Future Threats Are Growing Closer

Uploaded on 2021-06-08 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, FREE TO VIEW

Future generations may look back at our time as one of intense change. In a few short decades, we have morphed from a machine-based society to an information-based society  and society has been forced to develop a new and intimate familiarity with data-driven and algorithmic systems and two of the most interesting topics on the Internet today are Artificial Intelligence (AI) and Cyber Security.  

Organisations often focus on the positive aspects of AI such as the way it can predict what customers need through data customer result and when the attack and security aspects of AI is discussed, the conversation often centers on data privacy. But an important emerging trend is an increase in AI-enabled cyber attacks. 

A report from Forrester Consulting, found that 88% of decision-makers in the security industry believe offensive AI is coming. Half of the respondents expect an increase in attacks. In addition, two-thirds of those surveyed expect AI to lead new attacks. Also Deloitte’s report Smart Cyber: How AI can help Manage Cyber Risk, says that smart cyber is a spectrum. It starts with robotic process automation, moving to cognitive automation and then evolving to AI. “In the digital age, artificial intelligence technologies are starting to have the same kind of game-changing impact that factories and assembly lines had on manufacturing at the dawn of the industrial age, dramatically improving efficiency and enabling new products, services, and business models that simply weren’t possible before”, says the Report.

Previously, cyber-attacks were on the lower end of the spectrum of simply mimicking human actions. However, now that cyber criminals have moved to fully using AI, their attacks mimic human intelligence.

The underlying concept of AI security, using data to become smarter and more accurate, is what makes the trend so dangerous. Because the attacks become smarter with each success and each failure, they are harder to predict and stop. Once the threats outpace defenders’ expertise and tools, the attacks quickly become much harder to control.  Because of the nature of AI security, we must react quickly to the increasing AI attacks before we as an industry are too late in the game to catch up.

Increased speed and reliability provide businesses with many benefits, such as when they can process large amounts of data in almost real-time. Cyber criminals are now benefiting from this speed as well, most notably in terms of increased 5G coverage. 

Cyber attacks can learn from themselves much quicker now, as well as use swarm attacks to gain access quickly. The faster speeds also mean that threat actors can work more quickly, which often means not being detected by technology or humans until it’s too late to stop them. The problem with protecting against AI attacks is the pace of change. Defensive tech is lagging behind, which means that in the very near future it is likely that attackers may truly have the upper hand. Based on the nature of AI security, once that happens, it will be challenging, if not impossible, for defenders to regain control.

Perhaps the most attractive aspect of AI security is the way it can understand context, and combine speed with that context. Before, automated cyber attacks couldn’t do that. 

Cyber Criminals Are Using AI 

Threat actors weaponise AI in two main ways: first, to design the attack, and then to conduct the attack. The predictive nature of the tech lends itself to both elements. AI can mimic trusted actors. This means they learn about a real person and then use bots to copy their actions and language. 

While many businesses use AI to predict customers’ needs, threat actors use the same concept to increase the odds of an attack’s success.

By using data collected from other similar users, or even from the exact user targeted, cyber criminals can design an attack likely to work for that specific person.For example, if an employee receives emails from their children’s school in their work email, the bot can launch a phishing attack designed to mimic a school email or link.

  • By using AI, attackers can more quickly spot openings, such as a network without protection or downed firewall, which means that a very short window can be used for an attack. AI enables vulnerabilities to be found that a human couldn’t detect, since a bot can use data from previous attacks to spot very slight changes.
  • By using AI, threat actors can design attacks that create new mutations based on the type of defense launched at the attack. 

 Security professionals have to defend against constantly changing bots, which are very hard to stop. As soon as they get close to blocking an attack, a new attack emerges and AI can make it harder for defenders to detect the specific bot or attack. 

AI Security Can Stop Attacks

As attacks become smarter, the industry must increase our use of sophisticated techniques. A bit ironically, the most effective response to defending against AI attacks is to use AI against them. As the World Economic Forum clearly said, only AI can play AI at its own game.  By using AI security to protect and defend, your AI systems become smarter and more effective with each attack. Similar to how threat actors use it to predict actions and risks, it can predict the attackers.

In the past, cyber security revolved around protecting the infrastructure and then reacting to threats. By using AI, it moves from proactive to predictive. 

AI has rapidly become a cornerstone for many systems and platforms, ranging from retail to marketing to finance. Soon, if not already, it will be considered a standard feature, not a bonus or differentiation among tools.  The same trend is likely to follow with AI in cyber security, the predictive tech will become the standard. By combining AI security with zero trust, organisations increase their likelihood of preventing many attacks and quickly defusing any that make it through. 

By upgrading systems and processes to use AI now, cyber security teams have a much better chance of catching up to threat actors. An advanced artificial intelligence system that tracks users not machines could be the goal that every CISO strives towards to reduce risk and keep the business running smoothly.

World Economic Forum:   CISO Magazine:    RAND:    ReadWrite:     Deloitte:    Darktrace:   Security Intelligence

You Might Also Read: 

Criminal Use Of Artificial Intelliegence

 

« Identifying & Minimizing Security Vulnerabilities For Your Organization
The Cyber Revolution’s Effects on International Trade »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

C3IA Solutions

C3IA Solutions

C3IA Solutions is an NCSC-certified Cyber Consultancy providing assured, tailored advice to keep your information secure and data protected.

Cloud Foundry Foundation (CFF)

Cloud Foundry Foundation (CFF)

Cloud Foundry supports the full application development lifecycle, from inception, through all testing stages, to deployment.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

American International Group (AIG)

American International Group (AIG)

AIG, is an American multinational insurance corporation. Commercial services include cyber risk insurance.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

Secure-NOK

Secure-NOK

Secure-NOK provides products and solutions that detect and remove security attacks and harmful events in industrial networks and control systems.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

Maritime Cyber Alliance

Maritime Cyber Alliance

Maritime Cyber Alliance was established in 2017 by Airbus , CSOAlliance , MCSA & Wididi to provide a medium for both public Cyber Safety advice and for businesses to discuss Cyber concerns.

WISeKey

WISeKey

WISeKey is a leading cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT.

authUSB

authUSB

authUSB Safe Door is a tool that provides secure access to the content of USB devices that circulate in organizations.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

One Step Secure IT

One Step Secure IT

One Step provide Managed IT Services, Cybersecurity Protections, and Compliance to businesses in the USA nationwide.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.