Cybersecurity: Trends and Developments in 2018

This month’s edition of our blog alongside NatWest will be our first focus on cybersecurity. Cyber startups in our network will be providing insight and comment into the current state of play, and we will also highlight key articles and events relevant to cybersecurity.

Cyber Trends, Developments, and Standing Out…

We asked 3 cybersecurity startups in our network for insight into what they think are the key cyber trends and developments for 2018, as well as how they stand out in the cyber field.

1. Katerina Safonova, Director of Partnerships and Training at Cybertonica

Cybertonica is a real-time transactional risk detection platform. Our solution uses very high velocity data synchronisation of many channels and types of data, and runs machine learning to understand the behaviour and riskiness of a transaction. Cybertonica are a resident startup at IDEALondon.

— What is cybersecurity?

Cyber security is a key and it’s techniques are the lock that keeps your business and your personal life safe. Forewarned is forearmed. Business payment fraud and security risks are a dynamically-changing battlefield, and it can be difficult to detect where the enemies are. While you study fraudsters, fraudsters study you. They are often a step ahead of this dangerous cat and mouse game, therefore fraud and risk managers must keep their fingers on the pulse of fraud and its new constantly appearing trends.

I was hacked 10 years ago, and I can tell you that this changed my personal life a lot and professional life completely. It brought a deep understanding that cyber security plays a great role in your life, and changes your mindset completely.

In our modern world, it has an influence on all of us: at home, at work, online and in life in general. Everything our parents did “offline” we do online, the border between real and virtual life has almost gone, and this has brought new threats into our lives we have to deal with. The internet is now, as a cyberspace, such an attractive target for cybercriminals.

— What are the current key trends in cybersecurity?

While the payment ecosystem is changing, fraud is changing its face and behaviour as well. Let’s not lie to ourselves — everything is hackable, it’s just the matter of time, may be luck and your technical and intellectual “weaponization”. The modern fraudster is not a lonely teenager of the 90s who is trying to hack for curiosity! In the virtual space, cybercriminals have no limits, no boundaries, and no rules to obey. They often act as companies having their CEOs, CIOs, Sales Managers, operating 24/7, and have strong investors.

It’s no oil, but data is a stable fruitful source of enrichment, and fraudsters will do everything to monetise it.

Data breaches turned into nightmares and they cause identity theft and account takeover — that’s the door to different types of online payment fraud, and we have to be ready to protect, defend, and recover digital identity and sensitive information that fraudsters could turn into profit.

— What makes your cybersecurity startup different to others?

When a new type of technology emerges, fraudsters immediately start the race to build a tool to break it. This is where Cybertonica comes in. KYC is important, but what about KYF (Know Your Fraudster)? We have created a fully adaptive, intelligent fraud and risk management platform, that is able to “crack” the fraudsters mindset and understand the fraudulent behaviour and, in some situations, even think like them, which helps us to stay ahead of fraudsters and prevent our clients from all the dramatic implications caused by fraud.

Cybertonica is different to its competitors and incumbents primarily by it’s origins in the payments, card loyalty and advertising data space. We originally used our understanding of Machine Learning and customer behaviour as a way of synchronising anonymous data to increase sales. Most of our competitors are from the mentality of “fraud prevention”, while we believe that transacting is a right for good customers to enjoy.

Cybertonica has been chosen as one of the only 12 companies of the PayPal and MGV program out of 1200 companies and it opens great perspectives to us moving forward and developing new techniques and products to make your business grow secure, fast and frictionless.

— Which other UK cybersecurity startups do you think have some great tech?

Aimbrain, Darktrace, Cybsafe — There are lots of startups joining the cyber security landscape and working on digital identity and behavioural analysis to spot fraudulent activity. It gives us hope that if we can’t stop fraud completely all together, at least we will make fraudsters life very complicated.

— How is AI affecting the cybersecurity landscape?

Fraud is penetrative — 49% of global organisations already faced financial fraud this year; fighting fraud is drama expensive — 46% of organisations spent the same or even more on investigations that was lost to fraud.

Making cyber security and fraud detection systems successfully fight fraud is an art and science, because when done wrong, it wastes time and money, distracts customers, and gives too many false positives. Criminals are crafty and sophisticated, but with help of advanced ML and AI it reduces human effort and makes accurate, automated and fast predictions.

Our solution uses very high velocity data synchronisation of many channels and types of data and runs machine learning to understand the behaviour and riskiness of a transaction. The AI layer then decides how this transaction should be managed to get the highest value to the business or customer. The technology is SaaS but also is built to be installed within a secure perimeter, or as a hybrid, to allow maximum levels of data security. Uniquely, we use real time Bidding data sampling to make behavioural models for online transactions 30% more precise.

2. Stuart Laidlaw, CEO at Cyberlytic

Cyberlytic detects and prioritises sophisticated web threats, using simple deployment, setup and zero maintenance. Cyberlytic are a resident startup at IDEALondon, an innovation space managed by Capital Enterprise on behalf of UCL, Cisco and EDF Energy.

— What is cybersecurity?

Cybersecurity is essentially about enabling digital trust. Everybody, from an individual to a multi-national business trading globally, wants to be assured that every digital interaction they have is safe and secure. Cybersecurity is about putting appropriate controls in place to give consumers the level of digital trust they expect. It is not one size fits all and solutions are tailored to specific integrity, confidentiality and availability requirements. For example a banking system will likely have far deeper cybersecurity controls than a mobile application that doesn’t store or share personal information.

— What are the current key trends in cybersecurity?

There is clearly a lot of talk about how GDPR impacts cybersecurity and vice versa. This hasn’t really changed the principles of cybersecurity and data privacy, but it has promoted cybersecurity to the board agenda. Outside GDPR, we are working with businesses that are struggling to deal with the global shortage of cybersecurity resources. Forbes state there is a 2 million shortfall today. Therefore businesses are looking for novel ways to reduce the dependency on security teams and reduce ‘analyst fatigue’. This is where AI can be applied, to augment security teams.

— What makes your cybersecurity startup different to others?

Cyberlytic is a supplier to the UK Ministry of Defence. Our products were originally developed for the UK MOD and have been adapted for the commercial market. For a cybersecurity startup, it is imperative to demonstrate credibility and our work with the MOD helps in this respect. Cyberlytic uses AI to provide web application threat analysis software. Our software provides simple to deploy and maintain website protection. Our focus and key differentiator is our patented risk-based approach, which cuts through noise to only alert when a threat poses a significant risk.

— Which other UK cybersecurity startups do you think have great tech?

I have complete respect for every startup trying to establish themselves in the market! We’re a close-knit community and it helps to share experiences. We’ve been around for over 4 years now and are seeing some our peers making great progress. Apart from Darktrace, who are flying, you only need to look at the likes of Digital Shadows and Tessian, to see the UK cybersecurity scene is doing well. Some of the new players, like Immersive Labs are disrupting the skills shortage challenge, which is a big issue globally.

— How is AI affecting the cybersecurity landscape?

There is a lot of misinformation around the term AI. To be clear, we’re really talking about machine learning. It’s being adopted in various ways, but using ML to identify anomalies is useful in supporting security analysts, as ‘threat hunting’ has typically been the job of the security analyst and anything that can be done to reduce their workload has to help. At Cyberlytic, we have a team of data scientists applying ML to web security. We’re also working with the MOD to deploy predictive analytics (game theory) to support decision making. The scope of AI in cybersecurity is vast, but right now we need to use it to automate, where possible, critical business processes and reduce the dependency on scarce security resources.

3. Alice Piterova, Head of Privacy and Harry Keen, CEO at Hazy

Hazy automates data anonymisation through machine learning, helping companies to obscure identifiable information from personal data whilst maintaining its functionality. This enables customers to become GDPR compliant and allows them to share and use data sets safely. Hazy are a portfolio company of the AI Seed Fund.

— What is cybersecurity?

Cybersecurity is about making sure IT systems are secure and protected. It’s also about trust; people are losing trust due to increased security breaches. Often some are unsure of how data and security breaches affect them, but since the new GDPR regulation came into effect at the end of May, people will now have a better understanding of how their data can be used, misused, used for different purposes, or used against them. Building and enabling trust with clients is a number one priority for us at Hazy, as it should be in building cybersecurity systems.

— What are the current key trends in cybersecurity?

For Hazy and our customers, the biggest upcoming threat is linkage attacks, where attackers try to re-identify individuals in anonymous data by cross comparing it with publicly available or alternative sources. Before, companies used partial anonymisation techniques to mitigate linkage attacks, by simply removing personally information such as name, address, date of birth, etc. Unfortunately, with so much personal data being exposed in recent years, we think it might not be enough anymore. This is why at Hazy we employ much more rigorous techniques to anonymisation, by both applying machine learning to find personal information as well as reducing the resolution of data to maximise privacy without losing its utility.

Another major new trend that has come out of the new GDPR regulation, which we at Hazy utilise, is privacy by design; making sure that software is secure and compliant by design.

Human factors are becoming more important and increasingly used, especially in domains such as email security services and mobile security. For example, two factor authentication can be used on any system that supports it. This is important especially for people working remotely or for making a network secure. It’s becoming more apparent that we can’t survive without human factors to prevent data fraud.

Finally, transparency is incredibly important for building trust with clients. Businesses now have to be transparent about what attacks have happened, notifying clients if they happen, and help them understand what measures are being taken to mitigate the attack. Companies are also now looking to abide by data laws not simply because of the risk of being fined, but because it is the right thing to do. We believe that privacy is paramount and should be underpinned by transparency between companies and customers.

Cyber security and data ethics have to be at the heart of every business.

— What makes your cybersecurity startup different to others?

At Hazy we automate data anonymisation using machine learning, which helps other companies to become GDPR compliant. Anonymisation helps companies obscure identifiable information from personal data whilst maintaining its functionality and allowing our customers to use data safely.

— Which other UK cybersecurity startups do you think have great tech?

We are big fans of Cylon, they’re doing great work supporting the UK and international cyber security scene. Some great startups that have come out of their accelerator include Highside, Tessian and Immersive Labs.

— How is AI affecting the cybersecurity landscape?

Generally, AI is helping protect systems from a plethora of unknown attacks. Hackers are increasingly using AI against companies, so to be able to effectively respond to and be immune from intelligent attacks by ‘intelligent software’, you need to use your own smart software.

Must-read Articles

CB Insights Cyber Defenders Report

Detailing 2017 cybersecurity trends and other high-momentum startups
with the potential to shape the future of digital resilience.

Top 2018 cybersecurity trends to watch out for, via Tech Target

Cybersecurity trends remain on companies’ radar. At the CIO Boston Summit, Cybereason’s Jessica Stanford discussed steps to defend against risk.

Tech Industry Must Address Cybersecurity, Job Effects from Its Innovations, via Insurance Journal

Is it the responsibility of technology companies to address the unintended consequences of advances like artificial intelligence and innovations that enable damaging cyber-attacks?

The Crooked Timer of Humanity

What lessons can we learn from a cybersecurity attack in France, two centuries ago?

Cybersecurity: Events of note

Mastering enterprise data security & building cyber security capability

Thursday 12th July, by Funding London and Certus Cybersecurity Solutions

This insightful workshop, hosted by Certus Cybersecurity Solutions alongside Funding London, will provide CEOs and CTOs with:

  • Practical skills and knowledge;
  • How to demonstrate cybersecurity capability to prospective clients; and
  • How to secure applications and cloud infrastructure from data breach/disruption

Cybersecurity Briefing — It’s a business problem NOT an IT problem

Wednesday 4th July, by ramsac Limited

Aa short and enlightening session that will help businesses meet their responsibilities and equip them to have the conversations that are a must in business today.

Special thanks to Katerina Safonova, Stuart Laidlaw, Alice Piterova, Harry Keen and Gracie Jones