Artificial intelligence and Cyber Security
AI will have – and is already having – a significant impact on cyber security.??
There are things that AI can do very well, very quickly, to defend against cyber threats, such as the analysis of huge amounts of data to spot trends, patterns or anomalies that humans might miss (or would take a long time to identify by sifting through the data). For example, your anti-malware program is probably already using AI to help spot potential attacks. So, AI can be used to automate some of the time-consuming, routine, security tasks for which it is well suited, leaving humans to do what they do best: thinking strategically and creatively about how best to secure their organisations.?
On the other hand, AI can be used to create more sophisticated attacks, which could be, for example:??
…or any number of more complex layered attacks. The number of AI-powered attacks is already increasing.?
What security should I consider when implementing AI??
If you are contemplating adding a form of AI to your business operations, you should conduct a risk assessment. Exactly what form this would take will depend on your objectives and on the nature of the AI you are planning to use, but here are a few things to think about.?
You should think about how to protect your input data from accidentally leaking into the public domain, and about protecting it from attack. That input data might include people’s personal data, and your own business sensitive information. Breach of this kind of information can result in fines, reputational damage, and damage to your business, depending on what is breached.?
An attack on your input data could be theft, or it could be data poisoning (deliberately corrupting the data, so that it no longer produces good quality results). Data loss (or corruption) could also be accidentally caused by one of your colleagues, of course. So you do need to secure your input data, cleaning it or anonymizing it where appropriate, to ensure your input data is high quality, trustworthy—and yours to use.?
领英推荐
Protecting the AI model itself, from theft, from attack, and from decay is also important. Like any software, it needs to be kept up to date, and, if you’ve created your own model, this model is part of your organisation’s intellectual property and will need protection.?
You should think about protecting the output data. If you’ve used your own input data, and/or your own model, the output data should also be protected. It may be possible for an attacker to reverse-engineer your model based on the output—and, of course, the model may have woven some sensitive internal data into the output.?
And the effect on the ecosystem that this implementation of AI is going into also deserves consideration. For example:??
Any time you decide to add a component to your system (IT system or business system), you are potentially increasing your attack surface; this is true whether that component is AI or not.?
It will be essential to consider the AI risks, and put in place AI governance and security controls, at the beginning of every implementation programme. There’s lots to consider, and successful, secure, implementation will need careful planning.?
If you want to learn more about AI and see it from a different prespective, sign up to our FREE Ay Up It's AI event as part of the Leeds Digital Festival where you can discover the times AI gets it spectacularly wrong.