The Risk Of AI Being Used For Offensive Purposes

Apart from a few leading-edge companies, the deployment of Artificial Intelligence (AI) in business has been slower that it supporters might have hoped for. Whereas governments and their intelligence and security agencies are committed to use AI  to help deal with threats from criminals and hostile states which use AI to strengthen their own attacks, they are evidently not yet on top of AI.

A study, undertaken by Forrester Consulting on behalf of Darktrace, has revealed that around half of executives are worried about the use of AI to attack both their digital and hardware systems.

Today’s cybersecurity threats are incredibly smart and sophisticated. Security experts face a daily battle to identify and assess new risks, identify possible mitigation measures and decide what to do about the residual risk. This next generation of cyber security threats require agile and intelligent programs that can rapidly adapt to new and unforeseen attacks. Indeed, AI is no longer a tool only for the “good guys”; malicious actors now use it as a force multiplier as well.

A Complex Environment

It’s increasingly common for organisations to have a multi-faceted digital infrastructure that contains hybrid, multi-cloud and IoT environments. The growing complexity of their working environment, with an expanded infrastructure leading to a significant growth in security challenges that are only compounded by the speed and sophistication of attacks. 

This provides a multitude of operational benefits, but it also provides an ever growing expanse to protect and secure from attacks. 

In fact, the Forrester report finds that 83% of executives think that their digital infrastructure had expanded in such a way as to make developing a unified security strategy significantly harder. Nowhere is this complexity more evident than in the growth in AI-enabled attacks.

The report highlights how machines are already commonly attacking machines, but that it’s increasingly common for machines to successfully attack humans, and this new approach is something that businesses aren’t ready for. “It’s no surprise that 86% of cyber security decision makers are concerned with threat actors leveraging AI to supercharge attacks and a further 88% believe it’s inevitable for AI-driven attacks to go mainstream.” the report concludes.

A Losing Battle

Many corporate cyber security teams are at risk of fighting yesterday’s battles, where their traditional defenses are reliant upon outdated attack scenarios which are no longer resistant to AI-powered attacks. There are signs that things are changing, however, or at least, that there is a need for change.  There’s a growing appreciation for the need for speed, both in identifying attacks and then responding to them. Despite this, less than 25% of businesses said they could recover from an attack in less than 3 hours.

Organisations need to develop the capability to detect, interpret, and respond to attacks as quickly and nimbly as the attackers are themselves acting.

As the breadth of infrastructure grows, the number of vulnerabilities grows alongside it, and so organisations have to adopt an agile approach to keeping their infrastructure safe. As well as the lightning speed of AI-driven attacks, executives also worried about the nature of attacks, with two thirds expecting offensive AI to conduct attacks that no human could conceive of. 
They expect these attacks to be unpredictable and stealthy, therefore evading more traditional security measures that reference historical attacks. Many expect to utilise AI in a defensive capacity, with a machine learning approach used to upgrade defences far faster than humans could manage. “The real issue with this is that because AI moves faster and better than current legacy defenses, the “evil AI” will win in most instances.”he report says. 

The use of AI to both protect and attack digital systems is an inevitability of the modern age, but the lack of strategic focus on cybersecurity renders many organisations more vulnerable than they need to be. In a digital arms race,

AI tooling and capabilities are no longer nice to haves, but should be fundamental parts of the security toolkit. 

While there is a growing awareness of this requirement, it remains to be seen how many cyber security managers are given the tools and resources they need to maintain the security of their systems.

AI & Machine Learning

AI and machine learning technologies address these challenges and are giving rise to new possibilities for cyber security threat protection.  AI in cyber security plays an important role in threat detection, pattern recognition, and response time reduction. Adopting AI in cyber security offers better solutions when it comes to analysing massive quantities of data, speeding up response times, and increasing efficiency of often under-resourced security teams.

AI is designed and trained to collect, store, analyse and process significant amounts of data from both structured and unstructured sources.

Deploying technologies such as machine learning and deep learning allows the AI to constantly evolve and improve its knowledge about cybersecurity threats and cyber risk. For example, by recognising patterns in our environment and applying complex analytics, AI enables us to automatically flag unusual patterns and enable detection of network problems and cyber-attacks in real-time. 

This visibility supplies deeper insights into the threat landscape which in turn informs the machine learning. This means that AI-based security systems are constantly learning, adapting and improving.

Darktrace:        Cyber News:      ZDNet:      Information Security Buzz

You Might Also Read: 

Artificial Intelligence – A Brief History (£)

« Analysts Detect New Bank Malware
What Is A Cyber Security Audit? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Wooxo

Wooxo

Wooxo provides business security and continuity solutions to protect business data for organisation of all sizes.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

LevelOps

LevelOps

LevelOps is an industry application security platform that tracks and develops your application security.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

Cyber Readiness Institute (CRI)

Cyber Readiness Institute (CRI)

At the Cyber Readiness Institute, our mission is simple: empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

Exalens

Exalens

With deep roots in AI-driven cyber-physical security research and intrusion detection, at Exalens, we are enhancing operational resilience for cyber-physical systems at the OT edge.

NPCERT

NPCERT

NPCERT is a team of Information Security experts formed to address the urgent need for the protection of national information and growing cybersecurity threat in Nepal.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.

PingSafe

PingSafe

PingSafe is creating the next-generation cloud security platform powered by attackers' intelligence, providing coverage for vulnerabilities that traditional security solutions would otherwise overlook

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.