Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

David Masson Headshot

Unsupervised Machine Learning May Be The Ideal Counter To Financial Cybersecurity Threats

Posted: Updated:

Earlier this year, a group of cyber criminals targeted two Canadian financial institutions with a hybrid type of malware, GozNym. The first time GozNym was ever seen, it stole millions of dollars from the unnamed Canadian financial institutions along with several U.S. banks.

GozNym is just one example in a long string of pernicious malwares that are in circulation and actively targeting the Canadian financial sector right now. Despite its comparatively strong reputation for security, the financial services industry is still one of the most frequently attacked. And when it comes to reputation, a serious cyber attack can do major damage -- as well as lead to inevitable financial losses.

While external threats, such as the GozNym malware, are what we typically think about when we consider cyber attacks, many organizations fail to pay equal attention to the most common source of cyber threats -- those from within.

A company's own employees and third-party privileged users are reported to be the most likely causes of cyber attacks. Sophisticated cyber criminals often look to benefit from unaware or busy employees who can set a breach in motion with nothing more than an inadvertent click. Further, many employees contravene policies and guidelines deliberately -- mostly without malicious intent, sometimes because they are up to no good.

The scale of an insider threat is made more significant with the rise of social media and the Internet of Things (IoT). In Canada, 76 per cent of people possess a smart phone and 60 per cent say they like to be connected to the Internet at all times -- every single connection is now a potential point of entry. Companies are now installing internet-connected vending machines, coffee machines and light bulbs -- the list goes on. In a hyper-connected world, there are endless opportunities to infiltrate networks or wrongfoot employees into providing access to systems, as well as for legitimate users to instigate vulnerabilities.

Employees are the weakest link

Financial organizations need to understand the gravity of the risk of insider threat -- even if non-malicious in intention. Organized criminals, like the ones who orchestrated the GozNym attack on Canadian financial groups, are pooling their resources and working together in order to infiltrate even more financial organizations. This increased vulnerability has created a huge demand for experienced IT professionals, leading to a lack of talent in the industry, with financial institutions scrambling to fill the gap.

Additionally, with the ever-increasing volumes of data in a digitized financial services industry, it has become humanly impossible to go through all the information to identify potentially harmful threats in a network environment, in real time. This makes it very difficult for a business to have complete visibility of every access point, even with the largest or most talented security teams.

Financial institutions need to remember that IT security is everyone's responsibility in the company. Insider threat, even when non-intentional, can be just as dangerous as targeted, external threats. In fact, it often opens the way for these sophisticated outsiders.

Fighting back with Unsupervised Machine Learning

While the list of potential threats is sobering, the financial services industry can address these risks by incorporating new and advanced strategies like machine learning. Machine learning can help to process and make sense of the never-ending amount of data gathered.

This isn't a new concept to the financial sector -- artificial intelligence (AI) is used in algorithmic trading and credit risk modeling. However, this technology relies on previous information about potential and pre-programmed outcomes. It is considered to be a form of supervised machine learning.

Like traditional security approaches, supervised machine learning suffers from the constraint of requiring past knowledge of known attacks. However, as we saw with GozNym, new forms of threats are being developed every day, and so supervised machine learning and traditional approaches struggle to keep up with this rapidly evolving landscape.

Financial organizations should instead consider incorporating unsupervised machine learning into their cyber security plans. Unsupervised machine learning programs, like Darktrace, are continuously learning and re-modeling, using evolving information instead of relying solely on current information or historical knowledge.

By using a mathematical framework and complex algorithms, the network's daily pattern of life is studied, including every connected device, how devices are communicating, network traffic and employee behaviour online. After the baseline network behaviour is established, unsupervised machine learning can process the surge of data in real time before making logical, probability-based decisions against external and insider threats on behalf of system administrators. This allows for past unidentified threats to be detected.

With so many platforms, connected devices and applications in the financial sector to be compromised, and a constant stream of network traffic, cyber criminals can easily infiltrate a network from various points -- and quickly inflict systemic damage. The threat landscape is constantly evolving. From GozNym or its latest evolution, through to insider threat, financial organizations are more vulnerable than ever.

But by keeping employees informed, and deploying unsupervised machine learning software, which detects threats early in their life cycles, progress can be made to tangibly reduce risk and stop attacks from escalating. The corporate network has become a hidden battlefield -- ignore it at your peril.

Follow HuffPost Canada Blogs on Facebook


Celebrities With Leaked/Hacked Photos
Share this
Current Slide