What Artificial Intelligence and the Internet of Things mean for Business Security
In an age where everything is connected, when large and small businesses think about data leaks, they don’t only have to worry about briefcases being left in public places, or hackers entering IT systems through computer networks.
As everything from smartphones in our pockets to industrial machinery, cars and kitchen utensils start talking to each other and uploading our data to the cloud, there are far more outlets which data can escape from. There are also far more potential points of entry for people with nefarious schemes in mind.
The costs for getting it wrong can be enormous – for example, under the newly introduced European General Data Protection Regulation (GDPR), businesses can be fined up to 20 million euros, or 4% of their annual global turnover, for misusing their customers’ data.
And though it hasn’t yet happened, experts agree that failing to adequately protect that information would certainly count as misuse.
Data security part of business operations
With that in mind, a robust data security strategy is an essential element of any organization’s operations, no matter their size. This can start very simply: easy examples include ensuring all devices which you allow on your networks are updated with the latest versions of whichever OS and security software they use, or a full root-and-branch review of all the data you hold, as well as all the devices which potentially have access to it.
Though this sounds complicated and potentially expensive, hardware, software and OS providers have become more attuned in recent years to the growing importance their customers are placing on security.
Many of the most frequently used online business tools – of the sort provided by Microsoft, Google or Adobe – come equipped with features such as enforced two-factor authentication and tools to detect suspicious use, as standard. Setting these up often only take minutes but the peace of mind and additional security they bring make them well worth that effort.
As with bricks-and-mortar security, security in the online world comes down to taking common-sense steps to not become a target. Just as burglars will check out a street of homes, looking for those with windows left open, or keys stashed in obvious hiding places, hackers will scan targets – looking for weaknesses in their web interfaces, employee log-in systems, and even social media, for openings. The trick is not to be the easy target – take every necessary step to protect yourself, and the bad guys will move onto the next potential target.
Deploying AI to protect and serve
So much for baseline security: what about the future impact of AI? Artificial Intelligence (AI) also gives the bad guys powerful new tools for attacking their targets. Bots have been around for a long time in computing – generally carrying out menial tasks such as gathering information from web pages to pass to search engines, in order to make search results more useful. Empowered with AI, though, and in the wrong hands, they can “learn” to evade tools such as anti-malware software, designed to stop bots from capturing sensitive user data.
The rise of cryptocurrencies – pseudo-anonymous online payment tokens which can be traded for real-world currencies – has also exposed organizations to new threats in the guise of ransomware. In the old days, to extort money from someone, the bad guys would have to collect cash – meaning they would have to expose a real-world location where they would be present at some time (and therefore could be found by law enforcement agencies). If they completed an electronic transfer of funds using banks or other networks, these were also traceable, and financial institutions are legally bound to cooperate with law enforcement detection operations. The existence of encrypted communications and cryptocurrencies allows for anonymous demands and collection – and many millions have been extorted from organisations in this way in recent years. Combined with the increased sophistication AI brings, and the increase in possible attack vectors opened up by IoT, we can expect many millions more to follow.
Risk and reward: the impact of technology
OK, so you may now be thinking, if all this technology is going to cause you so many headaches, we may as well just steer well clear of it! Well, of course, AI and the IoT have upsides too, when it comes to security. If you use AI and IoT access smartly, rather than opening you up to new vulnerabilities, both can provide strong protection against some very old ones.
Just as malware programmers seem to be creating viruses and trojans which can “learn” their way around traditional software protection, anti-malware programmers are harnessing AI to make their protection more powerful. Anti-virus software can learn to predict that a file downloaded from the internet may be dangerous, even if it isn’t already on any database of known malware. Data such as where files originate from, their structure and their method of delivery can alert security software to potential threats and isolate them before they can cause harm. Whatever can be found out about the file will be fed back into the detection algorithms, increasing their accuracy.
In fact, as the number of threats and attack vectors ramps up in correlation with an increase in the amount of data we collect, and the number of machines we use to process them, AI could become an essential tool for responding to the threat.
With one report estimating that there will be a need for 3.5 million new cyber-security analysts by 2021, those already doing the job are likely to be rushed off their feet. This means that there will be a growing need for the type of automated tools and augmentation-engines that AI makes possible, to keep them from suffering from (potentially disastrous) fatigue.
In some ways, it’s the same old story – an ongoing battle between criminals and those tasked with stopping them. In other ways, it’s a whole new world of threats – primarily because the evolution of both malware and anti-malware is now happening at machine speed, rather than human speed.
Of course, one of the main dangers is complacency. If your security software tells you in its marketing blurb that it is 100% effective against all known threats, that doesn’t mean that you can go back to using “password” as your password or keeping log-in details in an unsecured notepad file on your desktop. As automated, learning security systems become commonplace, hackers will resort to concentrating their efforts on the weakest link in the chain – which is generally human fallibility!
In the AI and IoT era, a robust approach to online security is more essential than ever, and increasingly it will be essential to combine human common-sense with the brute power and speed of AI-driven solutions.