2019THE STATE OF CYBER SECURITYSME REPORT

Contents

05 Defending established SMEs Pg 9

06 A question of value Pg 10

07 AI for SMEs Pg 11

08 AI: Common misconceptions Pg 12

09 AI Triangulation Pg 14

10 Report Conclusion Pg 15

01 Executive summary Pg 4

02 An evolving threat landscape Pg 5

03 Example attacks Pg 6

04 Defending new SMEs Pg 8

The inaugural Senseon ‘The state of cyber security - SME report 2019’ builds on original research conducted to better understand the cyber security challenges specific to small and medium sized businesses. From the evolving threat landscape and common attacks, to the differing requirements between new and established SMEs, this report considers their needs from a variety of angles including the role that AI is playing in this rapidly changing industry.

The industry agnostic research polled 208 UK cyber security professionals, working in organisations of all ages, with 49-500 employees.

The state of cyber security SME REPORT 2019 4

The Senseon ‘State of cyber defence - SME report 2019’ investigates the security challenges that SMEs face today, what they look for in new and existing security technologies, and their attitudes towards the use of AI. As the cyber threat landscape continues to evolve and become more complex, SMEs are finding their budgets increasingly stretched, and are exposed to the ever-widening cyber skills gap. This report aims to help SMEs better understand the current trends in cyber security and discuss fresh approaches to address these problems.

Cyber threats are a significant business risk for SMEs. With practices increasingly moving towards the Internet and cloud, SMEs have a larger attack surface than ever before. According to the NCSC, SMEs have a 1 in 2 chance of experiencing a cyber breach.1 The Ponemon Institute reports that the average cost of a data breach for organisations with up to 500 employees is $2.17m.2

As SMEs work to protect themselves in an ever-evolving threat landscape, they find their security needs are constantly changing. While entrepreneurial attackers innovate to find new ways of breaching organisational networks, defenders too must now think outside the box and beyond the perimeter in order to stay ahead in this ongoing cat and mouse game.

Current security challenges are exacerbated by the use of conventional single-point tools. By only looking at threats from one perspective, these tools have a very limited understanding of cyber attacks across a business’ entire digital estate. They must err on the side of caution when raising alerts, resulting in a flood of false positives for IT and security teams to investigate, further stretching SMEs’ limited resources.

With nearly half of SMEs indicating that they see investing in cyber security as a net cost (Figure 01), it is clear that they struggle to find value from their security stack or products they use. The cyber security industry has radically changed in the past decade. It has witnessed the introduction of new methods of both attack and defence. Now, within a noisy market, inundated with vendors offering a variety of solutions, it is increasingly difficult for SMEs to identify which solution best fits their needs.

In this increasingly complex landscape, artificial intelligence (AI) offers organisations an opportunity to address these problems, and to stay ahead of not just the threats of today, but those of tomorrow. With 81% of SMEs believing that AI will strengthen their security posture (Figure 02), it is not surprising that 69% of SMEs are looking to implement such solutions within the next five years.3 Yet only 4% of SMEs have already done so.4 There is a clear gulf between the perceived benefits of AI and its implementation.

A clear understanding of the role that technologies, such as AI, play will help organisations better utilise the benefits of adopting new technologies, rationalising old ones, and finding a return on their investment.

Executive summary01

Will AI improve the security posture of your organisation?

Q:

81%

Yes Undecided No

16% 3%

Figure 02

Netcost

Netsaving

Don’tknow

47%

49%

4%

Figure 01

Do you feel investing in cyber security results in a net cost or saving?

Q:

1 - ‘Small Business Guide’ - National Cyber Security Center, Oct 20172 - ‘2018 Cost of a Data Breach Study’ - Poneom Institue, 20183,4 - Senseon Research - May 2019

The state of cyber security SME REPORT 2019 5

Today, SMEs face greater security challenges than ever before and are increasingly targeted by attackers (Figure 03). As networks become more complex and the adoption of technology accelerates, organisations digital estates become noisier and harder to protect. The way in which modern organisations conduct business has also changed, blurring the line between where a digital estate ends and the Internet begins.

Gone are the days of a nine-to-five workforce sitting under one roof. BYOD, travelling workforces, and working from home are increasingly popular. With the complexity of organisations’ digital estates increasing, it has become harder for businesses to monitor activity and protect themselves from threats. This has created a chaotic environment perfectly suited to benefit attackers, who can hide in this noise.

Changing prioritiesSMEs do not have the same resources to defend themselves from cyber threats as their larger counterparts. Typically, an SMEs’ IT or security team is small, outsourced or in some cases non-existent. Without dedicated resources or technology to assist, it is clear that cyber threats can go unnoticed, uninvestigated or ignored. According to the Ponemon Institute, an alarming 4% of alerts raised are investigated (Figure 04).

As the security landscape continues to evolve, and as threats increase in volume and complexity, IT and security teams are finding themselves overwhelmed. Malicious actors prey on the perceived and real weaknesses of SMEs, hoping to take advantage of these over-stretched teams.

The economics of attack and defence favour adversaries. With weaker defences and limited resources, SMEs are ideal targets for attackers. It only takes one successful attack or attacker to cause serious damage, but it takes a far greater number of defences and defenders to keep an organisation safe.

Size mattersSMEs are an attractive target for adversaries but generalised attacks, such as worms that spread indiscriminately through cyberspace, have increasingly been hitting these businesses. For example, WannaCry, the infamous 2017 ransomware, appeared to have been designed by a nation-state to attack Ukrainian companies, spread to impact thousands of businesses of all sizes globally. These indiscriminate, random attacks cannot be ignored, and SMEs should ensure that they are well prepared to prevent and mitigate the effects of such threats.

SMEs cannot adopt the mindset that they are too small to matter, as to cyber criminals, or for the purposes of indiscriminate attacks, it simply isn’t true. With the increase of attacks SMEs have never had to work so hard to defend themselves.

An evolving threat landscape02

Notinvestigated

Investigated

Deemedreliable 19%

96%

4%

Cyber incidents year-on-year*

Small(1-49 staff)

Medium(50-249 staff)

Large(250-999 staff)

2018 2019 2018 2019 2018 2019

33%

47%

70%63%

36%

70%

*Hiscox Cyber Readiness Report 2019

Figure 03

*Ponemon Institute research

Figure 04

Volume of alerts, false positives and capacity to investigate*

The state of cyber security SME REPORT 2019 6

The security challenges facing today’s SMEs encompass a broad range of attacks many of which are increasingly difficult to prevent or detect by traditional tools, such as firewalls and antivirus software. While attack techniques and tactics vary, the motivations are often oriented towards financial gain and look to obtain data, IP, or to steal money. What are some of the most common attacks, and why should SMEs be concerned?

Web-based attacksBy far the most common form of attack facing organisations today, web-based attacks are particularly problematic for SMEs. If user inputs aren’t sanitised, a malicious actor can not only access the information from the associated database, but also modify or even completely erase it. Additionally, website scripts can be edited to alter content and display whatever the adversary wishes. SMEs should ensure that websites and their functions are built securely to avoid these damaging attacks that can often be very easily avoided.

Insider threatsFrom disgruntled employees to unfortunate mishaps, insider threats cause great harm to organisations. Determined individuals can use pre-existing knowledge to evade detection techniques, while an accidental insider’s privileges could be exploited to devastating effect. Insider threats are notoriously difficult to detect because they don’t carry the signature of a traditional or known attack. Malicious behaviour is then seen as being legitimate by rules-based tools with their limited detection capabilities, and threats can either hide in the noise or slip through the gaps in defences.

PhishingPhishing attacks are the second most common form of attack, and remain one of the most successful methods of infiltrating organisations of any size. No matter how much you invest in tools or the training of staff, it is extremely difficult to completely stop individuals clicking on malicious links, or opening attachments. Attacks can be widespread across the organisation, targeted to a few individuals, or can even be designed to attract the C-suite. A malicious actor can use a successful phishing attempt as a vantage point from which to launch further attacks.

Credential stuffingSMEs are particular targets for credential stuffing as they often do not have as stringent password policies in place as larger enterprises. Credentials can either be guessed or taken from one of the many databases of compromised usernames and passwords on the Internet. Many SMEs may not detect or block access after a certain number of failed attempts to enter a system. Without strong passwords and the use of two-factor authentication (2FA) and password managers, SMEs will struggle to prevent this attack technique from being successful.

Example cyber attacks03

Web-based attack

49%

Phishing/social engineering

43%

General malware

35%

SQL injection

26%

Compromised/stolen devices

25%

Denial of services

21%

Advanced malware/zero day attacks

14%

Malicious insider

13%

Cross-site scripting

11%

Ransomware

2%

Other

1%

What types of attack did your business experience?*

Q:

* More than one choice permitted

Figure from Small Business Trends research Dec 2018

Figure 05

The state of cyber security SME REPORT 2019 7

Credential accessAttempts to steal login and authentication details from inside organisations themselves are extremely difficult to detect. Tools such as Mimikatz are used by nation-states, criminal groups and rogue individuals. Stolen credentials enable attackers to move laterally across an organisation, gain further privileges and access to more valuable data and information.

RansomwareRansomware is devastating when it strikes. While patching and performing regular software updates can help guard against historic strains, most systems act too slowly to detect this rapidly-moving attack, meaning prevention is usually the best and only option. Ransomware can cripple SMEs’ business activity and reputation and in some cases drive them out of business. Once encrypted, short of paying the ransom it is practically impossible to recover lost files, and indeed paying the ransom is exactly what some supposed “recovery” companies do, despite claims to the contrary.

Fileless malwareFileless malware attacks do not install malware on a system, but rather hijack a device’s built in tools and use them against it. Traditional tools struggle to detect these types of attacks, particularly as the malware does not run on disk but only in memory. This undetected attack can then be used for carrying out, among other things, subtle data exfiltration, which the business may not detect until it is too late. A business may not even know it has been struck by such an attack until well after the damage has been done.

TrojansSMEs are often unable to offer their employees the same training opportunities as large enterprises. This means that trojans, malicious programs that look and purport to be innocent, may have an easier time making it inside an SME than a large enterprise. Once a trojan has made it through the gates, it is extremely difficult to detect and shake the malicious actor. While inside an organisation, a trojan can be used as a base from which to exfiltrate data, leak IP, and steal assets.

Zero-daysIf nation-states with huge resources and budgets dedicated to security struggle to detect these attacks, it is no surprise that small businesses are often defenceless. While extremely difficult to detect the moment they first enter a system, they can be detected by behavioural-based technologies once they start to behave unusually for example, stealing data. While SMEs shouldn’t be too concerned that they will be the focus of a zero-day will attack, however with many now being sold between nation-states or secretive groups, customers and company boards will certainly be glad to hear that the company is prepared for them.

The state of cyber security SME REPORT 2019 8

Cyber security is often not the highest of priorities when a business is first founded. Yet if SMEs invest in cyber security at an early stage, the return on investment can be great. By laying the foundations for a strong security posture, an SME can grow its business safely and securely.

Investing in cyber security should not be seen by new SMEs as a black hole of sunk costs, as almost half of SMEs of 10 years and under believe.5 Instead, it should be viewed as an opportunity to distinguish a business, to show that it takes responsibility in protecting employee and customer data. A developed cyber security posture within a newly established SME is a sign of relative maturity, and can bring the business great opportunities.

Covering the basicsUnless they opt to outsource their security, SMEs will have to develop their own security practices and look to invest in technology to strengthen their security posture. Before considering which security tools to invest in it is important to get the basics right. A few simple measures can go a long way to evading more basic security risks. Steps such as using strong passwords or password managers, encouraging the use of two-factor authentication, and installing a reputable free antivirus software will get SMEs off to a good start.

Regardless of whether an organisation manages its security internally or chooses to outsource it, companies should take measures to train staff about best practices and to help them avoid attacks such as phishing. However, no matter how stringent staff training, incidents are still frequently caused by human error and by accident. With these basic principles in place, SMEs can look at deploying more substantive solutions.

A loss of appetite Younger SMEs (1-3 years) have a strong appetite to increase the number of security tools they use (Figure 07). However, as companies age this appetite decreases considerably, with 22% of SMEs aged 7-10 wishing to decrease the number of tools in use (Figure 07). With 33% of newer SMEs using between 11 and 20 tools (Figure 06) perhaps it is no surprise that there is a desire to simplify the security stack due to the effort and frustrations of maintaining and managing these tools.

With the introduction of smarter solutions that automate much of the workload and platform-based technologies that perform the role of multiple security tools, SMEs are able to not only strengthen their capabilities but also to increase their efficiency and save precious time and resource. 33% of those looking to decrease their tools cite efficiency a leading factor, with 40% wishing to move to multi-purpose solutions.6

To avoid the burdens created by the constant layering of new tools, organisations may wish to look towards solutions that will grow and evolve with the changing threat landscape, and keep pace with modern threats.

Defending new SMEs04

1-3 years old4-6 years old7-10 years old

Increasenumberof tools

Decreasenumberof tools

Keep thesame

76%

100%

0%

0%

14%

22%

10%

13%

65%

Will you increase or decrease the number of tools you use in the next 12 months?

0 tools

1-10 tools

11-20 tools

21+ tools

65%

1%

33%

1%

Q:

How many security tools do you currently use?

Q:

Figure 06

Figure 07

5,6 - Senseon Research - May 2019

The state of cyber security SME REPORT 2019 9

Established SMEs have different priorities to new businesses. They’ve implemented the basics, tried a few tools, and probably made some mistakes along the way; they have experience. But cyber security is a journey, not a destination.

Interestingly, the older the SME, the less likely they are to have dedicated security budgets (Figure 08) or trained security analysts (Figure 09). This would indicate that older organisations, specifically those 21 years or older, do not view cyber security as seriously as their younger counterparts (such as those around 7-10 years). They also have more objections regarding new approaches such as AI.7

Given the discriminate nature of attackers, where the most attractive targets are those that are poorly defended, older SMEs need to ensure that cyber security is a business priority and to stay up-to-date with industry trends and emerging technology so that they have the best chance of catching threats before it is too late.

Rationalising technologySome 55% of established SMEs view cyber security as a net cost8 again implying that many do not see the value in the tools they are using. Established SMEs may wish to address problems they experience with existing tools or find alternative tools that are able to show value and can prove a solid return on investment. By rationalising their technology, SMEs can become better defended, ensuring that they utilise solutions best suited to protecting their business. As the cyber threat landscape continues to evolve, solutions must change too. Tools that stand still won’t support SMEs as they expand and grow.

The traditional problemTraditional single-point security tools only look at threats from one point of view, and so have a limited understanding of threats. This means they must err on the side of caution when raising alerts, resulting in a flood of false positives. Attackers know and exploit this, hiding amongst the noise to evade traditional threat detection capabilities.

The average SME deploys eight tools9. Organisations often attempt to cover gaps in their security stacks by adding more tools. This in itself creates extra work for security and IT teams who then have to manually piece together the outputs of these various tools in an attempt to understand what is actually going on. It is no surprise that 37% of SMEs are wary about increasing the number of tools they have10; this approach is not working.

Adapt and evolveOver the last few years, huge leaps in AI approaches have greatly increased cyber defence capabilities. Some 40% of SMEs are planning to invest in AI defences, and 69% of all SMEs intend to in the next five years.11 As attackers innovate, defenders must innovate too.

Defending established SMEs05

11-15years old

16-20years old

21+years old

YES NO YES NO YES NO

92.7%

7.3%

88.8%

11.2%

75.7%

24.3%

11-15years old

16-20years old

21+years old

YES NO YES NO YES NO

80%

20%

77.7%

22.3%

62.1%

37.9%

Does your company have a dedicated budget for cyber security?

Q:

Does your company have trained security analyst/s?

Q:

Figure 08

Figure 09

7,8,9,10,11 - Senseon Research - May 2019

The state of cyber security SME REPORT 2019 10

As we have seen throughout this report SMEs are questioning the value of their existing tools and approaches are being questioned. With just 12% preferring to use 3rd party services (Figure 10), there is a strong desire for SMEs to maintain control of their security in-house. Almost 90% of SMEs have a dedicated security budget,13 however over half (53%) believe that increased spending would help them deal with their cyber security workload.12 As most security professionals (56%) think that the answer to strengthening their security is simply to purchase more solutions13.

Before budgets are increased or new tools are acquired, SMEs should look instead to rationalise their current security stack and question the value they provide. But how does a security tool prove its value and return on investment?

Detecting threatsThe prime function of any security tool is to keep organisations safe from threats. If these tools are indeed stopping attacks then there is an intrinsic value for each potential breach that is halted. However, outmoded tools, such as those that rely on rules and signatures, are unable to keep pace with modern and emerging threats as they can only identify the signatures of yesterday’s attacks. Modern attack techniques can easily evade detection, especially as networks become noisier and more complex. It is in this environment that genuine threats go undetected or get lost in the noise.

Increased efficiency Solutions that help IT and security teams to become more efficient go a long way in proving value to an organisation. Black box tools that require no human interaction give no evidence of their effectiveness or impact on the business. With 61% of SMEs preferring solutions with lots of features and that allow them to carry out their own investigations (Figure 10), it is clear that many organisations prefer tools that they can use regularly to directly experience the value that they provide. With stretched resources, budgets, and the cyber skills gap, tools that increase efficiency, save time, and resource are the tools that prove their worth and deliver ROI.

Providing insightCyber security tools have the power to observe behaviours, threats, and interesting activity across the entire business. This information can be extremely valuable to organisations, helping them to understanding the mechanics of their business as it functions, to support them to make decisions or even spot patterns that would otherwise have gone unnoticed. This process would be near impossible for a human to perform.

A question of value06

What type of security products do you prefer?

Q:

Simple tools that require minimum effort, time orresource

Tools with lots of features so that I can carry out myown thorough investigation

I prefer to use 3rd party services

I prefer to only get reports of risks/threats

2%

25%12%

61%

Figure 10

Netcost

Netsaving

Don’tknow

47%

49%

4%

Figure 11

Do you feel investing in cyber security results in a net cost or saving?

Q:

12,13 - Senseon Research - May 2019

The state of cyber security SME REPORT 2019 11

The introduction of AI and machine learning (ML) in recent years has offered organisations the ability to revolutionise how they defend themselves from cyber threats. Before AI/ML, organisations would have to manually sift through logs, and rely solely on tools such as antivirus which only detect threats based upon previously identified signatures.

The limitations of manual investigation and rules and signature-based detections are clear. Manual investigation is incredibly time consuming, prone to human error and frequently allows threats to go unnoticed. Rules and signature based detections are very limited in that they cannot detect previously unseen attacks.

The benefits of AIBy building a pattern of normal behaviour of devices, users and networks, AI is able to detect when suspicious or anomalous activity deviates from that pattern. This enables AI solutions to work freely from the confines of rules and signatures, allowing them to keep pace with evolving threats and detect not just the threats of today, but those of tomorrow too.

By automating many of the routine aspects of threat detection, resources can be more efficiently deployed, freeing analysts to focus their efforts where they matter most; investigating genuine threats. With a shortage of security professionals AI is also helping to close the industry-wide the cyber skills gap.

Desire vs implementationSMEs clearly see tangible benefits in adopting AI solutions, with 81% of SMEs believing that AI will improve the security posture of their organisation (Figure 12). Some 43% of SMEs are currently planning to invest in AI solutions, and 69% are looking to do so in the next five years. However, only 4% have already implemented AI solutions (Figure 13). There is a clear gulf between the desire to adopt AI, and actually doing so.

Interestingly, younger companies are keener to adopt AI than older companies. Almost three in four SMEs of 10 years and younger are looking to implement AI solutions in the next five years. This compares to under half of companies aged 21 and over, with almost 20% saying they aren’t looking at AI.14

So what are SMEs concerns and objections to implementing AI?

AI cyber defence for SMEs07

Alreadyhave

Within 12months

Within 5years

43%

4%

69%

SMEs plans to implement AI security solutions

Will AI improve the security posture of your organisation?

Q:

81%

Yes Undecided No

16% 3%

Figure 12

Figure 13

14 - Senseon Research - May 2019

The state of cyber security SME REPORT 2019 12

Often a topic of debate and controversy, AI has built up somewhat of a mixed reputation in recent years within the cyber security industry. With confusion in its terminology and in its application, as well as a misleading market full of hype, it is no surprise that many SMEs are sceptical of its benefits. Let’s clear up some of the myths that surround it.

“AI does not really work”The benefits of early versions may have been somewhat been over-promised. 23.5% of SMEs who do not believe in AI’s abilities (Figure 14). However, recent advances in computing power, data collection, and the underlying scientific theory have finally brought the technology to the level where it can actually start providing tangible benefits to business. Today’s leading AI solutions are able to detect patterns among vast streams of raw data that either escape the human eye or else require so much time to discern as to be impractical for manual threat detection. AI can be utilised to build up a unique profile of an business’s pattern of normal behaviour, which can be constantly and automatically updated as new information becomes available. The AI can then compare new information to the established pattern of usual behaviour, and in this way detect anomalies. This enables the technology to always stay ahead of emerging cyber threats.

“AI benefits are just marketing hype”According to MMC’s “The State of AI” 2019 report, a full 40% of self-professed AI start-ups do not actually use AI.15 It is not surprising that almost one in four SMEs claim that they would not invest in AI solutions because of marketing hype (Figure 14). Return on investment is a leading concern for SMEs when they consider which tools to adopt, and without a clear explication of AI’s benefits, reservations will of course persist. AI solutions should always be grounded in scientific research, and provide obvious benefits to SMEs’ capabilities.

“I’ve not used AI before”Nearly one in three SMEs would not invest in AI simply because they have not used it before (Figure 14). This indicates a hesitation to adopt AI because of a lack of education over its purpose or how it works once deployed. In general, the purpose of many AI solutions is to simplify a process or task. In a good AI solution, this ease of use starts right from deployment, with a quick installation and little to no manual tuning process necessary; the machine should do all the learning automatically without relying on any human input. Good AI products should augment SMEs’ abilities to detect and respond to threats, increasing visibility whilst dramatically reducing false positive alerts. Any solution that requires an arduous onboarding process isn’t a solution that an SME should consider purchasing. AI defences are designed to make life easier for SMEs, something that many teams experience upon taking the leap.

AI: Common misconceptions08

The cost of solutions

51.5%

I’ve not used it before

32.5%

Lack of evidence in the decisions it makes

30.5%

Impact on employment

28.5%

Lack of trust in its ability/marketing hype

23.5%

It’s not a priority for the business

23.5%

Our business is too small

7%

No reason

6.5%

What is stopping/would stop you from adopting AI solutions?*

Q:

*more than one choice permitted

Figure 14

15 - ‘The State of AI’ Report - MMC Ventures, 2019

The state of cyber security SME REPORT 2019 13

“AI is a black box of decision making”Some 30% of SMEs cite a lack of transparency in AI’s decision making as a reason for not adopting AI approaches (Figure 14). SMEs want to be able to clearly see and understand how the AI reaches decisions. For that reason, any AI solution should clearly lay out its reasoning for a human to understand. This is useful to not only help see threats in context, but also to clearly show the value of the product. After all, without explaining how decisions have been reached, there is little evidence that the system is actually working as promised and is not one of those 40% of companies that falsely claim to use AI.17

“My business is too small for AI”Organisations of all sizes can see the benefits of AI. Indeed, only 7% of SMEs think they’re too small to benefit (Figure 14). Cyber threats face all organisations, and autonomous threat detection capabilities will especially benefit a small company that has one, or perhaps even no, IT or security professionals. If a task can be done by a machine, or the human can be augmented through adopting AI, then it can free up employees to focus on achieving their business objectives.

“AI is really expensive”This is the leading objection against AI adoption, cited by a full 52% SMEs (Figure 14). All cost is relative, and value is subjective. What costs a lot for one organisation may seem very cheap to another; it is all about finding value. For SMEs, finding value can mean anything from increasing visibility to decreasing false positive alerts, but there must be a great return on investment. Essentially it comes down to augmenting the role of IT and security teams, and better enabling them to protect their organisation. The savings will then come through needing fewer tools, better use of people and resources, better justification of security expenditure, and, of course, preventing cyber attacks. This is how SMEs find AI adoption to be a welcome return on investment.

“AI puts jobs at risk”Some 29% of SMEs are put off from adopting AI because of its perceived negative effect on employment (figure 14). Whilst a controversial topic, the cyber security industry suffers from a widening skills gap which results in over-stretched security and IT teams who struggle to keep up with the volume of work. AI can be seen as a help and not a hindrance to employment by improving the lives of IT and security professionals.

“It is not a priority for my business”Each SME will have its own unique combination of business priorities, which is perhaps why 24% of these organisations say that AI adoption isn’t a priority for their business (Figure 14). However, cyber security shouldn’t be considered a necessary evil, but rather an opportunity for a business to differentiate itself from its competitors. We’re living in an age where consumers care about their data, and so showing customers that you take their data seriously can be as valuable to an SME as their product or service.

The state of cyber security SME REPORT 2019 14

Since the emergence of AI in cyber security several years ago, the industry has seen the approach drastically evolve. In its earlier primitive form, AI was limited to anomaly detection. The problem with relying solely on anomaly detection is that just because a behaviour is unusual, does not mean that it is malicious. People and devices frequently behave unusually and alerting to every instance of an anomaly is not helpful to security teams who become inundated with false positive alerts.

With only 4% of alerts being investigated and only 19% of alerts deemed reliable16, organisations struggle to keep up. Alert fatigue allows threats to hide in the noise and go unnoticed. What is needed is a technology that goes beyond the anomaly, that is capable of looking at threats from multiple perspectives and distinguishing between genuinely malicious and merely unusual activity.

Unique perspectivesTraditional AI tools look at threats from a single point of view. This limited view lacks context and means that rather than miss a potential threat, they must err on the side of caution and raise an alert.

Instead, AI Triangulation blends together multiple senses across endpoint devices, the network, and Investigator Bots (which look at potential threats from an external point of view). By talking to each other, these senses build up additional context around malicious behaviour to greatly improve accuracy and dramatically reduce false positive alerts, whilst removing the need for multiple solutions.

Augment the analystBy emulating how an analyst thinks, observing threats from multiple perspectives, pausing for thought and learning from experience, AI Triangulation can automate the process of investigation. 76% of SMEs believe that AI will improve their day-to-day job (Figure 15), but without accuracy, context and the reduction in false positives, AI has the potential to do just the opposite.

Getting the most from AIWith workloads increasing and organisations becoming harder to defend, 56% of SMEs desire more tools, 53% desire more budget and 35% require more staff (Figure 16). There is a clear need for existing tools to be rationalised and a place for new technology to solve these issues. By performing the job of multiple tools, automating investigation, and augmenting the analyst, AI Triangulation helps organisations to simplify their security stack, save time and money, whilst increasing their defence capabilities.

AI Triangulation09

Do you think the use of AI will improve your day-to-day job?

Q:

76%

Yes Undecided No

21% 3%

More tools

More budget

More staff

Outsourcing

AI solutions

Other

53%

56%

34%

35%

4%

35%

What would help you cope with your cyber security workload?*

Q:

*more than one choice permitted

Figure 15

Figure 16

16 - Senseon Research - May 2019

The state of cyber security SME REPORT 2019 15

The evolving threat landscape is testing SMEs harder than ever before. In the effort to stay ahead of entrepreneurial cyber criminals, only those organisations that adopt innovative solutions have the best chance to defend themselves. As the complexity and volume of attacks continues to increase, small security teams with limited budgets will only find their struggle worsen. Conventional tools aren’t working; a fresh approach is needed.

Adopting AI solutions is a step in the right direction. 81% of SMEs believe that AI is fundamental to the future of cyber security (Figure 17). The question is not so much about the desire to implement AI, but rather how SMEs, both new and established, can create a comprehensive business case for taking advantage of the technology and getting the most from its benefits.

AI can help teams by detecting threats with speed, accuracy, and at a scale that far surpasses human abilities. Moving beyond traditional tools that rely on rules and signatures, AI can minimise SMEs’ risk by accurately alerting on not just the attacks of today, but those of tomorrow too.

SMEs should look towards solutions that go beyond pure anomaly detection to avoid being inundated with false positive alerts that waste precious time and resource. Instead, seeking revolutionary approaches that can think like a human analyst by observing threats from multiple perspectives, pausing for thought and learning from experience to carry out automated investigations, will ensure that SMEs have the best chance of defending themselves from present and future cyber attacks.

Report conclusion10

81%

16%

3%

Agree Undecided Disagree

Want to find out more about how Senseon is helping SMEs?Visit www.senseon.io/senseon-pro

or email demo@senseon.io

AI is fundamental to the future of cyber security

Figure 17

16 - Senseon Research - May 2019

About Senseon

Senseon is the next phase of AI for cyber defence, moving beyond rules-based systems that are too rigid to keep pace with emerging cyber-attacks or ineffective AI systems which cannot differentiate between unusual behaviour and malicious threats. Unique to Senseon, ‘AI Triangulation’ understands and correlates threats across an organization’s entire digital estate, providing much needed context and clarity in an increasingly noisy landscape. Founded in 2017, Senseon brings together cyber security experts, former government cyber operatives and applied machine learning specialists. Headquartered in London, UK and Chicago, USA, Senseon also has a presence in the Middle East and Australia.

Contact Us

info@senseon.io

+44 (0) 20 7692 5178

senseon.io

@SenseonTech

100 Pall Mall, London, SW1Y 5NQ