Cyber Security: Protecting the intelligence

More often than not, when we think of the role of Artificial Intelligence (AI) in security, we consider how it will help augment existing services. Rarely will you think about how the algorithms powering AI should be protected. But if a bad actor gains access to the algorithms powering an AI system, they can have a profoundly negative impact.

It’s a growing concern that is gaining attention – the EU recently published a set of guidelines on how companies should develop ethical applications of AI – and one company that’s aware of the potential implications of not securing AI is Microsoft.

“There’s an increasing level of sensitivity and concern amongst regulators, governments, and large technology companies about the importance of having AI that’s secure, robust, fair and transparent,” said Ger Perdisatt, director of enterprise commercial customers at Microsoft.

“The EU guidelines that they issued [in April] around . . . how AI should operate was interesting because the level of alignment with the principles that we’d previously published on guidelines for ethical AI . . . is really, really close.”

One of those concerns shared by the EU and Microsoft is security. As more organisations start to bake AI into their tools and processes, both front and back end, it’s crucial that they are both resilient and secure. As part of its growing investment and dedication towards security, Microsoft recently announced Azure Sentinel, which incorporates AI into security analytics so organisations can detect and respond to threats faster, and the uptake to it from Irish businesses has been “extremely positive”.

That isn’t surprising, says Perdisatt, as one thing not properly recognised is the scale of targeting of Irish organisations and individuals by cyber threats internationally.

“The current scale of attempted cyber breaches in Ireland is twice the global average,” he said. “It’s one of the highest internationally and we’re seeing that recognised by customers, both from the board levels but also through their organisations, about the need for that.”

One part of the problem that Microsoft is helping combat is alert fatigue, where organisations are swamped with potential false positive security alerts and have to figure out which ones to pay attention to. Part of the reason this has become such a problem is down to how quickly the nature and complexity of threats are evolving. It means that there are more threats to detect for the user and greater demand on companies like Microsoft to detect them. Keeping ahead of these threats can be a constant battle but the type of threats they have to face are constantly changing.

“The reality is the nature of the interventions they need to make are changing an awful lot,” said Perdisatt. “We’ve gone from brute force and DDoS-type attacks to more sophisticated, whether it’s phishing, social hacking or man-in-the-middle attacks.”

The nature of the threats that are seen are evolving constantly, with attacks happening more frequently. On a monthly basis, Microsoft detects five billion cybersecurity threats on a billion devices. Perdisatt mentions that the company is seeing threats become more polymorphic, changing shape and becoming more fragmented. This can mean there are many unique strands of malware out there.

“Interestingly, only 1 per cent of the malware that we detect, wedetect on ten or more devices; 36 per cent of the malware that we detect, we only see it once. So increasingly, what we’re seeing is a complex picture in terms of the nature of the security threats, how they’re actually being deployed, where they’re coming from, what the underlying motivations are.”

As a solution to help combat this problem, Irish organisations are enthusiastic about AI playing a role, although the enthusiasm isn’t quite matched by the uptake.

While over 90 per cent of organisations are optimistic about AI’s mid-term prospects, a small subset – ranging at 4 per cent – is going ahead and baking AI into its core technology services.

It will take a significant amount of time before AI becomes the norm, which is why Microsoft is so focused on helping businesses make sense of it. For Perdisatt, three elements that pop up regularly with regards to this, the first being the demystification of AI.

“It has become a clichéd and hackneyed term, but I think organisations are struggling to get under the covers of that,” he said. “We spend a lot of time talking to different customers in different industries about what are good use cases for their particular industry.

“How can we use AI services to help automate a lot of the clunky, manual or heavy-lifting processes in the middle, and then at the back end, working through a lot of organisations data? What kind of machine learning models can we use to help them identify trends or insights from the data that is coming into their organisation an ongoing basis? When we talk to customers about [AI through] those particular lenses, it makes more sense [to them].”

The second area is the depth of skill that’s needed to get started. One thing Perdisatt notices is how organisations believe they need data science or computer science skills to use AI, whereas the reality is that many of its AI services are off-the-shelf products.

“The emphasis for the customer becomes less about building the underlying service itself, and far more on how you integrate this service with my existing technology,” he said. “Then how do you ensure that, which is equally important, you continue to train these services?

“If you’ve got a digital agent, it’s only as good as the training that your human agent gives it . . . it takes a bit of time for companies to get their heads around that fact. That it’s less about the actual building of the technology service and more about the training, monitoring and development of it.”

The third element and final element is how you ensure that these new technologies work with your existing technology estate, a key area of focus for Microsoft.

Since AI works best in a client-centric, data-heavy and algorithmically-driven world, says Perdisatt, being able to do it in a way that still works and complements traditional legacy and on-premise technology is a big focus.

“That’s one of the good things of Microsoft’s hybrid approach,” he said. “It allows us to bridge your existing on-premise technology estate into the cloud; we’re not forcing companies to make an all-or-nothing switch back to the cloud.”