it spots something unusual, such as a user logging in to a works system at a time of day they have never done before, it will flag up the anomaly on an animated display to give the network’s security team an opportunity to check if it is a real threat, and take action if needed.
“It is a chance to show that there is an attack in progress within your organisation and stop it in practice,” said Mr Palmer.
Development of the system started in 2012 and took a year before it was released commercially. There was originally only about 12 people in the Darktrace team. Mathematics and software experts from the University of Cambridge, including the late Bill Fitzgerald, were joined by specialists who had worked in information defence and security roles, including at MI5 and GCHQ, the higher echelons of the British government’s cybercommunity.
Today, the company has 360 staff worldwide and has dual headquarters, one in Cambridge, England, the other in San Francisco.
Cyberattacks on big organisations and key infrastructure have increased in recent years. The first customer for the Enterprise Immune System was the Drax Power Station, the largest in Britain.
Mr Palmer said the cybersecurity community works closely together and information is shared on newly detected threats so that they can be recognised and stopped.
“We are turning it around. Rather than look around for attacks or attack techniques, we simply learn what is completely normal for how an organisation works, and even though this will change over time we can still identify unexpected changes. It does not really matter how novel the attack is.”
He sees the technology evolving further, with AI “companions” working alongside an organisation’s cybersecurity team, being able to respond to attacks and buy time for the security team to “clean up” the breach — and even suggest the most effective clean-up solutions.
Mr Palmer said the ultimate goal was to free up security teams so they can work on more critical risks rather than be tied up configuring individual firewalls and device set-ups.