Artificial intelligence is transforming how we do business but its ability to process and ‘learn’ from vast amounts of data per second has both sinister and hopeful implications for cyber security.
“The explosion of connected objects, devices, machines and robots is increasing the power of hackers,” warns author and AI expert Nicolas Aidoud. “Hackers are using artificial intelligence to adapt to cybergenic* tools to break security algorithms. It’s a war of algorithms and computing power.”
Aidoud say AI machines are capable of building advanced polymorphic malware with the ability to adapt its behaviour to survive security gates. This also has the potential to revitalise old malwares, he says, predicting that these combined factors will unleash “a huge volume of advanced cyber attacks” ‒ in part because AI is so efficient it can send phishing tweets to exponentially greater numbers of prospective victims.
*qualities attractive to internet users
More data = more gateways
A 2019 report which surveyed 850 senior executives from businesses headquartered in 10 developed countries including Australia found that as digital businesses grow their risk of cyber attack increases accordingly. This has particular significance for enterprises that rely heavily on data, such as the banking industry or telecommunications, but potentially affects all businesses with digital systems.
Some of the gateways for AI-based attacks include
- spear phishing emails
- credential gathering
- ‘watering hole’ domains.
Speed, accuracy a defensive weapon
But AI is a doubled-edged sword, one that can be used by or against criminals. “It has the power to analyse large amounts of data from multiple sources in a very short period time with unbeatable accuracy,” Aidoud says.
It is also heuristic. “AI keeps learning through storing knowledge gained by solving one problem and applying it to a different but related problem.”
Tech giant IBM is using advanced AI to develop defence systems that speedily analyse threats and respond with immediate remediation actions such as patching. It is also hypervigilant, picking up pointers to stealth attacks or insider threats from clues that ordinary individuals overlook or fail to piece together.
Aidoud’s war analogy is likely to prove accurate, and state governments may well be involved, but for Australian businesses looking to secure their systems some simple points to keep in mind are
- systems access: who has access and to what areas
- partitioning of work and recreational activities on connected devices
- staff training in social engineering awareness
- regular updates and checks for unusual activities.
Gallagher can help businesses formulate preventative strategies, as well as deal with the impact of a data breach. Talk to a Gallagher cyber specialist about how our Gallagher cyber security specialists can help you limit your cyber security exposure.