With cybercrime costing $3B annually, AI can improve chances of finding hackers
Machine learning can zero in on abnormal behaviour not detectable by existing programs
Technological advances in artificial intelligence are fuelling a new race between hackers and those toiling to protect cybersecurity networks.
Cybersecurity is always a race between offence and defence, but new tools are giving companies that employ them a leg up on those trying to steal their data.
Whereas past responses to cybercrimes often looked for known hacking methods long after they occurred, AI techniques using machine learning scan huge volumes of data to detect patterns of abnormal behaviour that are imperceptible to humans.
You're kind of looking at a cyber arms race- David Masson, Darktrace
Experts expect machines will become so sophisticated that they'll develop answers to questions that humans won't clearly understand.
David Decary-Hetu, assistant professor of criminology at the University of Montreal, says defenders have an edge right now in using artificial intelligence.
"But who knows what's going to happen in a few years from now," he said in an interview.
"The main issue is that if you're defending a system you have to be good 100 per cent of the time, but when you're attacking the system you only have to be successful once to get in."
Poloz's concern over hacking
Decary-Hetu said a growing list of corporate and government officials, including Bank of Canada governor Stephen Poloz, who say infiltrations are their top worry have a very good reason to fear.
Reports suggest cybercrime costs the Canadian economy between $3 billion and $5 billion a year, including ransom paid to foreign criminals.
Hacks of Sony Pictures, Uber, Ashley Madison, Yahoo and multinational retailers have sparked unsettling headlines about security of personal information.
One of the latest to face scrutiny is global credit-reporting firm Equifax. Hackers accessed the personal information, including names, social insurance and credit card numbers, as well as usernames, passwords and secret question/secret answer data of 19,000 Canadians and 145.5 million Americans.
Current detection systems tend to only recognize improper activity based on past events, often long after the damage is done.
An example of this is Equifax, which discovered the breach in July, months after hackers first infiltrated the system. It only notified the public in early September.
Niranjan Mayya, founder and CEO of Toronto-based Rank Software, said it takes on average 143 days for a breach to be detected.
The challenge is growing as the number of connected devices in the world continues to soar.
"Clearly the old style techniques of looking at cybersecurity threats and having people go through each threat aren't working anymore, so automated means of detecting threats has become more and more important," he said.
David Masson, Canadian manager for U.K.-based Darktrace, said artificial intelligence will help to keep up with threats by quickly identifying and stopping attacks by picking up on subtle markers that identify bad behaviour.
Keeping up with new threats
He said his company's systems map a customer's entire network, including every user and device, to discern even the slightest deviations as they emerge.
Masson said AI is needed to keep up with threats by automating defence responses to growing machine-on-machine attacks launched by sophisticated hackers.
"You're kind of looking at a cyber arms race," he said in an interview.
"If you want to keep up with this threat and put the advantage back in the hands of the defenders you're gonna have to use AI."
Ontario-based utilities company Energy+ Inc. said installed Darktrace technology alerted it to a user going to a malware site in Russia and uploading undisclosed sensitive data to a third-party cloud provider that its existing security was unable to catch.
No silver bullet
Some observers temper the current exuberance about AI, saying it's not a silver bullet and these are nascent days for the technology.
Receptiviti CEO Jonathan Kreindler says the hype around artificial intelligence has accelerated and has almost become a branding exercise for some companies that aren't even offering truly leading edge technology.
"The term AI is now being applied to any sort of algorithmic reasoning unfortunately," said Kreindler.
His firm uses AI to scour writings for unconscious use of language to understand the psychological state of company insiders who are responsible for 80 per cent of cybersecurity issues.
Canada's largest IT company, CGI Group, said artificial intelligence is a growing field of interest for customers, although the average client is in the fairly early stages of considering AI adoption in cybersecurity.
CGI cybersecurity expert Andrew Rogoyski said that still puts them one step ahead of most hackers, who are typically interested in stealing data using the cheapest tools possible.
- Cybersecurity: Barely perceptible threat has potential to derail Canada's economy
- Cybercrime costs $445B US a year to global economy, report finds
Rogoyski added that he expects a strengthening of defensive mechanisms might force hackers to also adopt innovative techniques such as AI.
"There's a race, it's been going on for 20 years plus and the race just keeps evolving. We keep leapfrogging each other," he said.