By now, it is obvious to everyone that widespread remote working is accelerating the trend of digitization in society that has been happening for decades.
What takes longer for most people to identify are the derivative trends. One such trend is that increased reliance on online applications means that cybercrime is becoming even more lucrative. For many years now, online theft has vastly outstripped physical bank robberies. Willie Sutton said he robbed banks because thats where the money is. If he applied that maxim even 10 years ago, he would definitely have become a cybercriminal, targeting the websites of banks, federal agencies, airlines, and retailers. According to the 2020 Verizon Data Breach Investigations Report, 86% of all data breaches were financially motivated. Today, with so much of societys operations being online, cybercrime is the most common type of crime.
Unfortunately, society isnt evolving as quickly as cybercriminals are. Most people think they are only at risk of being targeted if there is something special about them. This couldnt be further from the truth: Cybercriminals today target everyone. What are people missing? Simply put: the scale of cybercrime is difficult to fathom. The Herjavec Group estimates cybercrime will cost the world over $6 trillion annually by 2021, up from $3 trillion in 2015, but numbers that large can be a bit abstract.
A better way to understand the issue is this: In the future, nearly every piece of technology we use will be under constant attack and this is already the case for every major website and mobile app we rely on.
Understanding this requires a Matrix-like radical shift in our thinking. It requires us to embrace the physics of the virtual world, which break the laws of the physical world. For example, in the physical world, it is simply not possible to try to rob every house in a city on the same day. In the virtual world, its not only possible, its being attempted on every house in the entire country. Im not referring to a diffuse threat of cybercriminals always plotting the next big hacks. Im describing constant activity that we see on every major website the largest banks and retailers receive millions of attacks on their users accounts every day. Just as Google can crawl most of the web in a few days, cybercriminals attack nearly every website on the planet in that time.
The most common type of web attack today is called credential stuffing. This is when cybercriminals take stolen passwords from data breaches and use tools to automatically log in to every matching account on other websites to take over those accounts and steal the funds or data inside them. These account takeover (ATO) events are possible because people frequently reuse their passwords across websites. The spate of gigantic data breaches in the last decade has been a boon for cybercriminals, reducing cybercrime success to a matter of reliable probability: In rough terms, if you can steal 100 users passwords, on any given website where you try them, one will unlock someones account. And data breaches have given cybercriminals billions of users passwords.
Above: Source: Attacks Against Financial Services via F5 Security Incident Response Team in 2017-2019
Whats going on here is that cybercrime is a business, and growing a business is all about scale and efficiency. Credential stuffing is only a viable attack because of the large-scale automation that technology makes possible.
This is where artificial intelligence comes in.
At a basic level, AI uses data to make predictions and then automates actions. This automation can be used for good or evil. Cybercriminals take AI designed for legitimate purposes and use it for illegal schemes. Consider one of the most common defenses attempted against credential stuffing CAPTCHA. Invented a couple of decades ago, CAPTCHA tries to protect against unwanted bots by presenting a challenge (e.g., reading distorted text) that humans should find easy and bots should find difficult. Unfortunately, cybercriminal use of AI has inverted this. Google did a study a few years ago and found that machine-learning based optical character recognition (OCR) technology could solve 99.8% of CAPTCHA challenges. This OCR, as well as other CAPTCHA-solving technology, is weaponized by cybercriminals who include it in their credential stuffing tools.
Cybercriminals can use AI in other ways too. AI technology has already been created to make cracking passwords faster, and machine learning can be used to identify good targets for attack, as well as to optimize cybercriminal supply chains and infrastructure. We see incredibly fast response times from cybercriminals, who can shut off and restart attacks with millions of transactions in a matter of minutes. They do this with a fully automated attack infrastructure, using the same DevOps techniques that are popular in the legitimate business world. This is no surprise, since running such a criminal system is similar to operating a major commercial website, and cybercrime-as-a-service is now a common business model. AI will be further infused throughout these applications over time to help them achieve greater scale and to make them harder to defend against.
So how can we protect against such automated attacks? The only viable answer is automated defenses on the other side. Heres what that evolution will look like as a progression:
Right now, the long tail of organizations are at level 1, but sophisticated organizations are typically somewhere between levels 3 and 4. In the future, most organizations will need to be at level 5. Getting there successfully across the industry requires companies to evolve past old thinking. Companies with the war for talent mindset of hiring huge security teams have started pivoting to also hire data scientists to build their own AI defenses. This might be a temporary phenomenon: While corporate anti-fraud teams have been using machine learning for more than a decade, the traditional information security industry has only flipped in the past five years from curmudgeonly cynicism about AI to excitement, so they might be over-correcting.
But hiring a large AI team is unlikely to be the right answer, just as you wouldnt hire a team of cryptographers. Such approaches will never reach the efficacy, scale, and reliability required to defend against constantly evolving cybercriminal attacks. Instead, the best answer is to insist that the security products you use integrate with your organizational data to be able to do more with AI. Then you can hold vendors accountable for false positives and false negatives, and the other challenges of getting value from AI. After all, AI is not a silver bullet, and its not sufficient to simply be using AI for defense; it has to be effective.
The best way to hold vendors accountable for efficacy is by judging them based on ROI. One of the beneficial side effects of cybersecurity becoming more of an analytics and automation problem is that the performance of all parties can be more granularly measured. When defensive AI systems create false positives, customer complaints rise. When there are false negatives, ATOs increase. And there are many other intermediate metrics companies can track as cybercriminals iterate with their own AI-based tactics.
If youre surprised that the post-COVID Internet sounds like its going to be a Terminator-style battle of good AI vs. evil AI, I have good news and bad news. The bad news is, were already there to a large extent. For example, among major retail sites today, around 90% of login attempts typically come from cybercriminal tools.
But maybe thats the good news, too, since the world obviously hasnt fallen apart yet. This is because the industry is moving in the right direction, learning quickly, and many organizations already have effective AI-based defenses in place. But more work is required in terms of technology development, industry education, and practice. And we shouldnt forget that sheltering-in-place has given cybercriminals more time in front of their computers too.
Shuman Ghosemajumder is Global Head of AI at F5. He was previously CTO of Shape Security, which was acquired by F5 in 2020, and was Global Head of Product for Trust & Safety at Google.
- Defense Official Calls Artificial Intelligence the New Oil - Department of Defense - October 19th, 2020
- Can Artificial Intelligence Help Students Work Better Together? According to Research, the Answer is Yes. - WPI News - October 19th, 2020
- AI that scans a construction site can spot when things are falling behind - MIT Technology Review - October 19th, 2020
- Artificial intelligence gets real in the OR - Modern Healthcare - October 19th, 2020
- 4 AI Stocks That Will Surge in 2021 as Artificial Intelligence Takes Hold - Investorplace.com - October 19th, 2020
- Pimloc gets $1.8M for its AI-based visual search and redaction tool - TechCrunch - October 19th, 2020
- IoT trends continue to push processing to the edge for artificial intelligence (AI) - Urgent Communications - October 19th, 2020
- Companies Work on AI-Based Sensors, Weapons for Use in Image Processing, Target Identification - ExecutiveBiz - October 19th, 2020
- The grim fate that could be 'worse than extinction' - BBC News - October 19th, 2020
- Facebook to use artificial intelligence in bid to improve renewable energy storage - CNBC - October 19th, 2020
- NVIDIA Releases a $59 Jetson Nano 2GB Kit to Make AI More Accessible to Developers - InfoQ.com - October 19th, 2020
- Top tech trends for 2021: Gartner predicts hyperautomation, AI and more will dominate business technology - TechRepublic - October 19th, 2020
- Go Beyond Artificial Intelligence: Why Your Business Needs Augmented Intelligence - Forbes - October 19th, 2020
- Artificial Intelligence Cold War on the horizon - POLITICO - October 19th, 2020
- Total partners with Google to deploy AI-powered solar energy tool - The Hindu - October 19th, 2020
- The state of AI in 2020: democratization, industrialization, and the way to artificial general intelligence - ZDNet - October 1st, 2020
- Daily AI Roundup: The 5 Coolest Things On Earth Today - AiThority - October 1st, 2020
- AIOps uses AI, automation to boost security - MIT Technology Review - October 1st, 2020
- Turning AI onto itself: AI algorithm detects when medical images will be difficult for radiologists or AI to make an effective diagnosis - PRNewswire - October 1st, 2020
- How AI will revolutionize manufacturing - MIT Technology Review - October 1st, 2020
- Will AI cross the proverbial chasm? Algorithmia resolves the practical pitfalls of machine learning - ZDNet - October 1st, 2020
- AI is for the Birds in a New Computer Science Project | Newsroom - UC Merced University News - October 1st, 2020
- This AI Generates Photos Using Only Text Captions as a Guide - PetaPixel - October 1st, 2020
- 9 Soft Skills Every Employee Will Need In The Age Of Artificial Intelligence (AI) - Forbes - October 1st, 2020
- VMware and Nvidia make the power of AI accessible to every enterprise - SiliconANGLE News - October 1st, 2020
- What investment trends reveal about the global AI landscape - Brookings Institution - October 1st, 2020
- The North America artificial intelligence in healthcare diagnosis market is projected to reach from US$ 1,716.42 million in 2019 to US$ 32,009.61... - October 1st, 2020
- Industry VoicesAI doesn't have to replace doctors to produce better health outcomes - FierceHealthcare - October 1st, 2020
- Inside the Army's futuristic test of its battlefield artificial intelligence in the desert - C4ISRNet - October 1st, 2020
- Admiral Seguros Is The First Spanish Insurer To Use Artificial Intelligence To Assess Vehicle Damage - PRNewswire - October 1st, 2020
- Will artificial intelligence have a conscience? - TechTalks - October 1st, 2020
- Global AI in Asset Management Market By Technology, By Deployment Mode, By Application, By End User, By Region, Industry Analysis and Forecast, 2020 -... - October 1st, 2020
- Why Artificial Intelligence Should Be on the Menu this Season - FSR magazine - October 1st, 2020
- Banner Health is the first to bring AI to stroke care in Phoenix - AZ Big Media - October 1st, 2020
- Artificial Intelligence What it is and why it matters | SAS - September 6th, 2020
- What Is Artificial Intelligence (AI)? | PCMag - September 6th, 2020
- What is AI? Everything you need to know about Artificial ... - September 6th, 2020
- 3 Predictions For The Role Of Artificial Intelligence In Art And Design - Forbes - September 6th, 2020
- This know-it-all AI learns by reading the entire web nonstop - MIT Technology Review - September 6th, 2020
- Diffbot attempts to create smarter AI that can discern between fact and misinformation - The Financial Express - September 6th, 2020
- MQ-9 Reaper Flies With AI Pod That Sifts Through Huge Sums Of Data To Pick Out Targets - The Drive - September 6th, 2020
- The fourth generation of AI is here, and its called Artificial Intuition - The Next Web - September 6th, 2020
- The Impact of Artificial Intelligence on Workspaces - Forbes - September 6th, 2020
- Catalyst of change: Bringing artificial intelligence to the forefront - The Financial Express - September 6th, 2020
- We May Be Losing The Race For AI With China: Bob Work - Breaking Defense - September 6th, 2020
- These students figured out their tests were graded by AI and the easy way to cheat - The Verge - September 6th, 2020
- Artificial intelligence expert moves to Montreal because it's an AI hub - Montreal Gazette - September 6th, 2020
- 3 Ways Artificial Intelligence Is Transforming The Energy Industry - OilPrice.com - September 6th, 2020
- How Artificial Intelligence Will Guide the Future of Agriculture - Growing Produce - September 6th, 2020
- Dentsu's Chief Automation Officer: 'AI Should Be Injected In Every Process' - AdExchanger - September 6th, 2020
- Carrboro startup Tanjo to leverage its AI platform to help with NC's reopening - WRAL Tech Wire - September 6th, 2020
- A voice-over artist asks: Will AI take her job? - WHYY - September 6th, 2020
- Engineer-turned-photographer eyes switch to digital field with AI skills - The Straits Times - September 6th, 2020
- Management AI: Matching AI Models To Business Needs, Unsupervised Learning, Customer Segmentation, And Association - Forbes - September 4th, 2020
- Just what can AI in IT operations accomplish? - TechTarget - September 4th, 2020
- AIs Data Hunger Will Drive Intelligence Collection - Breaking Defense - September 4th, 2020
- How to Fight Discrimination in AI - Harvard Business Review - September 4th, 2020
- AR, VR, Autonomy, Automation, Healthcare: Whats Hot In AI Right Now - Forbes - September 4th, 2020
- Loyal Markets on the FX Market and AI Technology - GlobeNewswire - September 4th, 2020
- Should Human Perception and Artificial Intelligence be Compared? - Analytics Insight - September 4th, 2020
- Healthcare AI: How one hospital system is using technology to adapt to COVID-19 - TechRepublic - September 4th, 2020
- Artificial Intelligence: How realistic is the claim that AI will change our lives? - Bangkok Post - September 4th, 2020
- NASAs impressive new AI can predict when a hurricane intensifies - The Next Web - September 4th, 2020
- A London AI Hub, a Facility Bigger than the Louvre, Are Among the Newest Footprint Expansions in the Life Sciences Industry - BioSpace - September 4th, 2020
- Robotics and AI leaders spearheading the battle with COVID-19 - ShareCafe - September 4th, 2020
- AI enhanced content coming to future Android TVs - Android Authority - September 4th, 2020
- Law and Justice Powered by Artificial Intelligence? It's Already a Reality - JD Supra - September 4th, 2020
- Are China and South Korea quietly dominating AI innovation? - Tech Wire Asia - September 4th, 2020
- Human-centered redistricting automation in the age of AI - Science Magazine - September 4th, 2020
- How AI is being used to socially distance audiences at 'Tenet' and why Netflix is no threat, according to this movie theater chain boss - MarketWatch - September 4th, 2020
- Banks arent as stupid as enterprise AI and fintech entrepreneurs think - TechCrunch - September 4th, 2020
- Building up its AI operations, GSK opens a $13M London hub with plans to woo talent now trekking to Silicon Valley - Endpoints News - September 4th, 2020
- This AI tool helps healthcare workers look after their mental health - The European Sting - September 4th, 2020
- Facebook and NYU use artificial intelligence to make MRI scans four times faster - The Verge - August 18th, 2020
- Too many AI researchers think real-world problems are not relevant - MIT Technology Review - August 18th, 2020
- Reimagining creativity and AI to boost enterprise adoption - TechTarget - August 18th, 2020
- Global AI in Healthcare Diagnosis Market 2020-2027 - AI in Future Epidemic Outbreaks Prediction and Response - ResearchAndMarkets.com - Business Wire - August 18th, 2020
- Want to Teach An AI Novelty? First, Teach It Monopoly. Then Throw Out the Rules. - ScienceBlog.com - August 18th, 2020
- AI bias may worsen COVID-19 health disparities for people of color - Healthcare IT News - August 18th, 2020
- No, AI and Big Data Are Not Going to Win the Next Great Power Competition - The Defense Post - August 18th, 2020