Artificial intelligence (AI) has huge potential for wireless networks and for the people that must protect — as well as those who try to attack — them. It’s a rapidly changing landscape, and in this article, I explain how our industry is most likely to be affected by AI this year and what’s shaping up for the future.
In our context, AI is the development of computer systems and software that can replicate processes usually requiring human intelligence. In other words, AI imitates fundamental human behaviours using predictive intelligence based on big data such as, movement (robotics), hearing (speech recognition) and vision (object recognition). However, AI can or will — at least theoretically — at some point exceed humans’ capabilities in these areas, which makes it simultaneously exciting and terrifying. As it stands, AI is far from becoming truly ‘artificially intelligent’ and has a long way to go in developing both emotional and logical intelligence beyond data analytics.
Cybercrime and AI warfare
Cybercriminals are always quick to exploit the latest in technology and AI is no exception. We are already facing a cybercrime pandemic and this will worsen during 2019 as cybercriminals become more sophisticated and organised. Cybercrime is no longer the domain of lone hackers, it has become a huge business with sophisticated operating models and low barrier to entry.
The organisation of cybercrime is now so extensive that wannabe cybercriminals don’t have to be technical experts. AI allows them to use very targeted, automated tools and these may even learn as they go, getting incrementally better at causing harm. It’s becoming more common for malware to contain nasty surprises such as sleep timers that cause it to open minutes or even days after the file has been declared safe, or the ability to detect and respond to mouse movements.
Small and medium-sized businesses (SMBs) with limited security resources are likely to be most vulnerable. However, everyone is at risk as AI-powered crypto-viruses and other forms of malware proliferate and are deployed with pinpoint accuracy.
AI warfare, which is effectively industrial or political espionage, or competitive intelligence gathering enacted by computer intelligence, is another rising threat. Even the German parliament has fallen victim to this. The implications for AI warfare between businesses are substantial and 2019 is likely to see many ramp up their cybersecurity arrangements to combat it.
The biggest lesson to be drawn from this is that many traditional security measures are no longer good enough. AI works like the human brain: it learns, it develops, and it grows. No firewall or out-of-the-box virus checker can compete with that. In 2019 we must all move on.
Advanced Threat Protection
Advanced Threat Protection (ATP) will become more widespread in 2019, thanks to the superior protection that it offers against AI-based threat.
ATP provides real-time monitoring and protection of the network, which is crucial when threats are increasing, frequently novel, able to infiltrate and spread within a network at lightning speed and incredibly difficult to get rid of. The need is to detect and silo threats before they have any chance to deploy.
Businesses can’t afford to wait for their firewall or virus checker’s next upgrade if the threat is in the here and now. Real time protection and surveillance is all-important.
Cloud computing, combined with a more virtuous application of AI, gives ATP another edge. Machine learning allows it to understand and thus detect evolving threats. The more data it has (drawn from the business or businesses using it) the better it does. Cloud computing allows this knowledge to be aggregated and shared, creating an ATP that gets better by the hour.
ATP — previously a specialist tool — will move into the mainstream this year.
Sandboxing is a crucial part of ATP, but not all sandboxes are the same. The best now watch activity at the processor instruction level, detecting and blocking malware (including zero-day events) before it is deployed. What’s more, current sandboxes use the power of AI to share information with cloud-based ATP and associated networks, so intelligence is quickly shared and everybody benefits, almost immediately, from better protection.
As a result, the firewall is more or less obsolete and sandboxes (and wider ATP systems) are rapidly replacing it. That change will accelerate during this year.
What are the practical implications?
For SMBs, the growth of AI and its potential applications for both good and ill demand a move to the cloud.
Local security solutions just don’t cut it any more: businesses desperately need the protection of ATP and sandboxing, but they need it in the cloud because that’s where meaningful volumes of data are aggregated, and protection evolves in response to that.
AI allows tech to cross-check inputs and events to understand threats more fully. Systems can then make meaningful predictions and mitigate threats effectively in real-time using machine learning. Just like human understanding, the protective system learns and grows.
When this type of machine learning is applied to an ATP system, everybody who is protected by that system benefits from the threats that they — and others — have already dealt with. That learning might have occurred a year, a week, a day or even ten minutes ago: AI can use all of it, fast.
We are not yet at the point where ATP and sandboxing can replace all other security measures, but in time they will. Right now, savvy organisations are using them alongside other solutions where required.
Many SMBs will be frightened by the growing threat of cybercrime, and rightly so. Just one successful malware attack can bring enough financial, reputational and legal damage to terminate a business. But with advanced, cloud-based and above all, AI-driven security, the future is looking far brighter for business than it is for the cybercriminals.