Infosec 2017: AI And Machine Learning Could Stop Social Engineering Cyber Attacks
OPINION: Clever software and systems may be the key in preventing the rise of ransomware and cyber scams
Cyber attacks crop up and evolve at a heady pace, prompting the maxim ‘it is not a case of if you are attacked but when’.
At InfoSecurity Europe 2017 in London’s grand old Olympia centre, this rang true from the people I interviewed at Silicon‘s stand.
However, the trends for cyber attacks appear to be similar to those of last year; ransomware is on the rise propagated by botnets formed from hacked Internet of Things (IoT) devices and other connected devices, and attacks against mobile software, notably Android, continue to rise.
So anyone expecting to hear about new and innovative cyber attacks will be mildly disappointed; the threat landscape is not so much changing as it is evolving, with cyber criminals and hobby hackers putting tried and tested malware to use only with a few fresh tweaks and different targets.
As such, there’s nothing inherently to be alarmed if the latest cyber security software and services are put into place.
Social engineering
The worrying trend I did pick up upon is the rise of social engineering, where by people are tricked into clicking on malicious links, downloading files, and inserting infected USB sticks.
While many tech-savvy people such you, our dear readers, are au fait with the means by which cyber criminals exploit social engineering, there are still plenty of situations where by a supposed tax rebate or iTunes payment spoof email might cause people to click on malicious links.
While the likes of WannaCry may go after big businesses, social engineering can scam some of the more vulnerable people in society.
My parents, both of whom are professorial level academics, have been caught out by social engineering, People in more desperate situations where the promise of a payout from the HMRC or a pending PayPal transaction could mean the difference between struggling to meet bill payments and being able to clear their debts, could be more susceptible to such scams. It’s a rather depressing thought.
And such attacks can also effect businesses as a office worker may have a quick browse of personal email and end up accidentally downloading malware onto their machine which then worms its way across the company’s network.
In short, social engineering appears to be of of the more prevalent attack vectors for cyber criminals to get their malware past the firewalls and security systems of anyone from individuals to giant corporates.
Rise of the machine learning
There’s no silver bullet for cyber security, but one thing I did pick up upon from this year’s InfoSec is that more security firms are embracing machine learning to aid in the fight against cyber attacks.
Some are using basic machine leaning models such as decision tree learning while others are pushing down the route of artificial intelligence (AI) with the use of deep learning algorithms to enable their security software and threat intelligence to identify the element of a cyber threat before it actually becomes a problem.
And applying such smart tech to combating social engineering is also on the agenda. Security firms want to have systems in place that can sniff out a phishing attack and put plenty of warnings in place to really ensure that a person knows the risk they are taking when clicking on an email link or plugging in a USB from the seemingly random Happy Cat Company.
Furthermore, the use of machine learning could make the work of security researchers and analysts more effective by taking care of the tedious and time consuming process of sifting through masses of data for anomalies and allowing for human cyber security specialists to tackle emergent threats, create software to stamp out recycled malware, and find ways to prevent the onslaught of social engineering.
Some may worry that machine learning and AI will steal jobs from human counterparts, but in a tech world constantly challenged to keep up with the hackers, smart systems may just be the way for cyber security firms to pull into the lead.
Quiz: Put your knowledge of artificial intelligence to the test!