Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

When machines do the hacking

Patrick Hubbard, Head Geek, SolarWinds | July 13, 2016
Cybersecurity threats will be humanly impossible to predict in future

AI's Achilles Heel

There are a few means by which enterprises will be able to protect themselves against the first wave of machine-learning attacks. As with any other cybersecurity threat, detection is of paramount importance. The first and most critical step is to determine you are under AI attack because you would take different precautions and even draconian measures to save your environment if under attack by AI than you would with a human-led attack.

Machine-learning attacks can be identified by two traits: the novelty and the orchestration of their approaches, cyber security professionals should be develop skills for detecting novel multi-faceted attacks. If you see a range of SQL injections, probes, targeted email pishing and DDoS attacks being executed against your organisation at the same time, without any discernible pattern in intensity or sequence, you could be facing an AI rather than your typical mercenary or disgruntled software engineer.

Machine learning does have one weakness: the machine needs to learn before it can get to work. That learning process may give away an imminent attack to observant cybersecurity operators.

Sometimes learning will take place through acquiring data. Persistent port scans, strangely personalised spam messages, and even random phone calls from "marketers" may all indicate that a cybercrime group is trying to gather the necessary data about your organisation to feed into the machine.

In other cases, learning happens through practical experience. So if you see an organisation in your industry go down to an inexplicable combination of sophisticated attacks, raise your threat level.

It's likely that if the attack is indeed AI-led, its human operators will use the experience to inform even more advanced attacks against similar organisations.

The matrix has you...protected

So what can enterprises do to repel the advance of the machines? Some AI platforms are alreadybeing applied to cybersecurity, but unless they can respond in a real-time manner they're likely to be stuck playing catch-up to cybercrime first-movers.

Machine learning can already supplement cybersecurity teams by automating responses based on simple protocols, but that'll only prove effective against lower-level automated attacks like the ones we're already seeing today.

The most effective solution is likely to be herd immunity. Since AI-led attacks will often go after similar organisations in order to keep learning, enterprises in the same industry can also adopt "security-as-a-service" clouds that roll out countermeasures across an entire matrix of organisations when one is hit.

And unlike the cybercriminals, the defenders have one significant advantage: information sharing. By sharing anonymised information about breaches and vulnerabilities between members and encouraging a culture of collaboration rather than isolation, security clouds can gain far more intelligence than cybercrime AIs operating in isolation - putting them one step ahead.

Source: CSO Australia

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.