There is no doubt in my mind that machine learning and other automated techniques for spotting patterns in the mass of technology logs and events are the only way forward in cyber security. My concern is how everyone of the 5 million UK businesses are going to afford these techniques and recruit and retain the right staff to interpret analysis and make decisions in real time to keep thier businesses secure? Organisations like William Hill have established, experienced cyber security teams - they use machine learning but still invest significan time putting these patterns in context. Can generalist IT staff really be expected to evaluate what is "normal" in a security context as well as doing thier day jobs - or are most firms still gambling that it will never happen to them?
With machine learning being such an important aspect of William Hill's cyber defences, Joy explained that the company's security team consists of "software engineers more than anything else" who spend their time "looking at ways of automating and finding patterns of disruption". "It's not about classic barrier security, it's about interacting and working with scenarios and we're certainly using machine learning in that capability as well, that's one of the heavily used aspects of it, spotting patterns of customer behaviour," he told Computing, explaining that cyber security is one of the most important aspects of William Hill's wider technological transformation. "One of the most significant elements of our journey is how security is managed as we go through this," Joy said. "[Our security] team is a very digital team and an engineering team."