The Artificial Intelligence (AI) hype train seems to be everywhere nowadays with numerous commercial solutions in the market boasting the “powered by AI” logo. From Netflix movie recommendations to Apple’s Siri and the upcoming Metaverse, AI has spread to every facet of our digital lives. Cyber-security professionals are also jumping onto the bandwagon by implementing solutions that use AI to further enhance their protection and detection capabilities. One area that gets missed out often, however is where Artificial Intelligence and Cyber-security overlap.
As someone who has taught, written and spoken on AI cyber-security risks quite a bit, I thought it would be a good idea to just summarize a few changes to the status quo that Artificial Intelligence will bring to Cyber-security.
This list should help you regardless if you are a CISO or a cyber-security newbie.
Change 1 — Artificial Intelligence and Cyber Security
AI technologies have been a game changer for cyber-security tooling with companies like Crowd Strike , DarkTrace etc. pumping millions of dollars into using AI based technologies. AI and machine learning is able to ingest and analyze billions of metadata points and make intelligent decisions to protect attacks which traditional controls will miss. Unfortunately for most cyber-security teams, these types of tools have been the extent of their interaction with AI.
If as a CISO your cyber-security teams are unaware of the fundamental concepts of AI and machine learning then upskilling them is the need of the hour.
CISOs are already aware that businesses across the world are pumping millions into AI to gain a competitive advantage in the marketplace. As risk experts, CISOs are required to identity and mitigate cyber-attacks on these applications and this is where the problems start. Cyber-security teams are simply unaware of the new types of attacks targeting AI based systems. with techniques like Data Poisoning, Model Extraction and Membership inferences poised to become as common as SQL injection and XSS attacks in the coming years
Are your security pent-testing teams able to look for such new attacks in business applications ? Or is…