Innovate and collaborate to automate (Guest blog by BT)
Since 2019, when Covid first arrived, our lives have forever changed. Alongside dealing with the mass migration to remote and cloud working, our industry has been fundamentally altered by the fallout of major incidents like SolarWinds and Log4J since then. We’re also of course facing a radically different geopolitical context. We’ve all been appalled at the invasion Ukraine over recent months, and alongside the humanitarian and diplomatic efforts, there’s also been a huge cyber security response.
All of these events have massively changed how we approach and think about security. Almost all organisations are now questioning how secure they really are, and whether their protections are actually protecting them. What might have once seemed like a level of paranoia reserved solely for the CISO has now become the norm across all levels of organisations. And it’s no longer just about protecting yourself or one type of industry in isolation, as today’s cyber landscape is all about interdependencies.
The interconnectedness of technologies today is massively increased from even 2 to 3 years ago – allowing attacks to spread much more quickly. This really matters, as we are only as secure as the weakest link in the chain – and security organisations and cybercriminals are now in a constant race to identify these weak links.
These have of course been major issues for BT, as our infrastructure provides the digital backbone for the UK. We provide services to millions of customers who trust and expect us to seamlessly connect and protect them. And the connections we provide have of course become more essential than ever. We’ve seen a 62% increase in daily traffic on our network since the first lockdown, as so much of our lives migrated online.
Every couple of minutes nearly 200 terabytes of data will have gone across our network. We’re rapidly rolling out our FTTP and 5G networks to support this network demand – but this increased data and online activity brings a greater attack surface to protect.
Our cyber security platform processed 100 000 events a second in 2018 – today it’s now over 2 million events per second. In total, that’s 170 billion events which we ingest and analyse every day, in order to defend our network against on average 6 500 cyber-attacks every 24 hours.
In years gone by, the problem was around a lack of data to make insightful decisions – but we’re now facing the data paradigm, where this situation has completely inverted. There’s frankly now far too much data to ingest, and many organisations are struggling just to keep up, often using operating models that were devised several years ago.
In this context, many organisations are innovating to try to keep their heads above water – but this isn’t sustainable. We need to challenge how we see innovation – not using it to adapt and react, but to create a fundamental step change in our outlook and approach.
One of the key ways we can do this is of course in technology – and more specifically automation. We’re increasingly used to using automation to handle routine, bulk analysis of data – but to really outpace our threats, we need to give it far greater decision-making responsibility. We recently launched our new Eagle-i platform, which is based on using automation and AI to rapidly identify and predict cyber-attacks.
This is underpinned by epidemiology-based research, which uses findings on the spread of viruses in human populations to model how cyber-attacks propagate, and how to stop them spreading further. We’re trusting this platform to automatically analyse issues and put preventative measures in place before they impact BT and our customers. This is a fundamental change in our approach – but it’s necessary to massively increase our response speed and so that we can move faster than our adversaries.
The key point I’d want to reiterate is that if we want to do more than simply race to keep up with the latest threats, we have to innovate and collaborate across all elements of our security thinking and strategy.
This means not just innovating in technology, but in everything from how we engage each and every sector of society, to how we foster diversity in the industry, through to how we partner and work with our peers and internationally.
For the UK, this will mean we can ensure that our cyber capabilities, expertise and insight maximised – which in turn will advance the UK’s global standing and the reputation of its organisations internationally.
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Upcoming events
Get involved
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.