AI to fuel a new cybersecurity race, experts say
By Ross Marowits The Canadian Press
By Ross Marowits The Canadian Press
Jan. 29, 2018 – Technological advances in artificial intelligence are fuelling a new race between hackers and those toiling to protect cybersecurity networks.
Cybersecurity is always a race between offence and defence but new tools are giving companies that employ them a leg up on those trying to steal their data.
Whereas past responses to cybercrimes often looked for known hacking methods long after they occurred, AI techniques using machine learning scan huge volumes of data to detect patterns of abnormal behaviour that are imperceptible to humans.
Machines will become very sophisticated
Experts expect machines will become so sophisticated that they’ll develop answers to questions that humans won’t clearly understand. David Decary-Hetu, assistant professor of criminology at the University of Montreal, says defenders have an edge right now in using artificial intelligence.
“But who knows what’s going to happen in a few years from now,” he said in an interview. “The main issue is that if you’re defending a system you have to be good 100 per cent of the time, but when you’re attacking the system you only have to be successful once to get in.”
Decary-Hetu said a growing list of corporate and government officials, including Bank of Canada governor Stephen Poloz, who say infiltrations are their top worry have a very good reason to fear. The Bank of Canada warned in its semi-annual review released this month that the high degree of interconnectedness among Canadian financial institutions means any successful cyberattack could spread widely throughout the financial system. Reports suggest cybercrime costs the Canadian economy between $3 billion and $5 billion a year, including ransom paid to foreign criminals. Hacks of Sony Pictures, Uber, Ashley Madison, Yahoo and multinational retailers have sparked unsettling headlines about security of personal information.
One of the latest to face scrutiny is global credit-reporting firm Equifax. Hackers accessed the personal information, including names, social insurance and credit card numbers, as well as usernames, passwords and secret question/secret answer data of 19,000 Canadians and 145.5 million Americans. Current detection systems tend to only recognize improper activity based on past events, often long after the damage is done.
Automated means of detecting threats has become more important
An example of this is Equifax, which discovered the breach in July, months after hackers first infiltrated the system. It only notified the public in early September. Niranjan Mayya, founder and CEO of Toronto-based Rank Software, said it takes on average 143 days for a breach to be detected. The challenge is growing as the number of connected devices in the world continues to soar.
“Clearly the old style techniques of looking at cybersecurity threats and having people go through each threat aren’t working anymore, so automated means of detecting threats has become more and more important,” he said.
David Masson, Canadian manager for U.K.-based Darktrace, said artificial intelligence will help to keep up with threats by quickly identifying and stopping attacks by picking up on subtle markers that identify bad behaviour. He said his company’s systems map a customer’s entire network, including every user and device, to discern even the slightest deviations as they emerge. Masson said AI is needed to keep up with threats by automating defence responses to growing machine-on-machine attacks launched by sophisticated hackers.
“You’re kind of looking at a cyber arms race,” he said in an interview. “If you want to keep up with this threat and put the advantage back in the hands of the defenders you’re gonna have to use AI.”
AI is not a silver bullet and these are nascent days
Ontario-based utilities company Energy+ Inc. said installed Darktrace technology alerted it to a user going to a malware site in Russia and uploading undisclosed sensitive data to a third-party cloud provider that its existing security was unable to catch. Some observers temper the current exuberance about AI, saying it’s not a silver bullet and these are nascent days for the technology. Receptiviti CEO Jonathan Kreindler says the hype around artificial intelligence has accelerated and has almost become a branding exercise for some companies that aren’t even offering truly leading edge technology.
“The term AI is now being applied to any sort of algorithmic reasoning unfortunately,” said Kreindler.
His firm uses AI to scour writings for unconscious use of language to understand the psychological state of company insiders who are responsible for 80 per cent of cybersecurity issues. Canada’s largest IT company, CGI Group, said artificial intelligence is a growing field of interest for customers, although the average client is in the fairly early stages of considering AI adoption in cybersecurity.
CGI cybersecurity expert Andrew Rogoyski said that still puts them one step ahead of most hackers, who are typically interested in stealing data using the cheapest tools possible. Rogoyski added that he expects a strengthening of defensive mechanisms might force hackers to also adopt innovative techniques such as AI.
“There’s a race, it’s been going on for 20 years plus and the race just keeps evolving. We keep leapfrogging each other,” he said.