Computer-speed attacks like ransomware are launched at educational institutions on a regular basis and the sector is having to find ways to tackle them and fight back at the same speed. Richard Jenkins, Global Head of Security & Risk, International Baccalaureate, tells us how Darktrace Antigena has dramatically improved the institution’s cybersecurity posture and helped it to achieve unprecedented network visibility.
The International Baccalaureate, known as the IB, is a globally renowned educational foundation headquartered in Geneva, Switzerland. It offers four educational programmes catered to students aged three to 19, all of which emphasise independent and critical thinking throughout their curricula. Today, these programmes are taught by over 5,000 IB-accredited schools in more than 150 countries worldwide. With both the data of its students and its own reputation on the line, the IB sought an adaptive security solution that can keep pace with automated and fast-acting cyberthreats.
“Darktrace’s approach immediately set itself apart from the competition. From a cyberdefence perspective, unless we leverage Machine Learning and Artificial Intelligence, we’re going to be on the backfoot,” said Richard Jenkins, Global Head of Security & Risk, International Baccalaureate.
Challenge
Educational institutions like the International Baccalaureate collect and store vast quantities of sensitive personal information, attracting some of the world’s most sophisticated criminals. Yet these institutions often lack the robust cyberdefences that protect similarly data-rich firms in the private sector. And while organisations of all kinds struggle to keep pace with today’s increasingly fast-acting cyberattacks – which often move too quickly for incident responders to contain – the strained security teams that are characteristic of non-profits render them particularly vulnerable to these attacks.
Beyond the challenges posed by machine-speed cyberthreats, the IB was also limited in its ability to counter attacks from both innovative cybercriminals and insider threats. The traditional approach to cybersecurity, which relies on rules and signatures to prevent known attacks from bypassing the network perimeter, will fail to detect attacks that look unlike anything observed previously, even as threat actors continue to launch novel threats on a daily basis. Additionally, insider threats originate from within the perimeter, necessitating an entirely different security approach capable of detecting attacks carried out by authorised network users.
Finally, the IB did not believe its conventional security tools were sufficient to comply with the increasing regulatory requirements on data processing, most notably the EU’s General Data Protection Regulation (GDPR). GDPR requires organisations to notify both supervisory authorities and their clients of a data breach within 72 hours, under the penalty of multimillion euro fines. For international non-profits with finite security resources, responding to fast-acting threats before they have time to escalate into a breach is an especially daunting challenge.
Solution
Following the completion of a successful Proof of Value (POV), the International Baccalaureate deployed Darktrace’s Enterprise Immune System, including its cyber AI response solution, Darktrace Antigena. Powered by Artificial Intelligence, the Enterprise Immune System immediately began learning the normal ‘pattern of life’ for every user and device at the IB. Crucially, this AI-driven approach enables Darktrace to detect subtle deviations from normal behaviour that are indicative of a sophisticated, never-before-seen attack.
Whenever the Enterprise Immune System observes a serious threat to the IB’s network, Darktrace Antigena – the first enterprise-grade Autonomous Response technology on the market – surgically intervenes to contain the threat within seconds. Antigena works by restricting an infected device to its normal ‘pattern of life’, affording the IB’s security team time for more strategic work. Moreover, the technology works without interrupting business operations, unlike typical efforts to contain cyberattacks that result in lengthy and frustrating operational shutdowns. By neutralising both insider threats and external attacks before it’s too late, Darktrace Antigena has transformed the International Baccalaureate’s cybersecurity posture.
“The sheer volume of data that Darktrace actively defends would take a team of 50 to 60 security professionals to do manually. What’s more, the speed and precision with which Darktrace identified genuinely threatening activity exceeds any human capability,” said Jenkins.
Benefits
The Enterprise Immune System has proven to be a gamechanger for the IB’s security team, allowing it to reduce overhead costs as well as dashboard fatigue by defending the entire network form a single interface. Indeed, by deploying Darktrace in its many global offices, the IB has achieved unprecedented network visibility, gaining a deep understanding of the full sequence of events leading up to a security incident. Jenkins said that such comprehensive network oversight has rendered the IB’s cybersecurity a key ‘differentiator’ with respect to competitors.
After Darktrace AI alerts the International Baccalaureate to threatening behaviour, its security team can investigate that behaviour at any level of detail – both historically and in real time – using Darktrace’s highly intuitive user interface, the Threat Visualizer. These capabilities have helped the organisation comply with GDPR and protect students’ sensitive data on behalf of parents and schools around the world.
We caught up with Richard Jenkins, Global Head of Security & Risk, International Baccalaureate, to find out more about the Darktrace solution and how it has enhanced business operations for the institution.
Can you tell us about your role and the scope of your responsibility?
I am the Global Head of Information Risk, Security and IT Governance at International Baccalaureate. I am responsible for defining the Information Security Strategy and managing a global team who are at the forefront of protecting the IB’s assets from cyberattacks and data loss.
Why did you select Darktrace as the vendor and what were you looking to achieve?
Cyber threats have ramped up in sophistication and frequency in recent years – this is no longer a human-scale problem and we knew that we needed to leverage Machine Learning to not only watch over our critical data, but auto-defend it. Security tools that work from a knowledge of previous attacks were no longer working in an age of increasingly novel campaigns.
Darktrace’s approach has redefined enterprise security. The AI is powered by unsupervised Machine Learning and therefore works on our live data, constantly learning and re-learning what is ‘normal’ for our systems at any given moment. No one else is approaching the problem like this – it was a no-brainer for us.
How important is it for an education institution like the International Baccalaureate to operate with a robust cybersecurity posture?
We are protecting our organisational integrity and the ability of our stakeholders to continue their goals. The education sector is becoming increasingly targeted by threat actors, and the recent announcement of the UK’s National Cyber Security Centre is particularly telling of this trend.
In the past year, we’ve seen an upsurge in attacks on the education sector aiming to undermine data integrity and in turn, organisational reputation, which can erode trust in the education sector itself.
Attackers are increasingly targeting virtual cloud environments – including those used by educators. This is particularly concerning for the education sector, which already has one of the highest click-rate of any industry for malicious emails. We must arm the sector with robust cybersecurity to not only ensure that students can continue their educational development, but also maintain the integrity of academic institutions by keeping the systems they rely on and their personal data safe from compromise.
Did you experience any complications during the implementation process and if so, how were they overcome?
We did not experience any complications. Darktrace’s free 30-day Proof of Value gave us the opportunity to witness the benefits of its technology and was installed within an hour. Even in this first month, we saw suspicious activity that our existing tools were not identifying.
The ease of deployment was unparalleled as the AI starts working immediately and requires no additional configurations. The AI is self-learning and therefore able to build a full picture of what is happening on our systems from day one – by having a ‘sense of self’, not only does the AI understand where threatening activity is happening, but it also knows how to stop that attack in a way that is very targeted.
How has the solution created a more reliable and secure foundation for student data?
Personal data is just one among the many critical assets we are safeguarding with Darktrace AI.
The beauty of Darktrace AI is that it looks inwards – it uses unsupervised Machine Learning to gain a sense of self. This shifts attention away from the attackers and their next moves, towards an understanding of what is really happening on our systems – the data flows, email communications, cloud services and IoT device behaviour.
From this understanding, AI spots the real problem as it is occurring and crucially stops it before an attack unfolds and before any data is compromised. This ‘Autonomous Response’ capability enables us to have full confidence that the integrity of our student data is maintained at all times and that anything malicious will be thwarted long before any data can be leaked.
How has the solution meant you are now better equipped to respond to fast-acting threats before they have time to escalate into a breach?
Darktrace’s ‘Autonomous Response’ capability – Darktrace Antigena – is critical for responding to fast-acting threats in their earliest stages, before damage can be done. It acts rapidly and intelligently to enforce our organisation’s ‘pattern of life’.
Today, we are in a new era of attacks. Computer speed attacks like ransomware are launched at educational institutions on a regular basis and they are too fast for human teams to contain. Not only that, attackers often launch them on weekends or at night when they think they have a chance of being successful.
Antigena intervenes without the need for human input – crucially, it fights back at computer speed. When attackers start to leverage AI themselves to launch attacks, this technology will be absolutely critical in fighting back – we cannot pit humans against machines.
How satisfied are you with the transformation and what capabilities has this provided you with?
We are a long-standing customer of Darktrace and we continue to be impressed by its ability to constantly adapt and re-learn rapid changes in our environment. This meant that our transition to remote operations was as seamless as possible. Having AI fight back on our behalf means we can continue what we are here to do: deliver our mission.
Click below to share this article