The growing capabilities of artificial intelligence is triggering a battle across the cyber security fence – and organisations must act now to be on the right side of it 

Artificial intelligence (AI) has been increasing in sophistication for some years, finding its place in our everyday lives with ever-growing pace and force. As businesses and governments begin to use AI, the potential for its application in cyber security is becoming more apparent.

What’s more, hackers and businesses are going head-to-head – with hackers now able to develop more sophisticated threats, and businesses looking to use AI for threat detection, prevention and remedy.

When it comes to cyber security, businesses need to act now to tighten up cyber defences. With large-scale security breaches only increasing in number over recent years, organisations both big and small should consider investing in AI systems designed to bolster their defences.

>See also: The rise of the machine: AI, the future of security

Over the next year alone, we’ll see a rise in AI systems that can perform several tasks, including re-writing encryption keys continuously, preventing them from being unlocked by hackers outside of an organisation’s walls.

These more practical uses for AI are allowing organisations to anticipate issues before they arise through threat analysis, threat detection and threat modelling. For example, if a human manually checked systems for signs of outside breaches on a monthly basis, it could take a number of weeks to fully analyse. Using AI not only adds an extra layer of protection, but also allows organisations to react to the breach much quicker.

Hackers will up their AI game

Vulnerabilities found both in software and online have previously been numerous, offering hackers plenty of opportunities without great need for AI. This will quickly change as AI improves and businesses minimise the gaps within their organisation’s cyber defences.

It may not be long before the use of AI becomes the norm among hackers, providing them with more opportunities and avenues to access sensitive data. This technology could be used to scan the internet and software for vulnerabilities, as well as design attack strategies, and then launch them with minimal human error.

One current use of AI by cybercriminals is in phishing emails. By using data from the target to send phishing emails that replicate human mannerisms and content, these AI-powered attacks resonate with the target better than ever before. These tactics will make it harder for businesses and individuals to recognise when they’re being hacked.

Tackling insider threats

Of course, many threats to an organisation originate far closer to home. Insider threats have always been a cause for concern, but as the potential of AI systems grow in complexity, we are starting to see businesses tackle this with force.

AI can now help to detect a break from normal employee behaviour. This technology could be used to discover employees that are accessing company information, and evidence of them transferring this information outside of organisation walls.

Taking this to a more invasive level, AI technology could be used to detect instances of corporate policy being breached by employees. Tasks as harmless as using USB storage can now be analysed for signs of malicious intent and corporate corruption.

Of course, exact sentiment and explanation will be difficult to detect from AI technology alone. As a result, privacy laws will be key if organisations are to avoid breaches in employee law themselves.

Skills gap

Keeping the ball in the court of the cyber security teams will be an increasingly hard battle to fight in the coming years, and one which will need the full support and expertise of cyber security professionals and security-savvy organisations.

With the Centre for Cyber Safety and Education revealing that the world will face a shortfall of 1.8 million cyber security professionals by 2022, we are reaching a critical point where change is needed rapidly.

This is something that has been recognised by the government in recent months, with announcements made in the Budget demonstrating a commitment to address the skills shortage.

The introduction of T-Levels will aid in the creation of the next generation of technology professionals, helping to fill the widening gap in provision and part of this must focus on cyber security.

As the nature and complexity of AI grows, businesses need to start thinking about how to incorporate this new technology into their cyber security strategies. Of course, not everyone is a target for such advanced AI attacks and simple cyber hygiene remains an effective counter to many threats.

However, there is plenty of evidence that AI is becoming more available and affordable and so will become more prevalent. But if organisations are to truly take advantage, a combined effort is needed.

Not only must organisations invest in preventative AI, but the government must continue to back the development of the next generation of technology professionals. After all, there’s no use in having the technology without professionals that know how to use it.

‘Researchers are now modelling how a malevolent AI system could develop, and have concluded that current cyber security practices are woefully inadequate’ 

Beleaguered enterprises are struggling to keep pace with cyber threats, and small and medium-sized businesses are hit hardest of all due to limited resources.

A recent survey by the Federation of Small Business (FSB) found 66% of those questioned had been a victim of cybercrime over the past two years, and only 4% had an incident response plan in place in anticipation of an attack.

For many, cyber security takes them into unfamiliar territory and depletes the time spent on core business activities.

This has seen an over-reliance upon point solutions, poor attention to patching and updates, and a failure to apply strategic business-specific security controls.

To make matters worse, the potential attack surface is only set to widen as the Internet of Things sees sensors and IP-enabled tech insinuate themselves into every niche of society, even the small business.

A badly configured humble kettle could open up a conduit onto a business network, for instance. Yet the current situation finds many SMEs ill-prepared for any change in the threat spectrum, being unable to monitor, detect and respond to an attack – begging the question, how will they cope with yet more holes in the network?

What is needed is some form of automation coupled with artificial intelligence; a system that has visibility of the network and can monitor activity and alert the business to enable security resources to be focused as and where needed, thereby conserving spend, but which is specific to the business.

High-level data processing has been available for some time in the form of security incident and event management (SIEM) systems that, when combined with a security operations centre (SOC), can correlate data and issue alerts.

But these systems can be costly and complex to deploy and manage, with reports estimating it takes up to six personnel to run a SOC 24/7.

Even then, the information derived from these tools needs to be correctly interpreted and actioned upon. And few SMEs have data scientists on the pay roll.

For this reason, AI is beginning to receive more attention. It takes complex event processing and performs pattern analyses, using machine learning, to improve success rates.

In the context of a SOC, AI can be used to extract hidden correlations and detect complex attack vectors, as well as by assisting analysts looking for traditional attack patterns by offering multiple filtering options.

It can then assess the potential for these events to scale-up and evolve into attacks. Threat feeds are assessed in the context of the business, so that criteria such as geography, sector and compliance requirements are used as parameters externally, while internal elements, such as business strategy and the risk profile, are included to create an overarching view –allowing the threat to be assessed against the risk appetite of the business before determining a response.

As opposed to a traditional SOC, an AI SOC demonstrates machine learning and uses deep threat intelligence. It can drill down further for data and use advanced penetrative techniques to mine information from dynamic data sources such as those associated with social media and even off-grid in the dark web.

This can give the business advance warning of an impending attack in real-time as data can be collated, sifted and interpreted using predictive data analytics to forecast likely event outcomes.

The FSB survey found that the most common form of attack against the SME were phishing attacks experienced by 49% of respondents, with 37% experiencing the more targeted spear phishing attack.

These can readily be spotted and filtered using automated software. Trickier and more difficult to anticipate are denial of service attacks, aimed at crippling websites, and ransomware attacks, which use DDoS attacks or malware to demand a release fee.

Both are on the increase in the SME sector, with the FSB survey reporting five percent of respondents had experienced a DoS attack and 4% ransomware.

By the time a DoS has been executed, the business is already caught off guard and is potentially in a capacity war, forced to scale up resource to fend off the attack.

Yet, with sufficient warning, the SME can use a DoS solution to throttle the attack. The key is getting that information in advance for it to become actionable intelligence and that can only be achieved by applying AI in the form of complex algorithms that can spot rogue activity.

For instance, DoS attacks are highly organised in nature and are often planned on forums hosted on the dark web. Tap into those conversations by using the parameters referred to above and you can create a window into underground activity that can trigger an alert when the noise merits it.

Real-time SOC services are now emerging that can deliver this type of capability to the SME and it doesn’t need to cost. Outsourcing can provide the SME with access to the technology, the AI, and the personnel needed to man the operation, thereby giving the sector access to high-level security services using economies of scale for the first time.

When selecting a supplier, it’s the intelligence that you need to look for, so in addition to the usual requirements such as SIEM, event logging and data analytics, it’s beneficial to look at the managed services on offer.

Ask how data is captured and correlated and analysed and by whom? Can it dovetail with your day-to-day business operations to provide business intelligence?

Finally, bear in mind that the threat spectrum is constantly evolving. Cyber security sees security solutions and attackers pitted against one another in a never-ending arms race.

If we now have AI security solutions, businesses should expect to see malicious AI systems in the future.

Researchers are now modelling how a malevolent AI system could develop, and have concluded that current cyber security practices are woefully inadequate.

The need for a cyber security overhaul is necessary as IT professionals know signature matching is no longer an effective means to identifying current attacks. 

AI has impacted our day-to-day lives for years, whether that’s automated voice calls or virtual personal assistants – like Siri – or even self-driving cars.

The next step is to implement AI technology into personal and cyber security systems.

Currently, one or two guards will monitor a bank of security screens, and it is a successful method of security, but it is not full proof.

Eliminating human error is a key driver behind bringing Artificial Intelligence to security through intelligent video analytics.

Humans can easily get distracted, generally have short attention spans, and often find it difficult to focus on multiple things at once – a bank of security screens.

In an article written by Dr. Mahesh Saptharishi, Senior Vice President of Analytics and Data Science at Avigilon, he explains: 'While a security officer might miss a person sneaking into a poorly lit facility, a camera backed with intelligent video analytics is designed to catch a flash on the screen and recognize it as a potential threat.'

'It will spot a person loitering at the perimeter of a schoolyard and alert on-the-ground security officials to investigate and take action if necessary, all without missing a beat and keeping close watch on the many cameras and locations.'

Just as AI can be applied to personal security systems, so to can it with cyber security systems.

The need for a cyber security overhaul is necessary as IT professionals know signature matching is no longer an effective means to identifying current attacks.

Hackers can easily conceal their attacks from these signature matching security systems.

A rejuvenation of the current system is needed.

>See also: Bring the noise: How AI can improve cyber security

Yesterday, DB Networks announced its DBN-6300 and Layer 7 Database Sensor software, were being deployed to successfully implement AI in the cyber security environment – to automatically protect databases’ infrastructure.

"AI-based cyber security is truly a sea change in the security industry," said DB Networks' Chairman and CEO Brett Helm. "AI enables us to quickly and accurately…identify cyber attacks in progress. In future generations of product, DB Networks will use the output from AI to drive autonomous cyber security technologies that not only block attacks but also automatically heal the vulnerabilities."

Caution, as always, must be taken – a Skynet scenario (for those of you who have seen Terminator), while unlikely, is not beyond the realm of possibility given this is the direction human technology is heading.

But the integration of AI into personal and cyber security systems is a natural progression as technology develops. It is more efficient and not hindered by human error.

Artificial Intelligence will of make locations – physically and virtually – safer by making technology more efficient and adaptable.

Many companies are looking at starting AI development projects to assess the potential of AI and Machine Learning technologies in their operations, but getting set up for AI and ML development can be a daunting task as it means integrating software and gaining access to GPU processors that cost thousands of dollars. By offering AI-as-a-service to their customers, MSPs can take the risk, hassle, and much of the cost out of starting on the path to AI development.

AI products are quickly becoming commonplace, and AI applications and solutions are now more viable than ever with the availability of modern machine learning and deep learning tools such as TensorFlow and Keras, along with GPUs that are built specifically to perform parallel operations on large amounts of data. Enterprise applications for AI run the gamut from health sciences to finance, security, data center operations and cyber surveillance, and companies are eager to try these applications to improve agility, reduce costs and improve efficiency.

General-purpose CPUs cannot deliver the user responsiveness and inference latency required by complex deep learning and AI workloads. Instead, these new workloads require the dedicated horsepower of GPUs that were designed for them. The problem is that building a GPU-based AI development capability is complex and expensive, and companies may not want to spend tens of thousands of dollars and hundreds of person-hours just getting set up to begin development. Also, one needs to have a shared cluster where GPU resources can be allocated to end users on demand and taken back once the project completes.

Aphelion's AI-as-a-service offering makes it possible for MSPs to take the risk and hassle out of getting started with AI development. AI-as-a-service takes care of managing GPU resources distributed across a set of hosts in a multi-tenant manner plus all of the OS and CUDA library dependencies, so users can focus on AI development. MSPs can also give their users dedicated access to multiple GPU resources without making them invest in their own GPU platforms. Furthermore, one can automate deployment of an applications and software development platform for AI using pre-installed AI and machine learning software-based images and application templates. This provides single-click deployment of software development and machine learning environments for end users.

At Aphelion, we believe that that the key to differentiation and profits for MSPs is in offering customized, white-glove services that the big cloud companies can’t offer, and we offer a simple, cost-effective way to deliver those services. Aphelion makes it easy for MSPs to offer popular services with a series of service templates that run on our Intelligent Cloud Platform, including AI-as-a-service, DevOps-as-a-service, GPU-as-a-service, and VPN-as-a-service. Aphelion will continue to expand its group of click-and-go service engines to ensure that MSPs have the best possible suite of services that drive revenues, profits and happy customers.

Any cyber-attack makes IT pros shudder, but ransomware adds an extra element by its very nature – after all, you are not only attacked, but held hostage. The genre also tests both your security plans and your employees.

Ransomware attacks are on the rise: According to the FBI, an average of 4,000 ransomware attacks took place each day in 2016, a 300-percent increase from 2015. If ransomware wasn’t top of mind before, the WannaCry ransomware attack this May showed how sophisticated – and disruptive — hackers have become. (WannaCry forced a giant like FedEx to shut down operations the day after the attack.)

In attacks like WannaCry, cybercriminals gain access to systems, encrypt critical data and hold the encryption key and data hostage. However, not surprisingly, some organizations have paid the ransom but never received the key.

The human side of ransomware

According to the “BCI Cyber Resilience Report 2017,”ransomware accounts for 19% of cyber disruptions.

According to the “BCI Cyber Resilience Report 2017,” conducted by the Business Continuity Institute and Sungard AS, phishing and social engineering remain the top security threat, cited by 57 percent of respondents. Ransomware ties for the fifth spot on this year’s list. However, the report authors point out that ransomware is usually delivered through phishing and social engineering.

That adds up to ransomware being the “rising star of malicious codes,” according to David Thorp, executive director of BCI. Thorp writes that this reveals a weakness in the human aspect of cyber resilience, which calls for better education and awareness-raising initiatives.

Some victims pay up, some say ‘no’

When a hospital in Los Angeles was hit by the Locky ransomware virus, it ended up paying a ransom of 40 Bitcoin at a value of $17,000. When an employee opened an infected email attachment, a municipal utility in Michigan lost access to its accounting and email systems; an executive was quoted as saying that paying the $25,000 ransom was “distasteful and disgusting, but sadly necessary.”

Not all organizations pay. Three hospitals also hit by the Locky virus did not pay attackers and their systems were brought back to normal thanks to a quick-reacting IT team. When hackers attacked San Francisco’s light rail transit system, Muni, shutting down its ticket machines, the agency refused to pay the 100 Bitcoin (about $73,000) ransom demanded. While its IT team restored the system, customers rode for free.

There is no simple solution to preventing ransomware attacks. However, businesses can avoid having their data held hostage with these strategies.

1. Educate, test, patch

In addition to ensuring your anti-malware software is up-to-date, educate employees to recognize phishing attempts, social engineering attacks and the dangers of using computing assets in public, unsecured environments.

It’s also critical to know where your vital data is located, its value and where you are most vulnerable. Security assessments and vulnerability testing can help you develop a new strategy or harden an existing one.

WannaCry took advantage of a vulnerability in the Windows operating system. Many victims had not applied a security patch issued by Microsoft two months earlier. This highlights the importance of having a plan in place for ongoing operating system upgrades. A vulnerability management (VM) program can perform this task as needed.

2. Detect ransomware before you’re infected

One weak link is all that’s needed for malware to make its way onto your network. Your second level of defense should be to verify the effectiveness of your multi-level approach so you detect a ransomware attack before significant damage occurs. A file-integrity monitoring service is one way to accomplish this. It looks for suspicious activity, flags anything unusual and prevents the action.

Another option is a security information and event management (SIEM) service to monitor security events, correlate the events across devices and analyze them based on rules to detect malicious activity.

3. Mitigate the impact of ransomware

Your third line of defense is having a disaster recovery plan to mitigate the impact of ransomware. If malware does make it through and your data is held for ransom, this can help you recover your business operations.

Looking at the WannaCry attack, many victims did not have backups, lacked confidence in using them or had not adequately tested procedures to ensure successful restoration. Some who had backups were not sure of how far back the infection had spread, so determining the recovery point was difficult.

To minimize confusion and save time, define and document what steps need to be taken, in what order and by whom, if a ransomware attack happens. Having backups is key, but it won’t help if they don’t restore your systems as expected, so it’s important to test them on an on-going basis.

Network segmentation can help as well, cutting off any infected devices from the rest of your network. But like backups, this needs to be planned for and tested long before an employee clicks on a suspicious link.

With ransomware on the rise, it’s easy to become a victim. But if you follow these steps, you’ll never have to make a decision about whether to pay up to unlock your data.