Ten big issues – 5: in an AI-powered arms race, black and white hats are battling to uncover vulnerabilities that they can either exploit or patch, but the black hats only need to be lucky occasionally while the white ones have to be lucky all the time.
Just using antivirus software and a firewall with detailed whitelists or blacklists is no longer enough. We are now facing extremely advanced cyber threats that cannot be tracked or prevented by traditional security measures. With fileless attacks becoming more ubiquitous, it is becoming increasingly difficult to detect bad actors using traditional defences and affected companies are now taking an average of 191 days to detect a data breach.
Artificial Intelligence (AI) is therefore starting to be applied to help make sense of millions of logs and anomalous events, and then to identify a suspicious event, detect a malicious file or spot behaviour from a seemingly benign data cluster or file.
However, both sides have come to appreciate the potential of AI and are actively using it to automate and accelerate their ability to find vulnerabilities or intrusions. This has sparked an AI arms race that is delicately balanced. While the white hats are often better resourced, the black hats only need to be lucky occasionally while the white ones have to be lucky all the time.
And AI is also leading to an exponential rise in the number of attacks, with the number of records that have been breached rising accordingly and with a rise in litigation expected to follow – indeed 2019 is predicted to be the year of cyber litigation.