How AI and IoT Will Shape the Future of Cybersecurity
Image painted in seconds by AI.
Try AI stories for employer branding
Image painted in seconds by AI.
Try AI stories for employer branding
The conversation around both AI and IoT has reached peak popularity. Both terms coined around 20 years ago, they are now pervasive enough that even your technophobe neighbours probably have heard about them – and may even have a vague idea of their connotations.
Both artificial intelligence and ‘internet of things’ devices are changing the way that we live our lives; however, they both also have an important place in another popular tech idiom: cybersecurity.
As the software underpinning our lives becomes more complex, and from a wider variety of vendors, so too grows the risk to cybersecurity – both on a personal level, as well as in business.
Here, we take a closer look at cybersecurity in Australia, the increased threat posed by IoT growth, and whether AI will be the silver bullet to help reduce risk – or whether it’s another risk in itself.
Industry leaders Cisco’s 2018 Asia Pacific Security Capabilities Benchmark Study of 2000 professionals from 11 different countries highlights some alarming statistics from Australia:
However, it’s not all bad news:
What these stats indicate is that we experience a greater cyber threat in Australia over other regions, although we’re fairly good at identifying real threats and actioning them. With this high workload, there is plenty of room for automation and innovative tech solutions to help stop cyber-threats in their tracks.
Solutions like mail filtering, user management, virus scanning and network intrusion detection systems make up enterprise cybersecurity stacks – but these need considerable monitoring, reporting, updating, and governance to be truly effective.
On the other side of the coin, we have cybersecurity in the home, left to individuals to navigate, often without a clear view of the cyber-threat landscape and what’s required to stay protected.
According to 2017 Norton cybersecurity Insights Report Global Results,
Risks abound in the online space in Australia, and with increasingly complex attacks, we see not only expensive losses but a weariness in the cybersecurity fight (despite increasing cybersecurity jobs) – and the explosion of IoT devices is poised to give us a further headache.
“IoT increases the threat landscape in cyber due to its pervasiveness across (all) aspects of our lives.” – Rahul Lobo, Director, Cyber Solution Lead, Security Architecture, EY
It’s no secret that the IoT explosion has begun, with devices that we wear (i.e. smartwatches, activity trackers, medical devices etc.), that we drive (smart vehicles), and that we live and work in with smart homes and offices (heating, cooling).
All these devices have their own software, each with ranging degrees of security.
To put it this way, you choose Microsoft’s Office productivity suite because you generally trust the vendor (Microsoft) to provide a good degree of security for their products. Then you have other organisational software, such as an HR management system, accounting software, a virus scanner… each of these pieces is evaluated before purchase not just for their function, but also the degree of trust you have in the security of the product.
The same goes for each IoT device brought online in an organisational environment. Each device requires careful risk assessment before acquisition and deployment. As Lobo at EY puts it, “Software being inherently insecure and prone to bugs increases the attack surface and hence the threat of cyber-attack on these devices and as such can create a very large security impact.”
IoT devices are unique in that large amounts of data flow through them that can paint a picture of one aspect of an organisation (or individual). For instance, a smart lighting system could potentially tell attackers when there is no one in a building when a physical break-in attempt might be the most successful. Here, information security is at risk.
A virus that exploits a vulnerability in a video security system could have an Ocean’s 8-like impact, where an attacker takes control of the viewing angle of a camera.
If a device is connected to an organisational network without the right network security controls in place, it could start injecting malicious scripts and wreaking havoc on systems.
The implications of insecure IoT devices have the potential to be devastating.
As individuals, we want to take advantage of the benefits that IoT devices can offer, such as health tracking, driving, home automation control, etc.
But how can we adequately assess the security risk from our devices, knowing they won’t leak data, leave our home networks open to attack, or that the vendor won’t on-sell our details? How can we do this with a limited budget and cybersecurity knowledge?
The solution is to do our own risk assessment, both on the device vendor, as well as on the security of the device itself. We can seek out the advice of trusted companies in the home cybersecurity space, such as Norton.
Thinking about these issues in advance, reading up about the vendor and device security, and consumer and security vendor ratings can go some way to alleviating the risk of personal IoT devices. Deploying trusted security software solutions across home networks and connected devices can also help beef up security.
Will AI be the silver bullet, saving us from a million insecure IoT devices turning into our own personal bot army from hell? Well, it won’t be a silver bullet, but it sure can help.
“AI can help security teams boost their threat detection and response capabilities, minimise identity fraud, thwart insider threats and reduce false positives in application testing — to name just a few examples.” – IBM’s Security Intelligence
AI is used in a general sense to convey any software that behaves as we’d expect a human to. What people often mean when they say AI is actually machine learning, whereby software finds patterns based on “training data” (large datasets), often patterns that are impossible to spot with a human eye.
As you can imagine, when deployed for security, these sort of software algorithms can find anomalies in incoming or internal data that can point to attacks or security threats. Training machine learning software algorithms to identify “data for goodware” can help identify suspicious outliers.
The issue here is that there are countless different types of cyber attacks, for example:
Each different type of cyber attack requires a different approach to help combat it. New types of cyber attacks arise, and the existing ones become more sophisticated as time goes on. That means that we need different cybersecurity measures for each, that are updated as the attacks evolve, and try and anticipate changes in the security space.
Luckily, there are plenty of companies already offering cyber attack protection bolstered by machine learning at various levels, such as anti-phishing protection in Office 365 (for organisations).
If you’re an organisational decision-maker, you’ll need to find suitably trained professionals to roll out a multi-faceted approach to cybersecurity (including network and device security) that is monitored and updated as appropriate. Setting aside time for your staff to train up in cybersecurity, such as through Cybrary, can also be well worth your while.
Once you think your systems are up to scratch, you can run them through simulated cyber attacks (what’s known as ethical hacking) to see how they hold up in the event of an onslaught.
With all this being said, it’s not just the good guys who can deploy AI in the cybersecurity fight. You can be sure that the hackers are using all the tools at their disposal to achieve their goals, too.
Kade Morton, Security Consultant at Quantum Security Services gives an example: “Imagine an AI that scans a target, writes its own malware tailored to the target, phishes the individuals it assesses to be most vulnerable, knows what to look for and exfiltrates what it wants.” Scary stuff.
He notes that, “Malicious hackers with access to something like (AI) for automating their reconnaissance of targets, the discovery of vulnerabilities, something that suggests tools and payloads appropriate to those vulnerabilities, illustrates how a number of vulnerabilities could be chained together, and that can advise on the latest defence trends and how to circumvent them.”
In 2019, it’s time to get serious about cybersecurity or risk it all. While IoT devices are set to streamline our lives they also pose a threat to our cybersecurity which can only be tackled with strong leadership policies, procedures, combative software solutions fuelled by AI and a promise to stay current.
Dive down the rabbit hole:
72 AI-powered languages
Trusted by the world’s top brands
Dedicated Customer Success
What is Employer Branding?
Employer Branding is essential for any company looking to recruit or retain talent. Your employees now have the same expectation as customers - in other words they want to know 'why' they should work for you, not just 'what' they are doing.
What is your company story and what do you stand for as an employer? Employer Branding content builds trust with your employees, increases your marketplace reputation and turns you into an employer of choice.
In today's environment employers need to work hard to stay relevant and create environments where employees are engaged and motivated. A strong Employer Branding strategy -projecting a positive brand identity - can help attact and retain the right people.
Especially in times of recession it is important for companies to set themselves apart from the competition and create strong bonds with their existing and future employees.
The Martec's AI-powered Employer Branding content tool is the most powerful platform on the planet for Employer Branding strategy, content creation, distribution and reporting. Used by many of the worlds' top Employer Brands for scale, impact and precision.
And 100+ other world class employer brands across 30 countries