Businesses need to better fund AI cybersecurity to combat the growing threat of artificially intelligent (AI) cyberattacks, according to the CTO of the Cyber Security Research Center at Ben-Gurion University, Dudu Mimran.
Speaking at the OECD Forum, Mimran predicted that AI would become a more common weapon in the arsenal of hackers. The senior telecommunications and cybersecurity expert argued that this is partly because using AI would be “cheaper, faster and smarter” for hackers.
AI-driven cyberattacks could take many forms, including phishing, identity theft and denial-of-service attacks. According to Natan Bandler, CEO and co-founder of Cy-oT, the two main areas in which AI is being used to carry out attacks are as a “tool to find exploits” and for auto hacking to “map existing exploits and weaknesses.”
“AI became a tool that is available to all, including attackers,” he said. “Cybercrime is a fast growing market and, naturally, hackers use any available tool they can.”
AI cybersecurity incidents on the rise
Experts have been predicting a surge in AI cyberattacks for some time. While we are yet to see a large-scale, headline-grabbing AI-powered breach, there have been growing reports of low-level AI attacks in recent years.
In 2017, for example, cybersecurity firm Darktrace discovered the early signs of a previously unknown AI attack being used against one of their clients in India.
The machine learning used may have been basic, but it was able to learn patterns of normal behaviour within a network and mimic it to blend into the background. Darktrace CEO Nicole Eagan told CIO Journal that “we do imagine that there will be a time when attackers use machine learning and artificial intelligence as part of the attack. We have seen early signs of that.”
According to Mimran, the best way to combat this new and growing threat is to fight fire with fire. “The only way to defend against offensive cyber threats that use AI is actually [with] an autonomous, AI defence,” he said.
In 2016, the Defense Advanced Research Projects Agency (DARPA) ran the first all-machine hacking competition precisely with this in mind. It saw seven teams, each with their own AI cybersecurity software, pitted against one another. The winning team, Mayhem, later had their technology purchased by the Pentagon; one year later that same technology lost to a team of human hackers.
While this suggests that human hackers still exert the edge over machines, Mimran believes that it’s inevitable that humans must depend on AI to combat AI threats, particularly with the threat of cybersecurity and cyber warfare becoming “much more prevalent in our lives.”
“Eventually it’s going to be machines against machines,” he said.
And this risk extends to organisations at all levels, according to Bandler. “They are most common in all areas where there is big money and high value to the attackers,” he said.
According to consultancy firm PwC, 27% of executives say their organisations plan to invest in cybersecurity safeguards that use AI and machine learning.
Bandler believes that this investment is crucial, and says that there are AI cybersecurity products ready for businesses to invest in.
“A cybersecurity product that lags behind and doesn’t use AI as part of its methods is giving huge leverage to the attackers,” he warned.