Artificial Intelligence – Friend And Foe?

By Jon Evans

For the second year in a row, cybercrime continues to dominate discussions around business continuity. In light of an 18% increase in ransomware attacks in 2017 (including the NotPetya & WannaCry attacks that crippled Reckitt Benckiser, TNT the NHS last year), companies are increasingly looking to digital solutions to protect themselves from attacks.

While the 18% figure may seem low at first glance, it is interesting to note that in 2016 the majority of ransomware attacks were targeted squarely at consumers. The 18% increase actually translates to a 90% increase in attacks on businesses. While companies are already leveraging cloud-based security and networking systems, the acceleration in artificial intelligence (AI) technology over the past 2 years presents a new set of challenges as well as new opportunities.

While companies are just starting to get to grips with AI and the potential benefits for engagement, productivity and decision making, new and emerging threats posed by the rise of AI need to be quickly understood. While some believe that AI is already being used to launch large-scale phishing and ransom attacks, it is unlikely that we are at this stage in its development – yet!

A joint report published by Oxford and Cambridge Universities claims we are at a “critical point” in the development of AI and cyber security. While AI would prove effective in combatting traditional human-lead attacks, when machine learning is applied by the attackers the fear is that it will quickly learn to override those systems.

Another major concern highlighted in the report is the growth and democratisation of AI. New developments in machine learning will not only make it cheaper to launch cyber-attacks, but also lower the technical ability needed to carry out attacks, thus increasing the number of people capable of carrying out cybercrime tenfold.

While new digital and AI based systems are of vital importance in counteracting the threat of new AI-based cyber-attacks, systems can only take you so far. The report highlights the need for both AI and security professionals to collaborate closely over the coming years to ensure that the security technology can keep ahead of the criminals.

Investing in top talent is of vital importance. It is inevitable that some attacks will slip through the net as systems are not infallible. Having internal resources that can continuously improve systems should be near the top of all companies’ security agenda.

It’s not just the security professionals that need to keep on top of the risks. Training all members of staff in basic security standards is equally important. There is no use having a multi-million pound, cutting edge IT system if it can all be undone by a staff member opening a link from their personal email! It is important that all members of staff understand about how cyber-attacks work and how they can play a part in mitigating the risk.

With this in mind, it is important for companies to invest in machine learning, both in technological solutions but also, and possibly even more importantly, in talented AI professionals and training. This will allow the best chances to stay one step ahead of the cyber criminals.