The cyber security landscape is complex and constantly evolving, but AI threats are just one of many security consideration for business and IT leaders. Organisations of all sizes are first off, not doing the basic things right; how many have been caught out for failing to patch (or update) software? Equifax, among many, springs to mind. ‘Doing the basics right’ will help organisations develop a much better defensive position. Continuing failings in this, however, combined with the rise of AI threats, mean businesses “are getting themselves into a bit of a jam,” believes James Plouffe, strategic technologist at MobileIron and technical consultant on the hit TV show, Mr Robot.
“Increasingly, cyber adversaries are capitalising on AI and machine learning technologies, in order to use automation to exploit the consistent weaknesses that are found in a lot of organisations,” he says.
AI: the greatest threat in human history?
In 2016, the late Stephen Hawking warned at an event marking the opening of the Centre for the Future of Intelligence that the successful creation of AI could be the last event in human history. Read here
AI threats automate attacks
One of the strengths of AI and machine learning, something it does exceptionally well, is pattern recognition. And, in the not-so-distant past, one of the challenges — from a hacker’s point of view — was the manual nature of cyber attacks.
Plouffe explains: “They would have to recon on different networks, identify targets and create profiles of these organisations that they were targeting.”
But, attackers can now use machine learning to do pattern recognition. This gives them the ability to target lots of organisations in the same vertical (healthcare or finance, for example), which often have similar network structures and often use the same technologies — it allows hackers to scale attacks like never before. And, unfortunately for defenders, it is very difficult to identify whether AI or machine learning is a component of a cyber attack.
Fighting fire with fire
Using AI to combat AI threats is a good idea. If AI and machine learning can help a hacker scale their attacks, then organisations can use the same technology to help mount a scaled defence of their networks — indeed, the machine learning that’s being used in some of the new endpoint detection and response products is to be admired.
Endpoint solutions using AI and ML
Darktrace, the UK-based unicorn, is also a good example of how organisations can use AI to fight AI, among other attacks, through autonomous response.
However…nothing is perfect.
There is always a chance an organisation will be breached. And, so while defence and prevention is of the highest importance, it’s also necessary to be able to contain a breach effectively: incident response. “You need to be able to keep the breach contained within certain parts of your network to make sure it doesn’t spread,” continues Plouffe. “An organisation’s network should be treated like a building, where areas can be automatically shut off in the event of an emergency.”
Prevention, detection and response: an inside look at the cyber security industry and where it’s heading
Deception technology, an offensive countermeasure, is an emerging category of cyber security defence.
The notion is that these technologies, products and services can be deployed and act as a next generation ‘honeypot’. These systems are intended to specifically confound things like recon, lateral movement and techniques that attackers are going to rely on whether they’re carrying out an attack manually or in an automated fashion. This can nullify the AI threat, according to Plouffe, because currently, “machine learning has a long way to go in dealing with things that change rapidly”.
He provides an analogy: “the golden rule of of AI is that the thing that you train on has to roughly approximate the stuff you’re going to be doing in real life. Following this logic, if you’re practicing and learning French, it does not put you in a particularly great position to learn Russian. From a defenders point of view, if you know the the attacker is expecting you to speak French, and then all of a sudden, it looks like you’re speaking Russian, that will hamper the attack, whether there’s a human at the other end or some sort of machine learning algorithm.”