AI and cybercrime: Good and bad news

Posted

Written by Geoff Spencer, Digital Content Editor, Microsoft Asia

Artificial intelligence could soon reset the murky world of cybercrime – and the news is both good and bad.

“We have AI, but so do the bad guys,” says Ann Johnson, Microsoft’s Vice President, Enterprise & Cybersecurity.

She thinks it is inevitable that the criminal use of AI will result in more sophisticated threats – such as “malware becoming adaptive in the wild, which I don’t think is that far off.” But she is also optimistic that companies and crimefighters, armed with AI, will be able to catch threats faster, and use analytics to predict when something is going to happen.

“When we see malware, we will be able to analyze it much more quickly by using artificial intelligence and machine learning,” she said in an interview on the sidelines of the Interpol World 2017 Congress in Singapore recently. “I think AI is the step change that we have all been waiting for.”

Threat intelligence remains fundamental to keeping networks safe – here in Asia and across the rest of the world. In a keynote address to the Interpol gathering, Johnson said that organizations with good threat intelligence have an advantage because it points to what hackers might do in the future. It also offers indicators of potential compromises. This anticipatory approach means organizations can patch their security before problems emerge.

“Threat intelligence comes from companies, associations, industries and governments that have experienced cyberattacks. As you can imagine, that’s a lot of data, and it would be impractical for individual companies to take on the burden of collecting and analyzing it for their own use.”

This is where Microsoft’s Intelligent Security Graph steps in. It gathers and analyses billions of signals and authentications from across Microsoft’s more than 200 global services – including emails, Bing and Internet Explorer –  constantly watching for signs of trouble and then alerting customers.

New technologies, like security chatbots, and HoloLens, let you interact with the graph to get insight and help on how to deal with a security incident. “You can say: ‘I am seeing this scenario. Who else in my organization is affected?’ Johnson explains, And, it comes back and says: ‘Based on our analysis, here is a list of affected persons, how they got infected and their hierarchy in the organization.”

Johnson further sees a time when machine-learning will make cybersecurity “a lot more intelligent”, predictive even. Imagine a security environment that warns of for example: “10 computers in a data center are going to go down, or a network connection can potentially be compromised.”

“…you could put on a HoloLens and visualize it… it is pretty exciting.”

The AI driven cybersecurity architecture will have run through scenarios for answering questions like: “What could a bad actor exploit in my current environment? What is the potential impact on the availability of certain critical resources?”

“In fact, you could put on a HoloLens and visualize it. And, Cortana could say: Based on this scenario, this is the weakest link. Solve for this first. There is a lot of promise from technology. It is pretty exciting.”

Johnson’s enthusiasm for sophisticated solutions, however, is tempered with some down-to-earth advice: Do the basics. “You can spend millions of dollars on technology, but if you don’t have security hygiene, it doesn’t matter what you buy.”

PowerMap snapshot of botnet infections disrupted by the Microsoft Digital Crimes Unit (DCU)

Her watchwords are: “Assume Breach”. “You always have to assume that you have been compromised. In Asia, compromises are not detected on average for about 500 days – compared with 100 days in the U.S. Think about someone being in your network for 500 days and the amount of damage they can do.”

Her security “no brainers” include:  Stop sharing domain passwords; manage admin privileges in your company; and always update when new patches are released.

Also, continually educate your staff and executives on how to guard against traps like phishing. “About 85 percent of internal breaches are not malicious. They are often somebody doing something careless, or they don’t know any better.”

Think about someone being in your network for 500 days and the amount of damage they can do.

Make sure your network is backed up properly and have an up-to-date disaster plan. Sixty percent of small companies that are breached do not recover and go out of business.

Johnson says the world must now accept that cybercrime is here to stay. “It is not going to stop. It is going to get worse. We will have to act faster, but we are not going to ‘stop’ it. It’s like saying we are not going to have another murder or another bank robbery.

“Sadly, it is now part of the fabric of society. I am talking a lot more nowadays about cyber-resilience rather than just cybersecurity.”

Meanwhile, the types of actors involved in cybercrime are changing.

“As recently as five or six years ago, we used to put actors into categories. Then, you had nation state actors, financially motivated ones looking for valuable information to sell, as well as those hacking for fame or activism.

“But the lines are incredibly blurred nowadays. It is a multi-trillion-dollar industry … and they are working together in ways they never did before.”