How are criminals using AI-powered tools to attack organisations?
“Criminals are using AI like a mirror, to circumvent your security defences.”
Professor Marco Gercke, the founder of the CyberCrime Research Institute, talks to Jeremy Swinfen Green about how criminals use AI, how organisations can use pattern detection to prevent them, and how sometimes response is more effective than prevention.
AI is something which is, obviously, coming to the forefront. It’s coming to the forefront in terms of defending against criminals but also, criminals are using AI.
Perhaps, you could tell people how criminals are using AI powered tools to attack organisations and how organisations can defend themselves against these attacks.
Well, in general, AI is offering great opportunities both for defence as well as attacking. So what you could basically say is that criminals are using it like a mirror.
So whenever you’re developing systems to prevent attacks or to identify attacks, they’re trying to use AI to circumvent those protection measures. It gives you the opportunity to carry out way more attacks and to individualise them.
So one of the things we’re trying to look for is a pattern. So when we see there is a pattern of the offenders trying to attack a computer system, you can say, OK, this is how we identify them.
If you’re using AI and if you’re able to change your approaches very, very fast, that’s something where it makes it more difficult. So both AI and machine learning are used by offenders to have, basically, smarter attacks.
I see. And how can organisations defend themselves against these smarter attacks?
Well, it’s very, very difficult to defend. I mean, obviously, you have to invest in technology, you have to try to have smart systems in defence, as well, that are able to identify patterns that you’re maybe even not, as a human being, not able to see because there are just too many data points that you would have to analyse.
But in addition, I think we have to move away from this idea that we can prevent it and can completely stop an attack. And we have to work on the basis that, well, if we cannot stop it, we should better find out when it’s taking place. So we need sensors to understand something is happening. And then, we need a response strategy.
Their resilience is very much an important part of the strategy that organisations should be developing.
Absolutely, so resilience is a part– the whole cyber security strategy is really important– that you not only see it from a technical level but, you’re also saying, OK, I have the risk management component in there as well.
So this is why we do not only see that people that are working as a system administrator or a cyber security officer are involved in dealing with cyber attacks but also the top management because they have to take certain risk decisions.