Top Security Threats of 2018: Part 2 - AI & Machine Learning
Computing continues its rundown of the major enterprise security threats expected this year
In the early 19th century, mathematician, inventor, philosopher and engineer Charles Babbage designed what he called the' Analytical Engine'. For various reasons relating to funding and Babbage's somewhat abrasive personality, it was never built, but Ada Lovelace, widely regarded as the world's first programmer, suggested that it "might compose elaborate and scientific pieces of music of any degree of complexity or extent."
In more recent times AI has been portrayed as a dangerous development, prone to turn rogue with fatal consequences. "I know I've made some very poor decisions recently, but I can give you my complete assurance that my work will be back to normal," says HAL 9000 before attempting to kill its human crew in Kubrick's 2001: A Space Odyssey. The AIs in the Terminator and The Matrix film series are no less murderous .
And it's not just writers and filmmakers who wish to warn us of the deadly potential of sentient machines. No less a mind then Professor Stephen Hawking has spelled out fears in no uncertain terms.
"The development of full artificial intelligence could spell the end of the human race," he said in 2014.
Irrespective of these real or imagined threats, the practical applications of AI for enterprises are varied, with widely known use cases in healthcare, education, engineering or even in predicting the weather.
But this potential, and that of machine learning (ML), is also being exploited by hackers, making it one of the key threats expected to emerge in 2018.
"ML is a popular topic on Russian underground forums, where tips on ML-informed services like CAPTCHA evasion, anti-botnet defeat, botnet creation, spam campaigns, and troll bots assist enterprising cyber-criminals," warns Rick Hemsley, managing director, Accenture Security.
"As machine learning matures into AI, nascent use of AI for cyber threat defense will likely be countered by threat actors using AI for offense," he adds.
In fact, many experts are warning of a near future in which AI both defends and attacks our networks.
Darren Thomson, CTO EMEA for Symantec explores a similar theme, claiming that 2018 will be the first where we will see AI versus AI in open cyber warfare.
"Cyber criminals will use AI to attack and explore victims' networks, which is typically the most labour-intensive part of compromise after an incursion," he says.
Dave Rogers, security product specialist at King of Servers agrees.
" Over recent years, ML and AI have become the core of multiple security vendor's threat strategies," says Rogers. "In 2018, we will see the emergence of an AI arms race in which hackers and ransomware writers will adopt AI-based technology to strike back at the security vendors - pitting AI against AI.
"Artificial intelligence, such as user dynamic machine learning, will find new strategies for success that a traditional human writer would simply not consider. That's because they learn from dealing with each wave of attack, fine-tuning the successes and learning from failures experienced along the way."
Dr Adrian Nish, head of threat intelligence at BAE Systems Applied Intelligence calls this the ‘battle of the bots'.
"2018 could be the year we see the first battle of the AI bots. As cyber-criminals build systems that can 'learn' and adapt to defences, while detection engines also evolve using AI," says Dr Nish.
[Turn to next page]
Top Security Threats of 2018: Part 2 - AI & Machine Learning
Computing continues its rundown of the major enterprise security threats expected this year
Srini CR, Senior Vice President, Global Product Management & Data Centre Services at Tata Communications states that AI is set to be so integral to cyber security in the future, that the global AI security market could reach $18.2 billion by 2023. He adds that the rapidly expanding volume of connected devices will similarly bring with it more threats, but also more answers.
"The expanding network of connected IoT [Internet of Things] devices opens up more potential security threats with some 22.5 billion devices predicted to be connected to the internet by 2021. While security will be a challenge, the vast amount of data generated by IoT technology could actually help researchers to spot security flaws."
And it's AI which will help those researchers pick through the mountain of data and highlight the nuggets of value.
Richard Parris, CEO at Intercede expresses concern that AI threatens organisations' security for different reasons; by overtaking it on the boardroom agenda.
"A somewhat less obvious threat that will likely rear its head this year is the prevalence (or lack of) cybersecurity in government discussions. While ministers focus on conversations AI, robotics and other innovations in technology, we're seeing cybersecurity dropping down the industry agenda. This is also the case with businesses, who are undoubtedly more sensitive to cybersecurity but still don't have the systems in place to fully mitigate the risks.
"As cybercriminals increasingly find more sophisticated ways of wreaking havoc in our digital lives, if government and businesses fall silent about cybersecurity, we'll never be able to keep pace."
With 2017's ransomware outbreak still fresh in the minds however, most CEOs should still be mindful of the risks of leaving security teams untethered from the broader corporate strategy, and their budget pots depleted.