Interview: Darktrace’s Max Heinemeyer on why Covid-19 is only the beginning
Thu 20 Aug 2020 | Max Heinemeyer
Although the pandemic transformed cybersecurity this year, Darktrace’s chief threat hunter says Covid-19 may just be the prelude
For Max Heinemeyer, Director of Threat Hunting at Darktrace, Covid-19 has changed cyber security for good.
“The old way of doing security – creating rules for what employees are allowed to do and trying to predict what might go wrong based on history is useless in the face of rapidly changing, unprecedented circumstances.”
Covid-19 forced organisations to fast-track digital transformation that would have otherwise taken years to implement in a secure fashion and cyber attackers took full advantage.
Beleaguered airline EasyJet was the first high-profile company to suffer, falling victim to a ransomware attack mid-May which exposed 9 million customer records.
One month later Honda’s global operations were temporarily brought to a standstill in another apparent ransomware attack. And over the past few months, fearful governments have ramped up cyber awareness campaigns to help organisations thwart opportunistic hackers that thrive on change and uncertainty.
“Humans have struggled to keep up with the speed and frequency of attacks,” Heinemeyer says.
The new way of doing security
But for Heinemeyer, the same change and uncertainty that characterised the pandemic period has precipitated a watershed moment in the cybersecurity world from which AI has emerged as the preeminent tool of cyber defence.
While AI’s rise in the cybersecurity industry has been profound (it is now used by thousands of organisations and performs over 1.4 million security investigations every week), Heinemeyer says that in recent months companies have accelerated AI adoption and begun to appreciate its true power, especially he notes, in a context where security teams have been leaner due to furloughing.
The cybersecurity expert works at the forefront of threat hunting for security giant Darktrace, a UK-headquartered security pioneer which leads the AI-powered cybersecurity industry and as recently as 2018 was valued at an eye-watering $1.65bn.
Day to day, the former HP white-hat hacker leads a team of threat hunters that deploys Darktrace’s AI tech to “sniff out” hackers and also works with the company’s largest clients (National Health Service, Gatwick airport and Drax, the UK’s biggest power station are among its customers) to keep them protected.
Heinemeyer says it is AI’s core characteristic — the ability to learn and adapt — which makes it perfectly suited for cyber defence in today’s period of intense unpredictability.
From the standpoint of enterprise security post-pandemic, the central fast-moving variables that need to be managed are employee distribution and infrastructure utilisation. There are no longer just two categories of ‘working from home’ or ‘working from the office’, says Heinemeyer. Rather, workforces are ‘dynamic’ and working from everywhere.
The distribution varies from company to company. And within companies the proportion working from home or the office varies day to day. For the foreseeable future what IT infrastructure is used and from where it is accessed will be in flux.
“The rapid rise of this sprawling and disparate workforce intensified an existing problem in cyber security: how do you put a wall around your infrastructure when it’s constantly in flux? How do you tell the difference between a remote employee trying to get their job done, and an attacker?”
The first step in achieving cyber resilience across today’s IT infrastructure — remote working tools, cloud platforms, endpoints, inboxes, IoT devices and industrial control systems — is solving the data problem. “Only by putting all of this information together and analysing it can today’s modern business defend itself against cyber-threats,” Heinemeyer explains.
Making sense of this dynamic data blizzard is a different challenge altogether and this is where AI comes in.
Heinemeyer says only an ‘AI brain’ can keep up with the speed and scale of rapid and seismic changes currently experienced by digital businesses. Humans simply cannot compete with AI’s ability to rapidly spot trends and abnormalities across a litany of variables in bewilderingly dynamic systems.
“Unsupervised AI has proven particularly crucial as it is self-learning; it constantly recalibrates and updates its understanding of what is ‘normal’ for an organisation’s workforce,” explains Heinemeyer.
“When the world turned on its head and millions of employees across the world went remote, AI learned this new ‘pattern of life’ for organisations and continued to autonomously fight back against cyber-attacks at machine-speed, regardless of where and how employees were working.”
It’s not just organisations that are turning to AI to shore up defences. Hackers are beginning to harness AI’s ability to learn and adapt, ushering in “a new era of attacks in which highly-customised and human-mimicking attacks are scalable and travel at computer speed”. This is what experts call ‘offensive AI’ and it is predicted to go mainstream within the next year. “It is only a matter of time,” says Heinemeyer.
The most visible example of AI-powered attacks and the evolving attack landscape are Deepfakes – AI-synthesised confections which a recent UCL study ranked as AI’s most serious crime threat. When coupled with existing attack methods like spear-phishing, the fear is that AI could drastically ‘supercharge’ existing attack methods.
“Open source AI research projects, tools which could be leveraged to supercharge every phase of the attack lifecycle, already exist today,” Heinemeyer says. “Soon, they will indubitably join the list of paid-for hacker services available for purchase on the dark web.”
As Sun Tzu’s immortal saying goes ‘Know thy Enemy’ and Darktrace spends a great deal of time researching offensive AI’s potential. Among the offensive AI prototypes the company’s labs have developed include programs that do ‘reconnaissance’ on a business and autonomously determine its most high-profile targets based on their social media exposure. Once these are identified, the AI then crafts contextualised phishing emails and selects a fitting sender to spoof and fires the emails away, tricking victims into clicking on a malicious link by exploiting their trust in the sender.
“What’s most concerning is that all of this happens in seconds – supercharging attacks with the speed and scale of an AI brain,” says Heinemeyer, adding that in this new era the barrier to entry for cyber crime will be lower, as offensive AI can do the “heavy lifting, without possessing in-depth social engineering and hacking skills.”
Covid-19 has dramatically altered cybersecurity for good. Just how organisations flocked to the cloud to ensure business continuity, many turned to AI to safeguard sensitive assets in a period of intense unpredictability. But although much has changed already in 2020, it may just be the prelude for a new era of cyber security when AI goes on the offensive.