By Yuda Saydun on Nov 18, 2019

AI Gone Bad? Defending the Enterprise from Smart Cybercrime

Artificial intelligence (AI) is transforming the world, and cybersecurity is no exception.

Autonomous threat monitoring, prevention, detection, and remediation solutions are necessities in a highly dynamic threat environment. AI solutions are also invaluable in the analysis of mass-collected data, such as the thousands of potential security alerts that SIEMs generate.

Unfortunately, the same features of AI that make it ideal for building smart cyber defenses have also started to be used by bad actors to launch smart cyber attacks.

Deep fakes mean deep trouble

AI and Machine Learning (ML) are very well-suited to automating attacks that are launched at scale, such as phishing campaigns, packet sniffing, and vulnerability hunting.

Advanced smart cyber threats aren’t purely hypothetical. Earlier this year, a European energy company lost $243,000 in a scam where hackers used AI-based software to create an audio “deep fake” of the firm’s chief executive. This was the first known incident of a successful financial scam involving an audio deep fake, and there have been many more reported incidents since then, especially as the technical and financial barriers to entry are lowered. Fortunately, AI vendors are developing solutions that are less expensive and more accessible to cyber defense teams.

5 Steps to defeating smart cyberattacks

The fact that hackers are co-opting AI is not an indicator that cybersecurity technologies are flawed or unsafe. Every new and emerging technology that businesses embrace is usually put to the test by hackers, and every new system or device connected to an enterprise data environment expands the potential attack surface. Consider the myriad of threats to IoT devices, mobile apps, and cloud software and services.

Here are five steps that enterprises can take to defend themselves against smart cyberattacks .

1- Don’t expect miracles from AI security solutions

There is no such thing as a security solution, even an AI-powered solution, that will render an entire system impenetrable from all angles. Despite the growing number of advanced tools, there is still no such thing as software that will replace skilled security personnel. AI security solutions are tools that make security personnel more efficient and effective by freeing them from mundane and tedious tasks so that they can focus on higher-level work that requires human intervention, such as investigating and responding to incidents flagged by the system.    Learn more about what you can expect from AI security solutions in our recent blog article "Artificial Intelligence and Information Security:  Fact vs Fiction".

2- Harden AI systems against adversarial attacks

In addition to using AI to build better cyberattack tools, hackers attack AI-powered security systems themselves. One common method is to launch what researchers call adversarial attacks on machine learning algorithms.

ML algorithms “learn” by examining training data; in the case of a security system, the algorithms are “learning” the difference between safe vs. malicious files, normal and anomalous network behavior. Hackers can turn the training process against itself by feeding false data into a security system to “teach” it that certain malicious activity is baseline behavior and should be ignored. Sometimes, even small changes can significantly impact a system’s behavior and output. Enterprises should anticipate adversarial attacks and take steps to harden their AI systems against injections of false or low-quality data using such methods as adversarial training and defensive distillation.

Recent developments in deep learning are enabling superior accuracy and near-zero false positives compared to machine learning-based defenses. Just as in natural language processing, image recognition, bio-informatics and autonomous driving, deep learning  neural networks are way superior  in terms of eliminating the need for manual extraction, handcrafted features, misleading readings and noise in the raw data. Forward-looking security teams would be well served by evaluating and adding such tools to their arsenal. 

3- Fight deep fakes with multi-layered identity verification

The emergence of highly realistic phony voice prints and other deep fakes illustrates the folly of depending on biometrics as a sole authentication factor, or on any sole verification factor. There is no replacement for multi-factor authentication that includes a strong, randomly generated password as one of the factors.

4- Shore up on cybersecurity basics

“AI gone bad” cyber attacks may grab headlines, but most successful cyber attacks are traced back to decidedly low-tech social engineering techniques, such as phishing emails, or a mistake made by a company insider, such as a misconfigured cloud storage folder. Fundamental proactive security defenses, such as employee cybersecurity awareness training, role-based access control based on the principle of least privilege, firewalls, and making sure that operating systems and software are promptly patched when updates are released not only shore up the enterprise against less exotic attacks but also help prevent smart cyber attacks.

5- Never let down your guard

Cybersecurity is not a matter of “set it and forget it.” New cyber threats and vulnerabilities emerge literally daily; the moment one defense is shored up, hackers find another way in. Preventing cyber attacks requires a solid cyber security policy and constant vigilance, including periodic risk assessments, penetration testing, vulnerability scanning and evaluating new tools.