Edinburgh Napier University’s Cyber Academy recently hosted its International Conference on Big Data in Cyber Security. With a plethora of expert speakers, the talks given focused on the subject of the Cybersecurity Revolution, covering issues such as best practice in industry and in network investigation, threat detection and the impact of high-profile malicious cyber incidents.
Along with the speakers present in Edinburgh, the day included expert speakers who were live streamed from six different time zones. Talks ran in tandem the entire day, so DIGIT has put together the top themes that emerged at the conference.
AI in Cyber Security
A key theme of the event was the application of AI in cyber security and many speakers addressed the issue of the fear and trepidation AI evokes. Attendees were assured that it is not as bad as we think and that the predicted unintended consequences are still quite far down the road. According to the experts, although AI isn’t perfect, it is useful and when it is fully developed it will revolutionise the field of cyber security. However, there are key drawbacks that currently limit its application.
Firstly, there is not enough data and expertise to reduce the number of high false detections in AI-powered cyber security and AI verdict logic remains very unclear. Therefore, humans remain an integral part of identifying threats in cyber attacks, AI is not at the stage where it can replace humans.
At the moment, in terms of cyber security, AI is best suited to augment human capability at threat detection and stopping an attack in progress. Secondly, the perpetrators of cyber crime are human and they make errors that AI could potentially miss, but a human would be far more likely to spot. Even the best AI is not yet not at the stage where it can interpret activity the same way a human can.
The Second Industrial AI Revolution
According to Mark Menzies, Chief Security Officer at Checkpoint, we are now in the second industrial AI revolution. In this phase we are seeking to replace the human brain with AI. During the first revolution, AI was used to replace human muscle to make work more efficient.
Advances in technology mean that data storage has been successfully compressed and is significantly smaller and much cheaper than ever before. Computing advances mean that AI experts can reuse multiple compute parts to crunch the numbers necessary for AI to work. Similarly, mathematics has improved over the years and is more accessible, it is no longer the sole responsibility of academia.
However, AI is only as good as the data it is fed by humans, which was demonstrated using the example of Microsoft’s Tay Bot, who after being put online for a few hours began to tweeting racist and bigoted profanity after being fed information by netizens. Needless to say Tay Bot was immediately pulled offline, however, this demonstrates how dependent AI remains on the quality of input data.
The Entrepreneurial Cyber Criminals
A consistent theme throughout the day was that often individuals get so lost in the daily fight to protect data that they forget the motivators behind the attacks. Since the emergence of cyber crime, it has evolved drastically over the past few years and hackers are no longer the lone figure in a hoodie but instead highly organised teams that work in a structured businesslike manner. Current statistics show that the cyber black-market is now more profitable than the illegal drugs trade and there are an estimated 1.4 million people working the cyber criminal world.
One example used by FBI agent Efrene G. Sakilayan, was that of an Iranian group who made law enforcement aware they would attack banks on certain days at scheduled times and would do so for a year. Sakilayan explained that the remarkable thing was they kept their word and perpetrated a DDoS activity every Tuesday, Wednesday and Thursday for a year successfully disrupting several institutions. They worked in a cohesive and organised way and thus set a new model for other cyber criminals to follow. Therefore, those working in cyber security need to be aware of this and not underestimate the ability of coordinated business-like hackers.
As the cost, barriers and expertise needed for launching a cyber attack have decreased significantly correspondingly the number of would-be hackers has increased rapidly. A large number of cyber criminals are now using the dark web to offer online packages to make the task even easier. Like any online business they offer product packages, tier pricing, upgrades, add-on features, bulk discounts, customer support and monthly subscriptions. At one point, in order to differentiate themselves they began competing with each other to provide the best customer service.
For a low price an individual can buy a botnet and deploy it without any real knowledge. Thanks to YouTube how-to tutorials and excellent customer support, almost anyone can launch a cyber attack. Overall, cyber security must evolve to meet the increasing threat of online attack, which is changing more rapidly than it ever has before. AI is still not at the stage it negates the need for a human component in cyber security.