AI-powered cyberattacks, crypto cloud mining and manipulated data are just some of the methods that cybercriminals will use against us.
As millions of employees work from home—often from personal computers, remote-working has understandably spurred renewed interest in cybersecurity. According to the some reports, there has been a 100x increase in malicious cyberattacks during the COVID-19 pandemic, often as a result of phishing attacks sent to employees’ e-mails.
While it is important to focus on these problems and concentrate on building up companies’ cyber defenses, we are entering an era of Big Data and AI that will profoundly change the way criminals operate.
The AI-empowered hacker
One of the more obvious threats will come from AI and its use to automate attacks at scale. To be sure, attempted logins are already very much automated, with 90% of e-commerce sites’ traffic coming from cybercriminals’ programs. However, the ability for AI to learn and mimic human behavior will significantly increase both the scale of these attacks and their sophistication.
Importantly, the ability to make predictions with AI will allow cybercriminals to prevail even as organizations improve and become more sophisticated in cyber defense. Password patterns can be detected and broken more easily, Captchas and other ‘I am not a Robot’ safeguards can be overcome, and ‘AI hackers’ will be able to quickly recover and resume attacks once detected.
‘Garbage In, Garbage Out’
AI depends on good-quality data in order to make decisions. The algorithms ‘learn’ from data and are self-improving to get smarter over time.
When good-quality data is fed into an AI algorithm, the results are better decisions. Conversely, when poor-quality data is supplied, the results are poor—hence the saying ‘Garbage In, Garbage Out’.
As countries invest more into AI, more of our daily lives will be influenced (and hopefully improved) by the technology. This will also influence cybercriminals to target the data that the AI algorithm uses, potentially changing the data that is fed in and thus influencing the decisions it makes.
This could spur changes to loan applications, for example, and reduce the algorithm’s ability to detect threats properly or simply to cause mischief. According to Gartner, some sort of data manipulation methods will be used in 30% of cyberattacks by 2022, potentially affecting AI projects and development.
Cryptocurrency and the cloud
As more and more companies and individuals conduct work and store information in the Cloud, the platform is becoming a bigger target for hackers. Companies are now storing terabytes of sensitive data there without strong security—thereby exposing themselves to possible breaches.
One future threat arising from this is cloud crypto mining, where unwitting victims leave files infected with crypto-jacking malware on their own, or their companies’, cloud resources. The malware will then use the CPU power of cloud resources to mine for cyptocurrencies. Many companies do not have full visibility of which cloud resources are used across all platforms, so they may not notice the spike in resource usage until they receive a whopping bill at the end of the billing cycle.
What can we do?
When it comes to future cybersecurity, there is no silver bullet and the answer is not necessarily to hire hordes of AI specialists to stand guard 24/7
As counterintuitive as this sounds, the best defense against cyberattacks is to first get the basics right. This includes observing cyber hygiene such as changing passwords regularly, employing two- or multi- factor authentication, implementing good-quality endpoint protection solutions, and ensuring that remote-workers operate from company-regulated hardware, not insecure personal laptops or phones.
Just as important is regular company-wide training on cybersecurity and data management. As mentioned above, the basics need to be taught and standardized throughout the company. Experts need to come in and update the team on data management hygiene and other practices, as well as provide insights into the latest techniques and methods criminals use to access their and their company’s information.
By arming individuals with continual knowledge, cybersecurity firms have a much higher chance of protecting companies against cyberattacks.