The threat of AI-powered cyberattacks looms large

Exploring the future of cyber security with Justin Fier of Darktrace

by AI Business 25 September 2019

With damage related to cybercrime projected to hit $6 trillion annually by 2021, enterprises are putting more emphasis than ever on securing their digital and organizational assets.

Justin Frier

While rudimentary machine learning has played a role in cyber threats for some years, today there’s talk of the looming threat of malicious AI: AI-powered cyber-attacks capable of causing massive damage worldwide without the involvement of human operators.

To better understand the threats and opportunities presented by AI in the cyber security space, we went to the AI Summit San Francisco to catch up with Justin Fier, director of cyber intelligence and analytics at Darktrace – the company putting AI to work on cyber defense.

Justin’s background is in the US intelligence community, and today works with Darktrace’s global customers on threat analysis, defensive cyber operations, IoT security, and machine learning.

What are the key takeaways from your AI Summit keynote?

“Cyber AI is no longer a nice-to-have, but a need-to-have. Attacks are increasingly fast-moving, while at the same time threats are more silent and subtle than ever. Threats are constantly changing, making rules and signature-based approaches obsolete, while cloud, IoT, and other digital transformation projects render perimeter defenses inadequate. By leveraging unsupervised machine learning, Cyber AI can self-learn the pattern of life for every device, user, IoT, cloud workload, and network, enabling it to detect emerging anomalies indicative of the earliest signs of cyber-threat.

“Most importantly, AI can take action to stop attacks in real time. A security analyst steps away from their screen to get a cup of coffee, and thousands of the company’s computers are locked up. Or an attack happens at 3am. Using Cyber AI to slow down the attack buys the human team time.

“In addition to introducing the Cyber AI Platform, the keynote will also be one of the first public presentations of the Cyber AI Analyst, launched in early September after a three-year R&D project. The Cyber AI Analyst combines analyst expertise and intuition with the speed and scalability of AI to automate threat investigations, reducing time to triage threats by 92 percent.”

What are the implications of cyber intelligence for the context of practical business cybersecurity today?

“Within the intelligence community, there is often focus placed on identifying the next threat. Whether that means identifying where the threat will come from, what it will look like, or what it might target, this practice has had a detrimental effect on how many businesses think about cyber security.

“We might never be able to accurately predict precisely where an attacker might strike next, or what the next threat might look like. However, there is a key advantage that businesses will always have over attackers; you can know your business better than anyone else. Armed with complete visibility of the digital business, security teams can know as soon as a device begins behaving oddly, or credentials are compromised, or data begins moving across the network and address the emerging threat, even if it has never been seen before.”

Some of your professional background involves working directly with the US Homeland Security as well as large defense and security firms. How is AI typically viewed by these organizations – as a threat, or as a tool?

“For most organizations, AI is viewed as more of a tool rather than a threat. In the face of the advanced threat landscape, organizations are recognizing that they will need technology that can help them regain the advantage over attackers.

“Especially in the face of the cyber security skills shortage, AI’s ability to access data, learn from it, and take an appropriate action like a human would – or even better than a human would – has never been more essential. AI can detect and stop threats, while humans can focus on the more proactive and strategic tasks, transforming work flows and strategy for organizations around the world.

“AI becomes a threat when it falls into the hands of cyber-criminals or adversaries. While the reality of AI-driven cyber-attacks is rapidly approaching, this threat of AI only makes it more critical for businesses to deploy Cyber AI. Malicious AI will be almost impossible for humans alone to detect or stop.”

Part of your responsibilities including consulting with clients to reinforce IoT security. What is the role of AI in IoT security today?

“With the explosion of IoT devices, attackers have a multitude of new doorways into corporate networks. And if it is connected – from coffee machines to video conferencing systems – then it has an impact on security.

“Unfortunately, these devices are made by thousands of different vendors, usually with security as an afterthought. You can’t install anti-virus technology on an internet-connected fish tank, enclosing thousands of IoT devices within perimeter defenses is inefficient if not impossible, and you would be hard-pressed to write rules for all the ways the Internet of Things could be hacked.

“AI is uniquely suited to the challenges of IoT security because it can learn the patterns of behavior for an infinite number of IoT devices and detect the subtle anomalies indicating a device has been compromised. Cyber AI also provides invaluable visibility into these devices, which far too often are blind-spots for security teams.

“Cyber AI has detected a wide range of threats to IoT devices on the networks of companies around the world, including hacked CCTV cameras, compromised smart lockers, manufacturing equipment infected with malware, and manipulation of internet-connected refrigerators.”

What will be the greatest threat to enterprise cybersecurity to emerge out of the AI era?

“The greatest threat that will emerge out of the AI era will be malicious AI.

“We’ve seen cyber-attacks wreck damage to businesses around the world. And yet even the most advanced attacks involve a humans’ hands on a keyboard. While there is debate over when we will see the first AI-powered cyber-attack emerge, cyber-criminals and nation states are no doubt devising malicious AI. There are already open source AI tools that attackers can use as a starting point.

“Most importantly, AI won’t just make attacks faster or smarter. We likely can’t even fathom the ways that AI will transform attacks or be leveraged by malicious actors. What we do know is that with AI attacks on the horizon, AI defenses will be critical as well. The future may very well be algorithms fighting algorithms on the battleground of corporate networks.”

Join Justin Fier and the Darktrace team at this week’s AI Summit San Francisco. Find out more