Cyber-Security – are humans the answer or the problem?

Figuring out the best way to protect your company from a cyber-attack is the kind of dilemma that keeps CTOs and CIOs up at night.

According to Malware Byte’s State of Malware report, 2016 was the year we witnessed the rise of ransomware, botnets and attack vectors as popular forms of malware attack as cybercriminals continually expanded their hacking methods.

But as hackers become more sophisticated, the response has to be even more so and some believe the best form of protection is to take humans out of the equation.

“The only way any organization is going to be able to protect themselves is to use something that is more advanced than the human brain.” That’s what Jeff Cornelius, EVP ICS Solutions, at Darktrace told a room full of security experts at a GDS summit.

When it comes to protecting your company from cyber-attacks, Cornelius supports unsupervised machine learning, which has the ability to constantly learn what normal is. Cornelius compares unsupervised machine learning to relationships saying, “you learn about the people in your life over time, you don’t take a single snap shot of that person’s life and rely just on that snapshot to be the basis of your understanding of that person forevermore.” Unsupervised means just that, no supervision by humans. Cornelius believes if a human is involved (supervised machine learning) you’re setting yourself up for failure saying, “If you’re not using unsupervised machine learning to do the protecting, you’re automatically compromised.”

But there is debate over whether unsupervised machine learning is the best cyber security solution.

According to Techcrunch.com the main argument against security solutions powered by unsupervised machine learning is that they churn out too many false positives and alerts, effectively resulting in alert fatigue and a decrease in sensibility.

Simon Crosby, CTO at Bromium calls machine learning the pipe dream of cybersecurity arguing “there’s no silver bullet in security.” That blog went on to argue that in the battle against hackers, you’re always up against people who already know how machines and machine learning work and how to circumvent their capabilities, therefore a human may need to be involved.

Most flyers I know would probably be hesitant to hop onboard a computerized plane without a human in the cockpit. Making a decision about the best anti-hacking software, supervised or unsupervised, may depend on how much you actually trust machines.

The war between cyber criminals and companies is far from over. ABI Research forecasts machine learning in cybersecurity will boost big data, intelligence, and analytics spending to $96 billion by 2021, whereas Forbes reports cyber-crime costs are projected to reach $2 trillion by 2019.

Cornelius believes machines by themselves have the upper hand because humans make mistakes. Cornelius says, “If machines ran our world we’d be able to model those behaviors very cleanly. Humans are gooey, we a have a warm underbelly and the belly of the snake makes mistakes.”

As machines continue to become an integral part of our lives, everyone will have to make a decision about whether to trust them or not.

When it comes to protecting your company from cyber-attacks, where does your trust lie?