Any CIO (and there are a lot of them) can tell you that defence against cyberattacks is a core issue facing their corporation. All companies need defensive techniques that defend them against any form of cyberattack that is used to cause harm, exert control over, or even kill a company’s ability to operate.
And, today the darkest of “dark arts” in the world of IT is being designed and deployed, not by wizards or warlocks, but by machines and artificial intelligence (AI).
With all the press and literature about AI taking away jobs or helping usher in a new wave of innovation and economic growth, the area of AI that has the potential to cause the most significant impact on the global economy in the short term is its use in cybercrime.
Cybersecurity Budgets Swell as Threats Increase
As a former CIO, I am not surprised to see analysts predict cybercrime could cost the world anywhere between $3 to $6 trillion USD annually by 2021. This confirmed what I had been saying to the board of directors at my previous company for a while — we could spend our entire budget on cybersecurity and still not be impregnatable.
Since this approach doesn’t make good business sense, instead of trying to spend enough to guarantee we won’t be attacked, the best plan is to spend a sensible amount to guard against attacks while also investing in mechanisms to spot, stop, and recover from attacks quickly.
Keep in mind three key trends we’ve seen recently:
- Hostile nations increasingly willing to share information on how to orchestrate attacks
- Advances in the sophistication and coordination of threat actors and the rapid emergence of AI as a potential game-changer
- The steady increase year on year in IT security spending such that the global cybersecurity market is set to grow from its current market value of more than $120 billion to over $300 billion by 2024
It seems that it is even more worrying than I had envisioned! AI and cybersecurity are likely the biggest issues every CIO will need to confront to keep their jobs and keep the company they are stewards of alive and in good health.
The Growth of AI-Enabled Cyberattacks
What types of attacks are we talking about? These are some of the more interesting examples of AI-enabled cyberattacks:
- Intelligent viruses that can modify code or poison datasets used to train AI models
- Supercharged phishing capabilities where AI is able to auto-create messages that understand the context of an email and insert itself into legitimate conversations
- Launching an attack within the normal business operations of systems only after sitting quietly for long periods of time to learn what these operations are
- Manipulating voice and video content to spread false information about a company, an event, or even financial performance that significantly impacts its share price; transaction plans; and/or relationships with investors, regulators, and their customers
The good news is that while AI attacks are becoming more sophisticated, harder to detect, and potentially more dangerous, the technology designed to defend against such attacks is also evolving. For example, cybersecurity industry leader Palo Alto Networks bought Light Cyber, a behavioural analytics firm. Google launched its own cybersecurity business, Chronicle. Meanwhile, analysts are watching startups like Cylance, CrowdStrike, Darktrace, Vectra Networks, and a handful of other private firms in the AI startup space.
While AI technology evolves, the best talent is a crucial element of a company’s success in defending itself against attacks. You should strive to secure the people with the skills you need to protect the organisation. These technologists are few and far between.
Get the Upper Hand on AI and Cybercrime
So where does this leave us? I was tempted to end this article with the classic “5 things you need to think about” or “7 must-dos for every CIO,” but, to be honest, the best way to respond is to simply get the upper hand on AI and cybercrime before hackers do.
How should you approach this? In the same way that Professor Snape told his students when discussing how they needed to be prepared to defend themselves: “Your defences must therefore be as flexible and inventive as the arts you seek to undo.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.