It's 20 years since the word “phishing” popped up in an AOL forum to describe a basic email scam.
Ever since, we've been duped by more or less authentic looking emails to click a link that installs malware on our machines or allows hackers through the virtual door to wreak havoc.
The basic problem is that humans are fallible.
The result of this fallibility can be severe. Half of the worst security breaches suffered by British businesses last year were caused by “inadvertent human error”.
Traditional tech can't cope
Traditional office tech is no longer up to the task of keeping us safe.
You see it's not just the human brain that cyber-criminals have been able to fool with their digital forgeries.
Misidentification has become a computer problem too.
Traditional cyber-security tools take time to correctly identify data breaches. That's time measured in days, not hours. According to the Ponemon Institute's 2015 Cost of Breach Study: Global Analysis, malicious attacks can take an average of 256 days to identify. Data breaches caused by human error take an average of 158 days to identify. Two-thirds of the time IT staff spend dealing with security alerts is spent on false-positives or false-negatives.
In other words, time is wasted on misidentification of a potential threat. What's needed is a faster, more accurate way of interpreting and detecting threats and dealing with them. We need something faster and smarter than what's already in play.
Say hello to behavioural biometrics
Last month Google's head of advanced technology projects said that behavioural biometric authenticators would be applied to its Android mobile platform next year.
That means the device could look at your location and Wi-Fi network, time and even your typing speed on the keyboard to assess risk based on your known patterns of behaviour.
The “trust score” would varying depending on what you were trying to do. The Android operating system might decide to limit access to a financial app, but in the same circumstances allow access to a gaming app.
Welcome cognitive computing
Meanwhile, IBM is starting to teach its supercomputer Watson about cyber-security. Back in February 2011 Watson grabbed headlines around the world for beating two all-time human champions at the American quiz show Jeopardy.
The quiz was a neat demonstration of Watson's ability to match and surpass the human brain in unravelling answers from fragments of information. Watson's feat was all the more remarkable for its understanding of the quirks of human language: puns, double-meanings and riddles.
This was the beginning of the era of cognitive computing: machines built to interpret, learn and apply that knowledge to solve problems.
Eighty per cent of information online is “unstructured” – a sprawling jungle of knowledge in different formats and online places, from news or scholarly articles to blogs and eBooks. Cognitive computers are trying to make sense of that jungle of data and detect hitherto unseen patterns and connections.
Since Jeopardy, Watson has become a practical tool ranging across industries – starting with healthcare where it is used for both medical research and helping physicians diagnose and devise the best treatment plans for patients, particularly in the case of cancer.
Apprenticed to fight cyber-crime
Today, Watson is drawing on IBM's two decades' worth of cyber-security research and a library which contains eight million spam and phishing attacks and tens of thousands of known vulnerabilities. Eight universities in the US and Canada have been enlisted to help build its knowledge of cyber-threats and tactics.
So Watson is learning to become a virtual Sherlock and address cyber-threats when traditional tools like firewalls and anti-virus are struggling to keep up.
Meanwhile, the costs continue to rise. According to a UK Government-backed report last year, the “starting point” for a business to recover from a security breach – counting the cost of business disruption, lost sales, recovery of assets, and fines and compensation – is now £1.46 million.
Cognitive computers are potentially the smartest assistants we'll ever have.
They know our habits and patterns of behaviour well enough to spot when something's not quite right.
They'll never have an off-day, or perform below par. But they also have knowledge that goes beyond encyclopaedic. If something has been published about cyber-security at any point – from a blog to a PhD thesis - they've read it, interpreted it and compared it to the wider corpus of information on the topic.
And they can apply that knowledge to what's happening today – what's happening right now.
What will be the long-term impact of cognitive systems like Watson and Google's behavioural biometric analysis?
For one, cyber-criminals will “find the payoffs to be harder and harder to achieve.”
But for you? Well, you'll have more time to focus on the work that matters – and less time worrying about whether or not you're going to make a mistake.
Contributed by Mike Foreman, European managing director, Nuro Secure Messaging