As you’d expect in January, the media is buzzing with predictions for the year ahead. Numerous companies, research institutes and analysts have all agreed on one thing artificial intelligence and bitcoin will be trends to watch. How enduring each will be is debatable as financial houses grapple with the choice of offering cryptocurrency trading desks or erring on the side of caution in case the bubble bursts.
Certainly in the world of security there are having an impact. More and more machine learning is being adopted into security methods. That’s of course a positive when the attacks are relentless.
In fact, research uncovered that one-fifth of companies already rely on machine learning and artificial intelligence and a quarter plan to integrate it in to security plans the next 12 months. It’s a sensible move to include the latest developments and should be encouraged.
However, delving into the findings revealed that Europe is falling behind the US and Asia Pacific in the adoption of artificial intelligence.
Plenty of people I have spoken to have been surprised by this, but as with all insight there are two sides to the coin. Everyone agrees that artificial intelligence is highly effective when it comes to managing very complex situations where theoretical modelling is virtually impossible, for instance when you need to predict how a person will respond. It’s also useful when you need to do more with less resource or budget.
But they also support the notion that positive security models are still the best way to protect from cyber attacks, especially where there is zero margin for error. Plus AI is also no substitute for the skills needed to investigate attacks and develop a strategy. Security professionals need the rapid aggregation of data that artificial intelligence can provide, as their brains simply aren’t equipped to it themselves. But there is no way the AI systems can process the data to come to conclusions about how strategy should change and what direction the company should move in.
I put to people in my discussions that in actual fact, Europe is more advanced in its thinking and waiting until AI has evolved, and instead looking at closing skills gaps first. Heads nodded. It was in fact, representative of their own approach. They had just resigned themselves to thinking they were behind, constrained by budget. In fact I’d argue they are ahead of the game if they wait and balance AI with proven positive security models and beef up the skills in their teams with people with hacking skills – as a third of companies are now doing.
That brings me to point number two: bitcoin. Skills like that will be vital in fighting ransom attacks and understanding how threats are designed. The percentage of companies reporting financially motivated cyber-attacks has doubled over the past two years, with 50% of surveyed companies experiencing a cyber-attack motivated by ransom in the past year. And companies don’t expect this threat to go away in 2018 either – one in four executives see ransom as the largest threat to their business sector in the coming year.
As the value of bitcoin and other cryptocurrencies has appreciated so has the interest of the hacking community. It’s now a very lucrative sport to run bitcoin motivated ransom attacks. They provide the perfect opportunity for hackers to cash out for higher gains months later when the value rises.
This goes well beyond the upside of anonymity that hackers were originally interested in. And of course it provides criminals with the vital funds they need to continue their operations.
And this is of course where the web of attack types, artificial intelligence and skill intersect. Criminals use various exploits and hacks to encrypt vital systems, steal intellectual property, and shut down business operations. As hackers and their methods become increasingly automated, it is now more important than ever for organisations to be proactive in protecting their business. But there has to be a combination of automated detection, mitigation and defence with skill. Skill that is acutely tuned to the way hackers behave and the sorts of hacks they will design that exploit trends like bitcoin, or vulnerabilities white hat hackers discover.
2018 will be a tough year for cyber security. Staying focused on blending positive security, machine learning and skill will help win the many battles ahead.