We are now a connected global community where many digital natives cannot remember a time before the iPhone. The rise of smart homes means that we are increasingly attaching our lighting, door locks, cameras, thermostats, and even toasters to our home networks. Managing our home automation through mobile apps or our voice illustrates how far we have evolved over the last few years.
However, in our quest for the cool and convenient, many have not stopped to consider their cybersecurity responsibilities. The device with the weakest security could allow hackers to exploit vulnerabilities on our network and access our home. But this is just the tip of the proverbial iceberg.
Businesses and even governments are starting to face up to the vulnerabilities of everything being online. Sophisticated and disruptive cyberattacks are continuing to increase in complexity and scale across multiple industries. Areas of our critical infrastructure such as energy, nuclear, water, aviation, and critical manufacturing have vulnerabilities that make them a target for cybercriminals and even a state-sponsored attack.
Governments and businesses are beginning to unite to protect data and essential services from aggressive attacks that are capable of pulling the plug on entire cities. There is an urgent need for everyone to adopt a proactive rather than the traditional reactive approach to protecting our infrastructure.
Unfortunately, 90% of cyberattacks put human error or inaction as the primary reason for a breach. There is a strong argument that education and awareness should be a top priority. However, there is an inconvenient truth that artificial intelligence (AI) and machine learning will be playing the role of both protector and aggressor in a modern game of chess.
Just as businesses and authorities are beginning to understand the role that AI and machine learning will play in protecting them, criminals are using the same tools to get around defenses. AI-based attacks that imitate human behavior and attempt to outwit defenses will be the beginning of AI vs. AI battles between the good guys and the bad guys.
Although it’s easy to blame technology for the scale of threats, it’s crucial to remember that AI is only capable of what its human masters program it to do. The dark side of AI is just another black mirror of the worst aspects of human nature.
The stakes are now much higher than a large corporation experiencing a data breach. We have already seen the devastating effects that a cyberattack can have on the aviation industry. Attacks on power grids and even hospitals highlight how everything with an online connection is now a target.
The genie is officially out of the bottle, and it has never been easier to learn the tricks of the trade online. Machine-learning software is readily available, and video tutorials are also just a search away. By automating the tailoring of content to a potential victim, cybercriminals can quite quickly wreak havoc on a business or individual.
For example, many people reading this will have seen first-hand how attackers can closely mimic the style of emails and documents to make it appear like it has been sent from a real colleague. It might be the oldest trick in the book, but it still works. We all know somebody who has clicked on a link and unwittingly invited an adversary onto the network.
As countries such as India begin to store the identity and biometric information of more than 1.1 billion registered Indian citizens, we also need to think of doing much more than merely protecting usernames and passwords. There are already countless examples of DNA databases being sold for as little as $8 and a U.S. government hack that resulted in the fingerprints of 5.6 million federal employees being compromised.
A weaponized AI in the hands of bad actors is a very worrying concept. However, it also highlights the importance of investing heavily in AI-defense and research. Thankfully, emerging machine-learning models are offering hope and greater protection against these sophisticated and complex threats.
With both sides using the same tools, systems will have the ability learn patterns and identify deviations in a manner that traditional systems or analysts could ever dream of. Traditional protection methods involved the need for prior knowledge of a threat type before a defense could be prepared. This luxury is now confined to the history books.
The detection and response to threats must be quicker to provide adequate protection. Advances in technology are now enabling the rise in security systems that are always learning, adapting, and looking for new ways to preempt unseen methods of attack. Essentially, the most significant change is stopping attacks before they even occur.
Businesses should already be thinking about replacing reactive solutions with always online protection that is continuously learning emerging attack methodologies. We are entering a new digital era where AI and machine learning will undoubtedly redefine cybersecurity.
This post is part of our contributor series. The views expressed are the author's own and not necessarily shared by TNW.