Phone in the right hand? You're a hacker! By Mark Ward

Technology correspondent, BBC News Published duration 12 July 2018

image copyright Getty Images

Hackers are finding it too easy to circumvent traditional cyber defences, forcing businesses to rethink their security strategies. Many firms are now harnessing big data and adopting cutting edge verification checks. In fact, some can even identify you by how quickly you type your computer keys, or how you hold your mobile phone.

In these days of regular space travel, nanotechnology and quantum computers it is easy to believe we live in an age plucked from the pages of a science-fiction novel.

But there are some aspects of this shiny, computer-powered era that look more feudal than futuristic.

Consider the way many organisations protect themselves and their staff from cyber-attacks.

Many approach cyber-security like a medieval king would have tackled domestic security - by building a castle to protect themselves, says Dr Robert Blumofe, a senior manager at cloud services firm Akamai.

image copyright Getty Images image caption Many digital defences seem to date from a very different age

The high walls, moat and drawbridge are the security tools, anti-virus and firewalls they use to repel the barbarians at the gates trying to breach their cyber defences.

"But now," Dr Blumofe says, "that castle metaphor is really starting to break down."

Outer defences

The first issue is mobility. Digital fortifications worked well when all staff sat at desks, used desktop computers and were concentrated in a few buildings.

But now many work from home, airports or coffee shops and use their laptops, tablets and phones on the go, to work at all times of day.

The second problem, Dr Blumofe says, is that many firms wrongly assume that those in inside their castle walls can be trusted and are "safe".

This leaves many firms dangerously exposed, agrees John Maynard, European head of cyber-security for Cisco.

"Typically once attackers have penetrated a trusted network they find it is easy to move laterally and easy to get to the crown jewels.

"That's because all the defences point outward. Once on the inside there is usually little to stop attackers going where they want to."

Tumbling walls

In a bid to get beyond this outdated thinking many organisations have torn down the old castle walls in favour of a model known as the "Beyond Corp" approach.

image copyright Reuters image caption China was implicated in the Aurora attacks on Google and lots of other big companies

It was pioneered by Google in response to a series of cyber-attacks in 2009 called Aurora orchestrated by China-backed hackers. The attackers went after Google as well as Adobe, Yahoo, Morgan Stanley, Dow Chemical and many other large firms.

According to Mr Maynard, Beyond Corp assumes every device or person trying to connect to a network is hostile until they are proven otherwise.

And it obtains this proof by analysing external devices, how they are being used and what information they are submitting.

This encompasses obvious stuff such as login names and passwords, as well as where someone logs in from; but it also relies on far more subtle indicators, says Joe Pindar, a security strategist at Gemalto,

"It can be how quickly do you type the keys, are you holding the device in your right or left hand. How an individual uses a device acts as a second layer of identity and a different kind of fingerprint."

Gathering, storing and analysing all that data on those individual quirks of usage was the type of big data problem only a tech-savvy company such as Google could tackle at the time of the Aurora attacks, says Mr Pindar.

image copyright Getty Images image caption Nowadays work is done on the move as much as it is in offices

However, as familiarity with big data sets has spread, many more big firms are adopting the Beyond Corp approach when organising their digital defences, he says.

One big advantage is that Beyond Corp turns a firm's network into an active element of defence, says Mr Maynard from Cisco.

More Technology of Business

image copyright Magnum Photos

"In the castle and moat approach the network was passive... But beyond Corp involves continuous monitoring where you are constantly using the network as a sensor or a way to get telemetry about what's going on."

The analysis done when users join a network makes it much easier to spot when attackers are trying to get access. That's because the authentication step will flag any anomalies meaning security staff will find out quickly that something suspicious is going on. Anything other than normal login behaviour will stand out.

Faster detection

It can also mean a "significant reduction" in time to detect threats, says Mr Maynard.

"The industry average is about 100 days to spot threats. With Beyond Corp you should be down to hours not days."

image copyright Getty Images image caption As networks get more complex, automation is the only way to outpace attackers

In addition, Beyond Corp can "limit the blast radius" if a breach does happen, says Stephen Schmidt, chief security officer at Amazon's AWS cloud service.

This is because it usually involves dividing up a company's internal network so users only get access to applications they are approved to use.

The mass of data gathered on users, their devices and the way they act once they have connected may appear bewildering to many companies.

However, advances in automation are increasingly helping them keep a handle on the millions of events that now occur on their systems.

"If you are expecting to secure your estate by having humans watch TV screens you are probably going to be too late to spot it," says Mr Schmidt. "Human reactions are always going to be much slower than automation."