Chief Information Officers are tasked with protecting their companies’ network from cyberattacks, and it’s likely as a CIO you’ve been involved in some serious discussions about how to prevent and defend against criminal activity. Developing multi-layered plans to protect sensitive company information is part of the territory, but often as soon as a good security system’s in place, cybercriminals find a way to work around it.
Vulnerabilities abound in the digital world, and criminals constantly probe for weaknesses in companies’ digital networks to gain access for nefarious purposes. What you really need is a virtual watchdog that never sleeps and which learns from its environment. While there’s no way to completely protect against online crime, especially with the promulgation of cloud migration, AI is increasingly featuring in many companies’ digital security plans.
AI Tech in Cybersecurity
With more companies adopting AI, it only makes sense to see how to incorporate it into your company’s security system. According to a 2019 study by IDG Communications, 41% of businesses are actively using or have pilot studies to integrate AI into their security systems, with an additional 42% researching it.
AI technology is ideal for cybersecurity. Along with machine learning, it can assist with the plethora of mundane tasks in which human error can easily occur and overlook potential vulnerabilities that can be used for cyberattacks. Automating such routine tasks as sifting through vast amounts of data for malignant code can free those charged with security for more important work.
While using AI has also shown new vulnerabilities within businesses’ systems, IT security teams should utilize it to help stay a step ahead of malicious actors. Hackers, disgruntled former employees or customers, and even government-sanctioned cyberspies can also use AI technology to break into servers to steal sensitive information. So, it only makes sense to counter this with similar tech.
AI can quickly spot patterns in huge data sets, along with unusual behavior, helping to identify threats while improving response times. As former CEO of Server Density, David Mytton said, “The volume of data being generated is perhaps the largest challenge in cybersecurity. As more and more systems become instrumented — who has logged in and when what was downloaded and when what was accessed and when — the problem shifts from knowing that ‘something’ has happened, to highlighting that ‘something unusual’ has happened.”
AI Vulnerabilities & Defending the Cloud
Attacks on AI systems are already happening. In 2017, Apple boasted about its robust facial recognition system for the iPhone X. Vietnamese cybersecurity company Bkav then managed to dupe the app a week later, with tech costing under $150.
While AI marches forward – with intelligent chatbots, content suggestions, autonomous cars, predictive medicine, and other technological advances – what’s often ignored is how these new applications also pose significant security risks. One of the biggest issues regarding security involves cloud computing, whose vulnerabilities are problematic and often exploited by hackers.
In a 2019 report, Skybox Security analyzed exploits, vulnerabilities, and threats, identifying growing vulnerabilities in cloud containers. Though cloud containers are being increasingly used to replace traditional virtual machines (VMs), as they make processes simpler and quicker, they can also lead to security lapses as hackers replicate and deploy known vulnerabilities from the original VMs throughout cloud infrastructure. In fact, Skybox saw a 46% increase in vulnerabilities in the first half of 2019 compared to the previous year and a 240% increase from 2017.
Skybox’s Director of Threat Intelligence Marina Kidron notes that with the embrace of cloud technology, vulnerabilities within the cloud will inevitably increase, “The race is on for attackers to develop an exploit because launching a successful attack on a container could have much broader consequences. Compared to other technology, containers can be more numerous and quickly replicated. The attack footprint could expand rapidly, and a number of victims may be extremely high.”
According to Wavestone US – an IT consulting company – there are three main ways hackers attack AI:
- Evasion: This involves the attacker playing an AI to get it to make a decision that’s different from what it would usually do, creating something like an optical illusion within its algorithm. By tricking the AI into making a mistake, the attacker can then remain undetectable.
- Inference: In this case, an attacker tests the AI with various queries, studying how the behavior of the application evolves, sort of like giving it a digital “truth serum” to make it talk. Attacks like these seek to glean information from the AI that will help the attacker learn more about and get around its protections.
- Poisoning: By specifically targeting the way an AI learns, an attacker works to modify how it reacts, influencing the data to throw the AI off guard. These types of attacks are particularly potent when data is public or external – as with many cloud servers.
Protecting Cloud Data with eSignatures
It’s often simple things that can flout an attack. One method for protecting data can be something as simple as using electronic and digital signatures. When authentication methods are layered – by using security codes via e-mail, looking up someone via the Office of Foreign Assets Control, delivery of one-time PIN codes via text, or use challenge questions that aren’t public knowledge – you help keep data safe. Such technology also allows businesses to streamline their digital transactions to make them more secure.
Though electronic and digital signatures are usually considered tools for signing contracts, they’re capable of doing much more and can verify someone’s identity when accessing online data. Using it as a second or even third factor of authentication, along with AI, maybe enough to thwart an attack.
While AI by itself won’t solve the problem of cyberattacks, it’s another powerful tool for businesses that will help them keep up with hackers’ ever-increasing technical arsenal. AI should act as your watchdog. Often, as with guard dogs, the very presence of an effective AI can keep certain bad actors at bay.
Read More: Can AI Transform Cybersecurity?