AI’s Two Achilles’ Heels Keep Me Up at Night

Published 11 - January - 2021
Source: FinTechFutures
Read full article

All the social techniques cybercriminals currently employ could be improved immeasurably with the help of AI.

Steve Durbin, CEO of the ISF

The sudden switch to remote working during the COVID-19 pandemic left a huge gap of visibility for cybersecurity attacks. In some cases, on-premise security tools couldn’t immediately extend to the cloud or into home-working environments. This meant between March and May, teams scrambled to render their technology into a risk-free format.

AI – a force for good and evil

Against this backdrop, Tom Kellermann, cybersecurity strategy head at major US software firm VMware, points out the particular threat of artificial intelligence (AI). “AI has two Achilles heels,” he explains at a roundtable attended by FinTech Futures. One is that timestamps and data can be manipulated, he says. The other is that the technology can be “turned against its mission”. “It’s what keeps me up the most at night,” says Kellermann.

According to a 2019 Capgemini report, some 69% of enterprise executives think AI is “essential” for responding to cyber threats. But whilst AI can defend a system from attacks, it can also execute them. Cyber criminals can employ AI themselves, as well as turning AI used by companies against them. AI can be switched to convince victims to compromise their own networks and or hand over sensitive data. As Steve Durbin, managing director at Information Security Forum, tells Forbes: “All the social techniques cybercriminals currently employ could be improved immeasurably with the help of AI.” There’s also scope to use AI to identify fresh vulnerabilities in networks, devices and applications as they emerge, he adds. “The best policy in these cases may be to fight fire with fire.”

Light at the end of the tunnel?

But the silver lining for 2021 defenders, VMware says, comes from the “significant” advancements in AI and machine learning (ML) set to land in firms’ security stacks. And as awareness of how attackers use automation increases, it’ll become harder for attackers to pull off AI-based takeovers. But at a time when budgets are already stretched and under great scrutiny due to a looming recession, it’s clear only those companies with cash to spare will be able to invest in these advancements.

Which leaves many smaller firms vulnerable, whether they use AI or not.