Americas

  • United States

Asia

Oceania

Contributor

2018: the year of the AI-powered cyberattack

Opinion
Jan 10, 20184 mins
Artificial IntelligenceCyberattacksData and Information Security

2018 will not only be a worse year for data breaches, but the year when we start to see more and more cyberattacks powered by artificial intelligence, which will make prevention more difficult.

artificial intelligence ai blockchain digital learning chip
Credit: Thinkstock

From WannaCry to Equifax and Uber, the major data breaches that plagued 2017 were a wake-up call for corporations where security systems were lax. This past year has seen a rise in automated bot attacks and bore witness to the first AI-powered cyberattack detected in India, where machine learning was used to study patterns of normal user behavior within a company’s network.

If these developments are any indication, it’s that 2018 will not only be a worse year for data breaches, but the year of AI-powered cyberattacks, which makes prevention more difficult. In order to successfully combat these attacks and prevent larger-scale breaches, here are some trends we can expect to see take shape in 2018.

1. Reliance on centralized systems will drive the need for decentralized AI

AI platforms that hoard millions of users’ private information are experiencing data breaches due to the reliance on unsecure centralized servers, which act as easy targets for hackers to access sensitive information in bulk.  Recently, the AI.type keyboard app that learns users’ writing styles to create a personalized messaging experience suffered a leak that exposed 31 million Android users. Hackers were able to gain access to their server containing user’s names, emails and exact location, along with how long the app had been installed on their device.

Right now, AI platforms help to concentrate power in the hands of those few organizations which are able to source, process and store large amounts of data. As a result, developers and security teams will need to shift to a decentralized approach where AI can digest large amounts of information and then distribute that data to multiple devices as opposed to a single database or entity. 

2. Continuous KYC (Know Your Customer) will be more important than ever

Today, banks and financial apps use knowledge-based authentication (KBA) to verify a user accessing the service based on static data (i.e. security questions, date of birth) and dynamic data (compiled from public and private data pulled from marketing data, credit reports and transaction history). This method of authentication is outdated as these knowledge-based questions are easy to guess or already breached via social media or central servers. These questions are also a burdensome and time-consuming experience for users. 

In countries like Mexico, where the government mandated that all banks onboard their new clients digitally in 2018, there is now a huge push to ensure every aspect of the banking process is transitioned to laptops and other digital devices.

In India, the government is implementing a unified ID program called Aadhaar, forcing every citizen to shift to mobile. In both scenarios, not everyone is tech savvy, meaning that governments, financial institutions and even organizations in other industries will need to adopt a KYC mentality from the beginning to understand what their consumers need in order to make processes as seamless as possible, while adhering to government regulations.

For instance, the mobile banking app Monzo will ask clients to send a photo of their ID along with a self-video for authentication rather than requiring they bring a passport to a physical location. KYC needs to be an ongoing process that begins when you sign up for your online account and continues throughout the course of that customer relationship.

3. Humans versus bots: automated bot attacks will continue to make a splash

The rise of ecommerce and the shift to a mobile-first society plays a significant role in the state of cybersecurity. Fraudsters are moving their attacks to other vectors on a daily basis, making it almost impossible for security teams to model attacks and attack behaviors.

With the rise of AI, AI is teaching bots to be more human-like. Mobile bot farms where bots are implemented on many thousands of devices to appear more human-like are just one example – making it more difficult to differentiate between real users and non-users, and humans versus bots.

Another method is card-not-present fraud, where a payment is made using a credit card number online without the need for a card to be physically presented by the cardholder at the time of the transaction. In either case, once a fraudulent account or device is blacklisted, the individual behind it will simply create another account and change the behavior, leveraging the clear gaps in the system.

Traditional machine learning approaches currently used to combat fraud are ineffective. Such approaches only focus on known fraudulent behaviors, rather than continuously adapting and learning as fraudsters change their attack patterns. The future of authentication lies in building personalized user models that detect any deviation from normal, or “good” behavior in a manner that will be virtually invisible to the end user. Otherwise, automated bot attacks will only increase in 2018 not just from a desktop perspective, but also from a mobile one.

Contributor

Deepak Dutt brings over 18 years of technical and entrepreneurial expertise in bridging the technology and business worlds. He has a range of experience from small software companies to large worldwide software and telecommunication companies and a reputation for going after tough tasks, hard goals, and accomplishing what the business needs to thrive.

Prior to his latest venture, Deepak Dutt worked in various roles in new venture development, R&D, product management and cyber security at Nortel, Siemens Telecom Innovation Center, and Newbridge Networks. He was awarded the award of excellence by the Nortel CEO in 2003.

Deepak has a successful track record in his entrepreneurship path where he co-founded a software company in India, Intsyx, specializing in eLearning simulation which was subsequently acquired by an Ottawa based firm, bringing him to Ottawa at age 22. As the CEO of Zighra, an emerging leader in mobile security and fraud prevention solutions, he has expanded the business globally with operations in Canada, U.S., UK, Middle East and India.

The opinions expressed in this blog are those of Deepak Dutt and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.