It’s almost science-fiction in its scope. When we attended the recent Gartner Summit in the UK, we heard something that gave us pause – and made us more than a bit uncomfortable. It’s not that none of us had ever thought of it before, it’s just that maybe we hoped we wouldn’t hear the thought outside our own heads – so soon.
As Gartner ran down their annual list of technology predictions of the coming years, they noted a chilling fact. Whereas Stuxnet was the first time we really saw cyberattacks crawl into the physical realm and shut down actual objects – a nuclear centrifuge – we are now seeing the time when they may take over technology with the aim of harming humans.
We knew it would happen eventually, yet most of us who came up in the dot-com era of the 90’s wanted not to look it in the face. At heart, perhaps we’re all still optimists. The facts of this dark age are just a little too, well, dark for us. But they need to be confronted nonetheless, and in a more visceral way than we had ever felt before, we knew we had been prepared for this.
Not to don a red cape and fly around tooting our own horn or anything, but this stuff is real. Think about this. AI can drive cars (and is prototyping right now around Miami). You hack into that network and you’re stealing more than a car, you’re jeopardizing a life. All from your basement PC. Not a murderer? That line is about to become a lot more fuzzy.
They say it’s hard to pull the trigger when you’re standing face-to-face, that disassociation allows us to do things we never would otherwise. You won’t confront your boss, but you’ll send him a passive-aggressive email. You don’t have the nerve so you send them a break-up text. You can remotely bomb enemy territory, or a hospital, or a school, and never hear them scream. We’ve come a long way from fighting with swords.
Knowing this part of human psychology, what is next for hackers who – with the click of the same button – can both steal a password or execute a malicious executable that will shut down the control systems of a passenger jet? That can, from the confines of their laptop, wind their way into a hospital network and shut down the respirators? Or the oncology unit? And when you can just flick the screen off and walk away, will endangering – even terminating – human lives be that much easier?
The answer to this question is as thick as the ethics that surround AI in general, as it slowly comes to imbed itself into more and more of human life. It’s like the early controversy around the internet – good or bad? Depends on what you use it for.
And therein lies our point. We’re needed; cybersecurity practitioners and vendors and the angel investors who fund them. We’re needed; SOCs and researchers and awareness-training experts. Long story short, it’s getting frighteningly “more real” and if ever we had a game, we need to step it up now.
Not using AI in your company yet? Give it a few years and you will be. Not involved in flying cars or medical devices or the water supply in your hometown? How ready is a grocery store to supply food when their POS systems are hacked, or a pharmacy to dole out insulin, or Colonial Pipeline to supply gas? It might be too soon, but the consequences are apparent, and they’re creeping up on us.
So the lesson here is to stay safe. Get the best cybersecurity tools on the job that can scan for threats (the ones you can map to on MITRE and the ones you need predictive analytics to catch), watch for threats at the DNS layer so you can catch them before they’re in deep, and secure the remote workforce that could be targeted for their “weakest link” status.
Hackers don’t always break through where you expect them to, and all doors need to be watched. Like the cloud door, or the email door, or the front door. It could be as easy as a datasheet in the hands of an unintended recipient, so MFT is not too simple of a solution. Neither is security awareness or anti-phishing training. After all, 88% of data breaches result from human error, and 95% of cyber breaches in general. Finding and implementing the right solutions now can ensure we’re not part of the problem later.
Cloud Mailbox Defense
Cloud Mailbox Defense is fully integrated into Office 365 for complete visibility into inbound, outbound, and internal messages. It addresses gaps in Office 365 email security by detecting and blocking advanced email threats with superior threat intelligence.
Cisco Umbrella’s phishing category leverages indicators derived from multiple sources, and when phishing is detected, Cisco Umbrella will block at the IP and domain level as well as analyze risky domains in the Intelligent Proxy. Minimize the risk with Cisco Umbrella and Cisco Email Security, stopping an attack before it happens.