Dave Palmer, co-founder of Darktrace, discusses security risks to organisations, and describes how he felt when he heard that his organisation had won one of the coveted gongs at the UK IT Industry Awards 2020
Held virtually for the first time in its history, the UK IT Industry Awards 2020 was nonetheless a roaring success, with a huge online audience treated to the comic stylings of host Ed Byrne. Computing caught up with Dave Palmer, co-founder of Darktrace, winners of the security innovation of the year award, to find out how the security landscape has changed, and what the win means for his organisation.
Computing: How have you seen the security risks to organisations change over the course of the pandemic?
Dave Palmer: While employees around the world pivoted to new flexible ways of working, so did attackers. Remote working meant increased business complexity and rapid digital transformation. Organisations turned on a dime with employees using workarounds (e.g installing video conferencing software and collaboration tools not approved by IT), increasing their reliance on cloud services and using shared home internet.
This intensified a problem that already existed in a pre-pandemic world: how do you secure your infrastructure when it's constantly in flux? How do you tell the difference between an employee trying to get their job done, and an attacker? Attackers took advantage of the confusion and stress of the pandemic, at a time when they knew security teams are likely to be over-whelmed.
At the start of the pandemic, across our customer base, we saw a spike in spear-phishing attacks or hoax emails. Before the pandemic emails targeting remote workers accounted for 12% of all malicious email traffic. Today that stands at around 60%. In one case, a patient attacker impersonated a board member and a CEO with a well-timed and topical email thread to extract information from a senior finance team member over multiple days.
Today attackers continue to take advantage of the trust established between colleagues - and not just via email. Across our global customer base, our AI is detecting 400 per cent more attacks against virtual collaboration tools compared to pre-Covid levels.
CTG: What should organisations be doing to protect themselves?
DP: The pandemic stress tested organisations' cyber defences. It quickly became very clear that static security - based on rules about what is ‘good' and ‘bad' - simply couldn't keep pace.
The challenge for organisations today is not to create new, updated security rules for a new world, or even throw more people at the problem, but to embrace cutting-edge technologies can defend their constantly evolving business.
The good news is that artificial intelligence is making major steps forward in this area. The beauty of AI is that it is very good at handling uncertainty and change - it learns what is normal, and then relearns it, and relearns - so it is constantly re-evaluating its assumptions. This means it can keep up with fast-changing environments - the number of devices on the network, the software platforms and tools being used, the behaviour of users - all of these are variables, they are never static.
This technology is already used to stop some of the most advanced cyber-attacks, which strike in seconds, at the most critical organizations in the world.
CTG: What was unique about your entry to the UK IT Industry Awards?
DP: Until the emergence of Antigena Email, a world first technology, email security was the unsolved piece of the security puzzle.
The reality is that too often employees around the world, busy doing their jobs, are faced with very convincing and sophisticated social engineering email attacks. Some malicious emails are now virtually indistinguishable from genuine communication and there are no hard and fast rules for how employees can identify them.
Email filtering tools that compare emails against blacklists are not good enough. Today businesses need equally sophisticated AI technology to combat customized phishing attacks, before they reach the user.
CTG: How did it feel when you heard you'd won, and what does this win mean for your organisation?
DP: It is always an honour to receive industry recognition for our innovations, and to be recognised alongside other UK organisations solving real-world challenges with cutting edge innovation. We take pride in challenging the status quo with our technology, which is testament to the passion and fearlessness of our 1,300 employees around the world - as well as the world-class mathematicians behind our autonomous response technology.
The awards will be back for 2021, stay tuned to Computing for all the details!