Back in 1988, Cornell graduate Robert Tappan Morris accidentally unleashed the Internet’s first worm virus. Morris didn’t know it then, but his programming experiment would go on to infect thousands of computers and establish the foundations of the modern cyber threat landscape.
More than three decades later, cyber threats are no longer a human-scale problem. A joint report by Europol and Trend Micro, ‘Malicious Uses and Abuses of Artificial Intelligence’, warns that cybercriminals will leverage AI both as an attack vector and surface.
The study points to malicious activity AI could be used to support including convincing social engineering attacks at scale, ransomware attacks through intelligent targeting and evasion of image recognition and voice biometrics.
As these threats grow ever more complex and precise, it is not enough for organisations to employ a defensive method of cybersecurity. Instead, they must identify potential vulnerabilities and take action before criminals have the chance to strike.
“You can never be too proactive,” says BlackBerry vice President of solutions for EMEA, Roger Sels. “Otherwise, it leads to a situation where you’re continuously playing a game of whack-a-mole to handle and manage your risks – at some point you’re going to fall short.”
An evolving threat landscape
In a recent study by Forrester, ‘The Emergence of Offensive AI’, 88% of surveyed cybersecurity professionals believed offensive AI is inevitable, while 77% expected weaponised AI to lead to an increase in the scale and speed of cyberattacks. What’s more, two-thirds of those surveyed expected AI to be used to conduct attacks that no human could conceive of.
The 2020 “Artificial Intelligence and UK National Security” report commissioned by the UK Government outlined the need for the UK to integrate AI into its cyber defence strategy to “proactively detect and mitigate threats”.
The accelerated shift to remote working over the last year has brought the issue into sharp focus. When vast workforces are sent home practically overnight, processes that require manual intervention – like patching – fall behind creating a golden opportunity for malicious actors.
“We’ve seen more adversaries probe environments of interest for vulnerabilities so they can exploit them and gain access,” explains Sels. “They’re highly organised and have been using a lot more automation to do so.”
Proactive vs reactive security
As the nature and scale of threats intensify, Sels notes that reactive technologies are no longer fit for purpose. “Ultimately they introduce risk,” he says. “When you look at ransomware, it starts to encrypt the system across the network in a span of five to 15 seconds. So you need a proactive and predictive capability – otherwise it will be too late.”
BlackBerry EMEA senior sales engineer, Elliot Gidley, adds: “Endpoint detection and response has many benefits, but it is not a silver bullet and still leaves you exposed as you cannot set every possible attack scenario to ‘terminate’ as you will kill genuine user behaviour and applications.”
By embracing new technological capabilities like machine learning, Sels believes businesses can operate with increased agility and efficiency. “You’re able to unburden the teams and make their jobs even more interesting because they don’t have to, for instance, wrangle huge quantities of data,” he explains. “Especially for junior employees who are typically plagued with these mundane tasks, it creates a much better work environment.”
For those niche areas where specialist knowledge is required – like threat hunting – AI can be useful for making sense of the data and diminishing the level of skill needed.
As for the role of the CISO, Sels believes it is time for a shake-up. Instead of focusing on “battling with ongoing fires”, he argues they should embrace a more proactive approach to cybersecurity, focus on strategic priorities and become more external facing. Organisations that set up a culture of risk management and build security in right from the start stand to reap the rewards.
“As a CISO you can never sit back and think ‘job done’,” says Gidley. “Security and your policies, procedure and technology need to constantly adapt to help reduce risk.”
BlackBerry places this prevent-first security approach – as opposed to detect and respond – at the heart of its cyber offerings. The company has undergone a major transformation from being synonymous with the executive’s handheld device of choice, to becoming a software-based cybersecurity specialist. In 2019, following the acquisition of AI security company Cylance, BlackBerry CEO John Chen commented that it represented “a giant step forward towards our goal of being the world’s largest and most trusted AI cybersecurity company”.
That same year, the tech giant launched BlackBerry Labs – a business unit operating at the forefront of R&D in the cybersecurity space with a team of more than 120 software developers, architects and security experts. Then, in October 2020, it announced BlackBerry® Cyber Suite – an industry first in AI-powered unified endpoint security. The company is currently using its seventh-generation machine learning maths model, the detection capabilities of which are improved with each update to adapt to constantly evolving threats.
Sels has watched the cybersecurity landscape evolve from focusing primarily on endpoint protection, to threats that can infiltrate different domains. As a result, he says, the use of behavioural baselining through AI is becoming more relevant. Bespoke machine learning models allow users to tailor security measures to their specific needs.
He is particularly excited about BlackBerry’s recent release of continuous authentication technology which uses behaviour analysis to recognise software use patterns.
“The nifty thing is when it gets deployed it actually creates a bespoke personal machine learning model per device, per user,” he explains. “So, every time the user is on a different device, there’s a learning curve and then a baseline is established to determine whether it is normal or abnormal behaviour.” This helps reduce insider threats as well as some cases of external malicious activity which were difficult to detect previously.
Despite the rapidly evolving threat landscape, Sels is remarkably upbeat. “I’m actually feeling more optimistic now that a number of vendors within the technology space have realised there’s got to be a better approach than point to point solutions,” he says. “We’ve come back with consolidated platforms that allow teams to gain back time, become more efficient, and to be in a better position in this cyber warfare fight than they’ve ever been before.”
AI is a double-edged sword. If harnessed properly it enables businesses to respond to security breaches with the agility and speed of the attackers themselves. It is only by ensuring AI is given a central role in a proactive security strategy that companies can anticipate evolving attack methods and stay one step ahead of the threats.