Fighting Back Fast: Artificial Intelligence Comes to Cybersecurity
Recently, more than $240,000 was stolen by someone pretending to be an executive at a British energy company. This event does not seem all that out of the ordinary, except that the executive was not a real person. Thieves used voice-mimicking software in order to imitate the real executive. And they got away with it. This scam was enabled by artificial intelligence (AI) that was used to create a realistic deep-fake imitation. It is being called the world’s first AI heist.
For decades, we have been living in an age of machine automation where a basic form of artificial intelligence has been used to do basic manual tasks like manufacturing and more recently, low-value tasks such as data manipulation. Now, however, AI has become extremely sophisticated and capable, and it is no longer doing just basic manual tasks.
Today’s AI represents a collective group of technological capabilities that — to most observers, at least — appears intelligent. These capabilities include such tasks as: complex analytics and predictions; speech, image, and video recognition and simulation; augmented reality; facial recognition; natural-language processing; and even the ability to converse. Computers can now learn how to act autonomously without being given explicit programming. Indeed, these learning algorithms can allow a computer to deeply and quickly analyze large amounts of data and reach conclusions that would have formerly taken decades to deduce.
The technologies that allow computers to learn, remember, and reason are now combining with the advanced analytics of big data to drive an unparalleled transformation in how we work and do business. Typically, basic AI has been driven by rules and logic to perform simple tasks, but it is now being combined with more than just rules. Using machine learning and natural language processing, AI can now perform much more complex tasks.
Computers can now intelligently analyze and organize information from not only just text, but also from images, audio, and video. Technologies have even advanced to the point where they can provide guidance and advice. And this is where this technology gets even more interesting and possibly frightening in its pace.
Now, the honeymoon with AI is over. AI technologies are now being used to break into networks or computers and, as in the above example, create highly effective phishing scams using deep-fake conversations to steal money. An AI-enabled cybersecurity attack is capable of being much faster and much more sophisticated than anything done in the past. For example, if your network is breached, the AI attacker could observe and then be able to mimic network traffic, allowing it to so effectively hide that you would never know your system even had been breached.
Further, with the sponsorship of nation-states such as Russia or China, these AI-boosted hacker tools are being developed to not only attack businesses and individuals, but other nation-states for political gain.
AI to the Rescue
The good news is AI-enabled technologies are not just in the hands of those who wish to attack us. AI-enabled technologies now are also being used to better defend your data and systems. The increased volume of cyber-threats occurring daily is becoming too much for manual automation to handle. Fortunately, AI will be able to deal with this problem faster and more efficiently.
The following are examples of what AI-enabled cybersecurity technologies can do:
Detecting a threat in progress — Today’s manually automated cybersecurity technology involves large amounts of log files, network traffic, and other data that is difficult to access quickly and meaningfully. AI-enabled cybersecurity technologies will be able to quickly analyze this mound of data, while machine-learning algorithms can create a baseline of your network and systems, login times, typical network traffic, and more. If there any irregular activities, the AI systems could send alerts, block the problem or user, and even fix the problem if possible.
Detecting a threat before it happens — AI-enabled cybersecurity would not wait for an attach to happen. Instead, such systems would actively monitor online activity for any news of fresh attacks, hacker discussions on the dark web, known sources of threats, as well as other sources. The technologies could then correlate its understanding of your systems against the likelihood of an attack and make predictions of how you should lock down your systems, helping you shorten your response time and quickly build responsive strategies.
Using new generation malware & virus protection — Much of today’s virus protection is signature-based. The virus protection software company learns of a virus and builds a detection and fix and then sends the information (signature) to your virus scanners. Such systems cannot keep up with the onslaught of malware and viruses that are created every month. AI-based virus scanners can learn to detect viruses and malware using pattern recognition, before those threats even get into your systems.
Detecting & preventing phishing quickly — Phishing is an extremely effective and often-used attack. It is estimated that AI enabled by machine learning can find and track more than 10,000 phishing attack sources at the same time and will be able to help a user determine whether a website is fake or real before they click on an email website link.
Eliminating the hegemony of passwords — Passwords have always been problematic. Passwords may be too weak, easy to obtain, not changed often enough, or a person may use the same password for multiple accounts. Biometric authentication (using your face or fingerprint) has been the often touted as an alternative. However, attackers have found ways to trick such authentication roadblocks by mimicking key biometric information using photographs. AI technologies are being used to enhance biometric authentication by creating a more sophisticated model of your face with infrared sensors to better identify key patterns that cannot be easily mimicked.
Building better security policies — Step one in building good security policies is understanding what is on your systems (software, machines, devices, users, etc.). This is often a very time-consuming task. AI can be used to not only quickly learn about users and systems, but to observe network traffic and understand how your systems are being used. By analyzing those observations, AI technology can make suggestions for new security policies or updating older ones.
Beware AI “Hype”
AI-enabled technology has received a lot of attention in the last few years. It is often heralded as a solution for all the ills and problems of our computers, devices and systems, making life easier, faster, and better. AI-enabled technologies need to be understood, and we need to be cautious of the hype.
AI is not intelligent, it is not sentient, it will not replace humans, and it will not solve all our problems. The world of fiction is full of amazing examples of talking interactive computers, from the murderous HAL 9000 in 2001: A Space Odyssey, to Deep Thought in The Hitchhiker’s Guide to the Galaxy, to the extremely interactive computer in the Star Trek series. So far, fiction is not yet reality.
Yet, although AI is not intelligent, it can process an enormous amount of data and arrive at results very, very quickly. Dr. Gary Marcus, a Professor of Psychology and Neural Science at New York University, believes that “…the biggest misconception around AI is that people think we’re close to it. We’re not anywhere near that. We’ve learned to engineer certain narrow problems like speech recognition very well. We’ve done that in ways that we couldn’t have imagined five or ten years ago. But the idea of having machines that can reason about the world in the ways that human beings can… I don’t think we’ve made any significant progress in that at all.”
Summary
AI in cybersecurity has great potential, but it is a double-edged sword, because for every advance deployed to detect problems and protect your systems, ill-intentioned hackers can use that same technology to wreak havoc.
AI-enabled cybersecurity is still a long way from becoming a complete solution to protect your systems; however, that has not stopped many organizations from exploring how current AI can help mitigate their problems. Adoption of AI is on the rise, and in one survey, 61% of enterprises stated they had adopted some form of AI-enabled cybersecurity because they felt they could not detect today’s breaches without it.
Clearly, AI will play an important role in how we use our computers and devices in the future.
—-
Originally published in the online Thomson Reuters publication Practice Innovations on January 13th, 2020 and also by Thomson Reuters’ Australian publication Legal Insight on January 22, 2020.