Symantec and your bad reputation: A masterclass on the modern cyberattack

17 May 2019

Stephen Trilling on stage at Inspirefest 2019. Image: Luke Maxwell/Silicon Republic

Why do some internet users constantly fall victim to viruses while others consistently emerge scot-free? Symantec’s Stephen Trilling isn’t sure, but he does know how to use this to protect the world from cyberattacks, as he explained at Inspirefest 2019.

“Think about all the ways you interact with software every day,” Symantec’s Stephen Trilling asked the crowd, quickly listing a multitude of instances where the hand of technology reaches far into daily life, extending beyond the typical examples such as a computer or a phone. Everything from the alarm clock that shocked you into consciousness this morning to the lights you switched on as you emerged bleary-eyed into your kitchen is likely powered by software, too.

Your car, the stop lights dotting the city roads and the debit card that enabled you to grab a morning latte just as speakers were first taking to the stage: all software-enabled. Its ubiquity has morphed it into a kind of digital ether that pervades every facet of human life.

“Software truly makes the world go round, and the problem is that software is under attack.”

In a mere seven minutes, Trilling explained, a cyberattack brought one of the world’s largest shipping companies offline. Remedying the situation was a Herculean task and resulted in €250m in losses.

“That’s only one example of many nightmare scenarios that are already occurring today.” Trilling recounted the famous WannaCry attack that targeted 16 UK hospitals, leading to 19,000 appointments being cancelled. Entire countries have lost power due to attacks, millions have been stolen and factories have been forcibly – albeit temporarily – closed.

“The world of cybersecurity has become about much more than protecting computers; it’s really about protecting power, and healthcare, and transportation and our election system.”

The work that Trilling does in his capacity as senior vice-president and general manager of security analytics and research at Symantec is complicated. In the battle between enterprises and the bad actors constantly attempting to besiege companies, attackers have the upper hand for many reasons.

They have time to test drive their attacks beforehand, while a company will be often unaware of the impending assault on their systems. They have the element of surprise. Most vitally, the odds are skewed in their favour. “Attackers only have to be right once. They only have to breach an organisation’s defences one time to launch an attack, while the defenders, the security products, have to be right every time.”

Earlier in his career, there were considerably fewer threats than there are today. The landscape has “exploded” and continues to expand at a breathless pace. Trying to keep up with this expansion is a task both impossible and Sisyphean. Symantec had to get creative, so the company began leveraging what is called ‘reputation-based security’.

There are some internet users who are, Trilling explained, seemingly magnetically drawn to cyber-infections. In turn, there is also a group of people who naturally evade threats. Arbitrary and unfair though that may be to the former group, the two subsets of users provide cybersecurity professionals with a system whereby they can rate how likely a file is to be clean or not. Blessed users are statistically more likely to download clean files. The cursed users are more likely, in turn, to use infected ones. Through this, you can think of people’s internet habits as security’s answer to Yelp, and through this, the company produces ratings for files on the internet.

It’s a pretty ingenious system. Yet unfortunately, hackers are equally ingenious. Most of today’s attacks, Trilling went on to say, don’t even leverage malicious software any more. Often it’s more about social engineering designed to dupe users into allowing threats in. Attacks can bloom from a cascade of seemingly innocuous events – a suspicious email here, a failed login there.

“Each one of these events on its own is not useful to the attacker, but when they occur in a specific sequence they can lead to a major breach.”

So, Symantec has begun to use algorithms based on artificial intelligence and deep learning to streamline data analysis, and these methods are working. According to Trilling, the company’s systems have discovered attacks that could have shut off electricity in Europe and the US, leaked national defence information, and even repositioned government satellites.

This is how you protect a digital world. This is how your lights remain on and your coffee gets paid for. “This is how Symantec helps keep the world a safer place.”

Inspirefest is Silicon Republic’s international event celebrating the point where science, technology and the arts collide. 

Eva Short was a journalist at Silicon Republic