If I have learnt anything from completing a degree in IT security, it is that the internet is a scary place. It is not just because Google can show you everywhere you have ever travelled and how you did it, or that Donald Trump is moving politics to Twitter. It is because of the ever-growing number of cyber-threats we face, and how the majority of people have now become desensitized to the issue.
The reason people have grown used to cyber-threats is because of the continual media hype that occurs whenever a company is hacked and their customer data is scattered to the dark web wind for all to see. Cyber-attacks have now become the norm in our society and businesses are anxiously waiting to be the next victim, with the public expecting us IT folk to fix the problem there and then and for us all to be safe once again.
However, we IT folk know that isn’t the case: yes security patches are created and shipped out as fast as Amazon’s next day delivery, but not everyone is ordering. I imagine as you are reading this a device somewhere is being infected by WannaCry!
It is all well and good deploying firewalls, SIEMs, IDS’s and other security features, but they all have their limitations. They need to be monitored, configured, updated etc and it all requires time and money, something that SME’s are going to struggle with.
How can this issue be tackled you ask? Well I personally think we as an industry need to start moving towards artificial intelligence (AI). AI is something that has been around for decades, but a lot of the issues with implementing it is the time it takes to train them, as well as the computing power and data needed.
With technology advancing so rapidly, it has become far easier to utilize AI. A lot of research has been done in further developing AI, you need only look at Google’s own AlphaGo and its success at learning how to play and then winning games. There is huge potential of how AI could be leveraged to help fight cybercrime, and make the internet a more secure and safe place.
In an ideal world, we could have an AI that monitors all internet traffic and blocks all threats before they reach their target. Having it analyze patterns of data to try and keep pace with the newest vulnerabilities and zero-day attacks, this is your good guy Skynet.
Realistically I feel AI systems need to be deployed by companies to monitor their IT estate for anomalies and threats. Then if a potential threat is found the AI can share its analytics with other AI’s across the globe to make them aware of what patterns of behavior to search for.
If the other AI’s detect similar patterns on a system, they can either take preventative action or alert an analyst who can then handle the situation. Sharing threat data is the only way we as an industry are going to be able to effectively protect the public who rely upon and use our services and infrastructure.
Another thread of thought for how we could use AI is instead of using it as a protective measure, why not train one to be a hacker? Now I know some people will be reading this and thinking that this is how Skynet is born and how it will hack the US and steal some launch codes. So obviously it’s something that needs to be designed properly so it doesn’t become a sentient AI that is the Kevin Mitnick of our time!
But think of the potential: you have a virtual environment of your IT infrastructure, you have some scripts running to generate data and simulate the environment and the AI can try and find vulnerabilities that may exist in your system. It could be trained by reverse engineering some of the latest exploits and to understand the attack patterns and as it tries to penetrate a system it records how far it gets and learns the weaknesses and strengths of a system. Eventually it could find zero-day exploits that nobody knew about.
Whilst this is happening it could be a training exercise for what security is already in place to try and detect what the AI is doing, giving the team valuable experience!
I think AI has a lot of potential for being the future of cybersecurity, all we need now is the push to get the ball rolling and who knows, Skynet may be closer than you think.
Chris Brake is a recent IT Security graduate from Plymouth University whose whole career rests on the decision to take part in the Cybersecurity Challenge Masterclass, which in a series of events led to my current job in BT Security. I have written papers on Blockchain technology and Machine Learning detection of bot accounts within Twitter. A massive geek who loves to solves puzzles and hates to lose!