Cybersecurity Roundup: Iran Cyberattacks, Cloud Range Cyber, Darktrace, Zix-AppRiver
… high levels of interest in this exciting new technology,” she said. “This expansion to G Suite and Microsoft Exchange means that more companies will be able to leverage this novel approach. In the face of increasingly advanced and targeted attacks, more and more companies are realizing that this type of intelligent security is critical in enabling them to stay one step ahead of attackers.”
SMBs Ignoring Cybersecurity When Adopting AI
From inventory management, data analytics, office assistance and more, AI can take on a massive role, even within the smallest businesses.
However, Zix-AppRiver’s Q4 2019 CyberThreat Index for Business Survey revealed that education around this technology is clearly necessary prior to widespread implementation among SMBs. The survey polled more than 1,000 cybersecurity decision makers within U.S. SMBs and covering a diverse range of industry sectors.
While 88% of the SMB leaders reported high levels of interest in adopting AI within their business, 70% of those interested leaders were not aware of potential cybersecurity risks that could accompany its use. The survey also revealed:
- Fifty-four percent of all SMBs interested in AI will move forward with adoption despite the known risks, as they believe the benefits outweigh the risks.
- Eighty-two percent of SMBs in the sensitive government sector were unaware of security risks associated with AI, but more than half of them still plan to adopt regardless.
- Thirty-two percent said they already are aware that AI carries potential cybersecurity risks, but will move forward with adoption as they believe the potential benefits and opportunities outweigh the risks.
- Including those who are currently unaware of AI security risk potentials but are eager for its adoption regardless, 62% of all who are interested will continue to consider AI adoption in spite of its potential risks.
- In each of 14 key verticals represented in the survey, IT decision makers who plan to pursue AI adoption in spite of its security risks outnumber those who would reconsider because of the risks.
Troy Gill, manager of security research at Zix-AppRiver, tells us there is potential for risk associated with just about any AI implementation. An AI system that is being relied upon for cybersecurity purposes also is not devoid of risk, he said.
“One example of this is something we have observed for nearly two decades now, poisoning Bayesian machine learning (ML) email classifiers and more recently with neural networks,” he said. “This is a risk presented by an adversary that, when successful, can significantly degrade the accuracy of a classifier, which in this case is providing a security control. In a system that is overreliant on this classification, it could lead to false negatives and misclassified threats. Manipulating the inputs of the training set in an ML system could have nearly endless possibilities as AI/ML is adopted for many different uses. In many cases these AI systems are given the role of decision maker, and in a situation like the one described above it can begin making incorrect decisions which, if not closely monitored, can go undetected for a long time.”
Also, the training sets and models themselves often can contain a large amount of private data that needs to be closely guarded as it potentially could provide an attacker with a trove of sensitive data, Gill said.
So what should SMBs be doing to protect themselves while implementing AI?
“Be careful not to give too much decision-making power to an AI system and create a single point of failure,” Gill said. “Ensure that proper oversight is in place to ensure the system is performing optimally. Guard data sets used by AI heavily to avoid unintended exposure of the large data sets.”