(2) Artificial intelligence will fuel crime
Eventually, AI problem-solving software will allow attackers to automatically find more security holes in the systems and applications we all use and rely on, on a daily basis.
We should be ready for a flurry of new updates to our existing technologies as holes and abuses are discovered.
Businesses will need mechanisms for detecting unusual activity within their digital enterprise as these new cyber security attacks will defeat defences looking for “known” attack behaviours.
This will be particularly painful when it impacts businesses that can’t modernise very quickly.
In the nearer term, we should expect huge improvements in criminal “spear-phishing” targeted emails. Imagine your laptop has malicious software running on it, which can read and, crucially, understand all your emails, messages, chats, contacts and calendar.
It can then contact your friends, co-workers, customers and suppliers in a way that is contextually relevant, and in a manner that sounds like you.
Perhaps you have a diary appointment with a client; the malware can send a map to that client with the location of where you have planned to meet and include a malicious copy of itself.
Or maybe you are editing a document back-and-forth with a co-worker; the malware can include itself in the document and send it back to your co-worker with accompanying text that is in line with how you normally converse.
This is a security nightmare, as the malicious emails will be unique and coming from your real accounts, devices and servers. I have no doubt this will explode across supply chains at some point, and if you want to get to a hard target, for example, into part of a global bank or to a celebrity, this might be the best way of doing it.
In addition to criminals being able to monitor our digital communications like emails, they will become better able to survey us in homes and workplaces through “ambient” monitoring.
We are reaching a point where smartphone cameras and software can recognise written text in milliseconds. Imagine malicious software that can “see” all the documents, whiteboards, computer screens as you walk around with your smartphone normally; and further, it is trained to recognise the types of information that the criminal wants to receive e.g. passwords, sensitive commercial information, designs etc.
The same will become true of audio. So we will be in a position where, not only can our devices be “seeing” and “recording”, but they can intelligently process this information to find what is interesting and then quietly smuggle out the important parts, in a way that reduces the chances of getting caught.
(3) Machine learning will empower defenders
As the cyber arms race continues, we are likely to see virtual battles between machines. However, I believe that the benefits of machine learning favour defenders more than attackers in the long run.
Fundamentally, the hard thing about being a defender is dealing with the complexity of all your unique people and their unique ways of working with increasing amounts of technology.
As machine learning assists us in understanding all of these people and behaviours in a really detailed and complex way, it will become very hard for cyber security attacks to slip in unnoticed.
Additionally, we are moving into an era where defences will be able to make smart decisions without human intervention based on a detailed contextual understanding of everything happening in the business, both now and historically.
So although the criminals will benefit from new business models and despite inevitable bumps along the way, the defender community is well-positioned to make the most of these technological advances – and they shouldn’t delay.
Dave Palmer is director of technology at Darktrace
Share this story