In an interview with Wired when he was president of the United States, Barack Obama discussed how artificial intelligence (AI) is already a very real cyber threat for businesses – and beyond:
“There could be an algorithm that said, “Go penetrate the nuclear codes and figure out how to launch some missiles.” If that’s its only job, if it’s self-teaching and it’s just a really effective algorithm, then you’ve got problems.”
Cyber security professionals know all too well the intense pressure to put the right defenses in place to protect against ever-evolving cyber issues. Two advancements keep me awake at night.
Cyber attacks are continually getting more sophisticated. Look at email security. As it evolves, hackers are getting around the protection provided by point products by instead directing people towards trusted web and cloud applications, such as cloud storage or file sharing apps and collaboration platforms, where they are more likely to trust content or give away their personal data.
Artificial intelligence developments
Whilst AI-fueled cyber attacks are in their infancy, hackers have already created powerfully deceptive techniques with this technology – like advanced CEO fraud. By automating the sending out of high volumes of highly-personalized emails, employees are tricked into making the transfer or expensing the purchase or sharing private company – or personal – information. With attackers having the same access to AI tools as businesses do, they are no doubt developing more damaging ways to use it. With machine learning, this problem will only ‘improve’ over time. As Battista Biggio, Assistant Professor at the University of Cagliari’s Pattern Recognition and Applications Lab, puts it:
“Security is an arms race, and the security of machine learning and pattern recognition systems is not an exception.”
Current systems don’t have the capacity to defend against these types of attack from hackers and that is only going to become more apparent as models get smarter and smarter.
So, how is the industry reacting to these urgent threats?
With 74% of cyber security professionals saying their day-to-day role is very busy (suffering alert overload, future fatigue and more), automation is how they are undertaking the time-intensive, low-level actions that can get overlooked.
Say a phishing email comes in. For someone in the security team to copy the link and add it to a web product block list takes a minute, but if you’re receiving thousands of these, it’s weeks of work. And that’s just a single example.
When 27% of IT professionals receive over one million security alerts a day, businesses want their skilled resources to be looking for deeply hidden indicators of compromise and threat hunting, not getting RSI from typing CTRL-C, CTRL-V.
But are security professionals willing to sacrifice any more control than this?
Trusting technology to make autonomous decisions might appear to go against the grain of what is expected from the often-skeptical security profession. Yet in our recent research, The Cyber Security Evolution, we found 78% of cybersecurity professionals are comfortable with the idea of using autonomous security.
There is growing acceptance that putting rules-based autonomous security in place is the way forward, allowing businesses to make the best decisions in real-time, while also giving security professionals tight control over how those decisions are made.
The next step is developing ways to adapt and provide zero-day protection from new attack techniques used by hackers. It’s more than possible and, as Obama went on to conclude, standing still in the fight against cyber threats is not an option:
“We’re gonna have to be better, because those [hostile actors] who might deploy these systems are going to be a lot better now.”
Without the most robust measures in place, the next advancement in cyber threats could be the one that cracks your security. It’s time to change gear to protect your business for the future. It’s time to consider autonomous cyber security.
Download the full report on the current state of cyber security here.