Darktrace uses AI to prevent, detect and combat cyber threats
Photos courtesy of Darktrace
It’s no longer just construction equipment and materials, like steel, thieves search for when targeting the industry – it’s quickly becoming company data as well. “The foundation industry has a wealth of data that cyber attackers can steal and sell to other people,” said David Masson, director of enterprise security at Darktrace. “So, it’s a valuable target for those who want to lock it up, ransomware it and then make you pay to get it back.
“This data is essential to the company’s ability to conduct business. And if you think about it, if somebody then starts fiddling with your data and alters it, changes it – these are called trust attacks – that could have serious implications for the industry.”
Masson says the goal for most cyber threats and attacks is primarily ransomware.
“Ransomware is the most prolific attack because it’s the easiest,” said Masson. “Cyber attackers monetize very quickly, demanding that targeted organizations pay ransoms to access their encrypted data using cryptocurrencies. This is a simple way to turn attacks into financial gain.”
Also, according to Masson, most professionals in the construction industry don’t think their data is relevant. However, he says they are underestimating the value of information these days.
“The construction industry has a wealth of intellectual property (IP) data, including work plans, innovations, personally identifiable information, technology and chemical formulae, and many will also have access to their clients’ IP,” said Masson.
“Losing or failing to protect this IP from cyber threat actors can result in monetary and reputational loss, and given the physical nature of construction, potential physical danger to employees and clients.
Canadian organizations in this industry must preserve the confidentiality, integrity and availability of this sensitive data to avoid disrupting business operations.”
AI detects and prevents cyberattacks faster than humans
Darktrace is a global leader in cybersecurity that uses artificial intelligence (AI) to prevent, detect and combat cyber threats. Masson says most cyber attackers don’t use AI to commit their crimes, but they will sooner or later, and the only way to “fight AI is to use AI.”
Masson says AI is faster than humans and can generate far more information at an accelerated pace.
“We as humans would be overwhelmed,” he said.
Darktrace was founded in 2013 within the Cambridge University Machine Learning Research department by cyber threat experts and mathematicians.
Masson helped the founders expand the company into Canada in 2016. “I understood how they were using AI to solve cybersecurity problems, and I was pleased to help them continue those efforts.”
He says everything the company does runs on AI. “We use AI machine learning to detect, stop, investigate and prevent threats from happening on digital infrastructure in the first place.”
Darktrace recently advanced its Cyber AI Loop, an industry-first set of AI capabilities that work together autonomously to optimize an organization’s state of security through a continuous feedback loop, with the release of PREVENT.
“With PREVENT, we’re going to use AI to ‘think like an attacker,’ finding pathways to an organization’s most critical assets from inside and outside,” said Masson. “This product family will harden your networks, and the cyber attackers will give up, not even bothering to tackle your defences.”
Based on breakthrough technology developed in the firm’s Cambridge Cyber AI Research Centre, Darktrace PREVENT is the third product area in Darktrace’s delivery of a Cyber AI Loop alongside DETECT and RESPOND.
“Darktrace DETECT distinguishes between malicious and benign behaviour,” said Masson. “That’s where we find stuff happening in your network now, alert you to it and assist you with fixing it.”
“Meanwhile, Darktrace RESPOND contains and disarms threats, ultimately stopping cyber attackers in their tracks.”
Darktrace primarily uses the type of AI machine learning called unsupervised machine learning, which allows their products to alert customers when a threat appears instead of after damage has occurred.
“If you know what’s happening right now, you can get on this problem before any damage occurs,” said Masson. “We’re not about being hacked in the first place and then fixing it – we’re saying, ‘Stop what you’re doing because something’s happening right now and respond before the cyber attackers do any damage.’”
Darktrace serves more than 7,400 clients globally, protecting them from cyber threats, including ransomware, cloud and SaaS attacks.
“There are so many ways cyber attackers can threaten a network,” said Masson. “One way they can get in is through phishing and spear phishing, so having people click on malicious links and emails.”
However, Masson says the most obvious way cyber
attackers breach company networks is through passwords.
“Despite people like me and the government saying again and again, please use strong passwords, not one, two, three, four, five, six, it happens,” he said. “It’s essentially letting the cyber attacker walk in the front door because company email credentials are easy to guess or find.”
He says it was especially prevalent during Covid-19 when many people worked from home – and still are. “A lot of us have all been working from home in the last two years,” said Masson. “And that’s allowed people to be attacked away from the security provided by headquarters.”
All data is valuable to cyber criminals
Masson says it’s not up to potential victims to decide if they’re worth hacking – threat actors will make this decision. Also, cyber attackers are aware the construction industry has not evolved its cybersecurity as quickly as other industries such as healthcare, government and finance.
“As supply-chain attacks proliferate, businesses may even suffer breaches when trusted suppliers are compromised, whether or not they are the primary target,” said Masson. “In the construction industry, organizations can no longer afford to be complacent in assessing and mitigating their cyber risk. This means patching vulnerabilities immediately and looking to proactive security solutions to harden their defences against potential cyberattacks.”
Therefore, cyber hygiene should be a part of everyone’s life, says Masson.
“When we talk about cyber hygiene, what we mean are the things you should do that will lessen the chances that you’ll become a victim of a cyber threat or attack,” he said. “There are lots of ways to do this.”
Cyber hygiene should be a priority for construction companies
To combat cyberattacks, Masson says to educate the people in your organization about what cyberattacks and threats look like so they recognize signs and avoid mistakes.
“Use strong passwords and multi-factor or two-factor authentication,” said Masson. “This component is where cyber attackers might target your email address and password, but they can’t mimic that extra bit of authentication that will take place, whether it’s a confirmation message sent to your email, phone or app.”
Masson also mentions software patches, which empower organizations to test their network security and discover vulnerabilities to fix before cyber attackers can take advantage.
You need to patch as soon as possible,” he said. “Having backups is also critical. If something goes wrong or heaven forbid all your data gets ransomed, you have a backup for that information, and it should be an offline backup.”
He says cyber attackers are very clever and can even find backups to ransom as well.
“The last thing any company should develop for cyber threats and attacks is a response plan. A breach will happen to everybody at some point,” said Masson.
“So have a response and practise it – and use good AI technology to support the plan, like Darktrace.”