Cyber Security | Artificial Intelligence, the good, the bad and are we ready?

By Raymond Vankrimpen

Is Artificial Intelligence (AI) the next step in our evolution?

Still in its infancy, AI is already transforming the way things get done. From IT, marketing, and HR to sales, manufacturing and yes, even finance, AI has the potential to profoundly impact all aspects of a business. But not just businesses: many believe AI can revolutionize the way we live: making our cars safer, our cities more efficient, and the search for disease-fighting drugs faster. But, despite this dreaming and Matrix avenir, what will be the real impact? What are the risks of this cyber future?

A report published by The Boston Consulting Group and MIT Sloan Management Review in September 2017, indicated that 84% of respondents believe “AI will allow their companies to obtain or sustain a competitive advantage,” and 83% perceive AI as a “strategic opportunity” for businesses, while almost 40% see “strategic risks”.[1]

This winter, Raymond Vankrimpen, partner in our Risk, Technology and Advisory Services division, spoke on a panel at the Artificial Intelligence World Forum in Toronto. Ray shared his insights revealing the current risks the tech world has already encountered, and which industries are most at risk of being attacked.

While AI hasn’t touched the sky yet, some say the risks of its implementation are rising just as fast.

So, what are the risks that Ray pointed out to the World Forum audience? Well, there are several, but here are two pragmatic, current-day risk scenarios:

1 – Hackers leverage AI making their attacks more successful

Evidence shows that hackers have not really had to invest time and effort into developing attacks because it is already so easy to compromise organizations. Yet some of the advancements and studied attacks listed below give us a better of understanding of how attackers are taking advantage of this futuristic technology:

  • Malware: In India, a polymorphic malware was detected showing signs of being able to learn while it was spreading.
  • Phishing: ZeroFox – a Digital Risk Monitoring company – conducted an experiment in 2016 to see if AI could do a better job of phishing on Twitter than two of their engineers. You guessed it. The AI beat them, getting more victims to click on links.
  • Spear Phishing: This seems to be how most hackers are using AI to enhance their attacks. The algorithms can learn the nuances of a person’s communication style and then better mimic it, to look less suspicious.

2 – Hackers attack AI enable technologies

We mentioned healthcare, self-driving cars and smart cities as some of the improvements in our lives thanks to AI. But will they really be able to make our lives safer or better without jeopardizing them?

Well, “purveyors of these technologies will have a big challenge to build cyber-resilience into their applications – e.g. envision cars being driven off the road, or misdiagnosis occurring in high profile individuals as part of assassination attempts” says Ray. He strongly believes that more care needs to be taken, along with lower risk tolerances when using AI to advance such every-day-life conveniences, particularly, when the risk profile includes life or death situations.

Industries with more risks of being attacked

Finance:

Verizon’s 2017 Breach report indicated that the financial services industry is still one of the most targeted overall.[2] The survey broke down the breaches by a pattern of attack, actions used and assets targeted.

Manufacturing:

In terms of actions-used attacks (spear phishing and/or malware), experts think that the manufacturing industry is also in the spotlight for hackers. Actually, the 2017 Q2 Threat Intelligence Report revealed that manufacturers are increasingly being targeted by cybercriminals.[3]

https://www.richter.ca/en/News-and-Media/News-and-Insights/AI—the-good-the-bad-and-are-we-ready#_ftn3In spite of the unstoppable evolution of AI, either in an efficient or risky way, Ray does share his excitement in seeing how companies adopting AI in their cybersecurity practices (particularly, in threat monitoring and detection) will enjoy a significant benefit over the companies that do not.

When used for good, AI can help enhance livelihoods; but business owners first need to understand how to harness, and even how to protect their businesses from AI’s capabilities, before becoming a victim of someone else using it for more sinister purposes.

Don’t wait until then. Contact one of our risk and cybersecurity experts today.

[1] Ransbotham, S., Kiron D., Gerbert P. and Reeves M. “Reshaping Business With Artificial Intelligence”. Retrieved from: https://www.bcg.com/Images/Reshaping%20Business%20with%20Artificial%20Intelligence_tcm9-177882.pdf.

[2] Verizon. “Verizon 2017 Data Breach Investigations Report”. Retrieved from: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/

[3] NTT Security. “Global Threat Intelligence Center 2017 Q2 Threat Intelligence Report”. Retrieved from: https://www.nttsecurity.com/en-us/gtic-2017-q2-threat-intelligence-report.