Machine Learning Can Strengthen Defense Against Cyber Threats
Cybersecurity is a major challenge that affects consumers, enterprises, and governments. In fact, it’s rare for a week to go by without a news story about hacked accounts, cybercrime, ransomware, or data breaches. As U.S. President Biden recently noted, “Cyber threats can affect every American, every business regardless of size, and every community.”1
The risk posed by cybersecurity is ubiquitous because technology now permeates every aspect of our world, and while there is no single solution to address all of the risks, core technologies like machine learning have the potential to improve cybersecurity, reduce risk, and provide meaningful value to enterprises and commerce.
A Changing Landscape
Indeed, cybersecurity challenges have grown over the past 25 years as new technologies have emerged and gained wide-scale adoption. In the late 1990s, email and basic internet browsing became popular. Since then, technologies including Wi-Fi, mobile devices, online video, social networking, streaming media, and online video teleconferencing have also rapidly appeared and changed the world, in many ways, for the better.
Unfortunately, the rapid adoption of technology creates challenges and magnifies cybersecurity risks. Common challenges that increase cybersecurity risk include:
- System Complexity: Modern applications are complex and have dependencies that are hard to track and understand. Enterprises no longer deploy monolithic applications built and managed by a dedicated team over time. Today, development is done incrementally, using agile processes that rely heavily on resources controlled and managed by other organizations, such as open-source software and software as a service (SaaS). Although these development practices can shorten time to market and improve usability, they produce systems that are hard to analyze, test, and monitor. This provides opportunities to attackers who can exploit weaknesses that they discover in a shared resource and operate without fear of being detected, given that defenders have minimal monitoring capabilities.
- Lack of Skilled Cybersecurity Staff: The demand for skilled cybersecurity workers far exceeds the current supply. According to the Department of Commerce, one-third of all the cybersecurity positions in the United States currently remain unfilled, and, on average, cybersecurity roles take 21 percent longer to fill than other information technology jobs.2 This lack of skilled cybersecurity personnel endangers enterprises and efforts of all sizes by limiting their ability to properly staff critical ongoing cybersecurity efforts and by slowing the deployment of new defenses. This gives attackers confidence that vulnerabilities will not be closed before they can conduct reconnaissance, marshal the resources needed to exploit weaknesses, and execute their attacks.
- Unproven Technology: The speed at which new compelling technologies and applications appear incentivizes users and technologists to adopt them long before they understand how the technology’s nuances pose risks or they develop the perspective and processes to discriminate between what’s normal, unusual, or malicious when using them. This provides attackers with a variety of opportunities, including the ability to exploit deployments of the technology that are clearly misconfigured and to deceive users who lack the perspective to assess what’s normal or credible in these new operating environments.
Although it’s still early in its development, machine learning offers cybersecurity defenders and software developers the promise of automating critical elements of their system defenses. Some of this intelligent automation will reduce the effort needed to perform mundane repetitive tasks, thereby freeing skilled cybersecurity workers so they can focus on tasks that require dedicated attention. Other applications will automate critical security decisions using machine learning models, thereby speeding the dissemination of expertise, perspective, and experience to system defenders. In these ways, machine learning will enable innovation in cybersecurity.
1 Oct 1, 2021, Statement by President Joe Biden on Cybersecurity Awareness Month https://www.whitehouse.gov/briefing-room/statements-releases/2021/10/01/statement-by-president-joe-biden-on-cybersecurity-awareness-month/
2 Dept. of Commerce’s CyberSeek project https://www.cyberseek.org/heatmap.html
Disclosure: The views expressed are the opinion of Sands Capital Management and are not intended as a forecast, a guarantee of future results, investment recommendations, or an offer to buy or sell any securities. The views expressed were current as of the date indicated and are subject to change. This material may contain forward-looking statements, which are subject to uncertainty and contingencies outside of Sands Capital’s control. Readers should not place undue reliance upon these forward-looking statements. All investments are subject to market risk, including the possible loss of principal.
This site may contain links to other websites, including links to the websites of companies that provide related information, products, and services. Such external internet addresses contain information created, published, maintained, or otherwise posted by institutions or organizations independent of Sands Capital. These links are solely for the convenience of visitors to this site, and the inclusion of such links does not imply an affiliation, sponsorship, or endorsement. PT202100302