cfo-as logo
Story image

The weaponisation of AI: how to defend against machine generated cyber attacks

Article written by Neustar senior VP, technologist and fellow Rodney Joffe 

Over the past couple of years, Artificial Intelligence (AI) and machine learning have progressed unchecked to remarkably sophisticated levels with their unprecedented growth also leading to the development of many beneficial applications. Applications ranging from virtual assistants, like Alexa and Siri, to advanced data analytics and autonomous vehicles are just some ways in which both AI and machine learning has seamlessly evolved and integrated into our everyday lives.

According to the Malicious Use of Artificial Intelligence report, the ‘weaponisation’ of AI was predicted to be one of the biggest cybersecurity threats of 2018. The report - contributed to by 26 authors from 14 different institutions including academia, civil societies and industries - believes that while hackers will definitely exploit machine learning for malicious purposes, this development means that they now have to ability to target much larger organisations and cause extensive widespread damage.

AI: The new weapon of choice?

Unlike more ‘traditional’ forms of malware, AI has proven to be the ideal tool for conducting DDoS attacks. AI is easily scalable, extremely efficient and capable of making automated decisions, such as who, what, when, where and how to attack a network. In fact, in many cases, AI is actually capable of better decision making and efficiency than humans.

It has the capacity to create personalised phishing attacks by collecting and analysing information on their preferred targets from publicly available sources including a person’s or businesses online presence, such as their Facebook or LinkedIn profiles.

As AI continues to learn, and attacks become more complex, how can IT managers safeguard their companies from ongoing threats?

Defending against the rise of the machines

The rise of machine-generated attacks may be cause for concern, however, there are processes that can be implemented to prevent organisations from falling prey to these attacks. The first step is to make sure that appropriate measures are in place, which may include patch and threat management systems, as well as identification and encryption of vulnerable data to suit organisational circumstances.

While these systems are an important piece of the puzzle, the most vital part of protecting your network is being proactive about network security. How is this achieved? By ensuring that your organisation has the capability to rapidly change course when necessary, just as AI can.

Once all of these controls have been implemented it is extremely important to clearly define what your organisation requires in terms of processes and procedures.  Many believe that implementing DDoS mitigation technology as a stand-alone defence system is sufficient, however, this is simply not the case.

Even in a best-case scenario the most advanced mitigation solutions in the world are only as good as the processes that are in place to support it. Mitigation software is not a standalone answer.

It is essential that all IT managers have a concrete understanding and a deep knowledge of what is normal for their systems. This can be a massive challenge and is why having a very clear understanding of your company’s assets and how they communicate and interact with one another can provide unmatched value.

When processes are firmly ingrained, it then becomes less challenging for organisations to easily identify, quarantine and investigating events that are not considered the norm.

While many organisational leaders aim to make this a quarterly process this is not frequent enough to stay on top of potential discrepancies. Instead, making strict security and governance a daily process better ensures that they can completely safeguard themselves against potential attacks.

As the mainstream adoption and acceptance of AI continues to grow rapidly, cybercriminals will continue to adapt and find new opportunities to create chaos within an organisation. However, much like self-learn technology, which continues to grow smarter and better – as it is designed to do – organisations and their IT managers must also learn how to continuously adapt and improve their proactive defence.

This can be done by making sure that they have a crystal clear understanding of their networks. By ensuring that they have a solid understanding they can be confident in their ability to internally detect any anomalies and are well prepared to protect their organisations against even the most unpredictable AI attacks.

Story image
Video: 10 Minute IT Jams - Who is OutSystems?
In this IT Jam, we speak with OutSystems vice president for A/NZ Paul Arthur, who discusses the company's role in the A/NZ region, how things have changed for the company and the industry amid pandemic, and what he sees in the future of visual development and digital transformation.More
Story image
DevSecOps increasingly important, but APAC organisations lagging behind
The rise of DevSecOps comes at a time when IT leaders are faced with an increasingly active cyber threat landscape, coupled with higher consumer expectations of digital offerings and application usage due to a sharp increase in online activities.More
Story image
Businesses struggling to achieve cloud migration in wake of COVID-19
Cloud adoption has increased due to the COVID-19 pandemic, but businesses are struggling to meet their cost and performance needs due to migration challenges, new research finds.More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More
Story image
Gartner names NICE inContact a cloud contact centre Leader
The company was positioned highest for Ability to Execute in the Leaders quadrant of the Gartner 2020 Magic Quadrant for Contact Centre-as-a-Service.More
Story image
IT consulting services revenue to hit US$100bn mark by 2024
"Despite the negative impact of the COVID-19 outbreak, APAC might be quicker to bounce back compared to other regions owing to agile delivery and support capabilities to the global enterprises.”More