Genetic engineering and biotech firms are gearing up in earnest for the newest threat to corporate security: viruses, malware, and similar cybersecurity attacks turbo-charged with artificial intelligence (AI).
The reason: Just as AI is remaking every other part of the digital world with applications that can think for themselves and grow smarter over time, this wonder technology is also being hijacked by hackers to imbue already dangerous cyberthreats with machine intelligence and creativity.
The growing threat is especially sensitive for genetic engineering and biotech firms, given that many companies in the industry are directly involved with the health of their patients. “We take anything that could compromise our promise to our patients very seriously,” says Edward Ferrara, executive director, enterprise business technology security, CSL Behring. “Whether a company is a direct target for cyberattack or sustains collateral damage, the affects can be significant and long-lasting.”
Emily Donlon, director, information technology, Casebia Therapeutics adds: “The current landscape is very risky and most organizations are under near constant attack. In my experience, the most effective attacks are extremely personalized and involve knowing details about the target audience, and using these details to pose as known contacts or service providers.”
Add AI, Donlon says, and the spectrum of companies at risk broadens—while the risks get more personal.
Not surprisingly, a significant percentage of the IT security community is equally alarmed. In a recent survey released by Ponemon Institute in September 2018, 25% of security and IT pros said they are already using AI in some way to protect their networks. And another 26% said they planned on deploying AI-driven security in the next 12 months.
“Despite massive investments in cybersecurity programs, our research found most businesses are still unable to stop advanced, targeted attacks,” says Larry Ponemon, chairman, Ponemon Institute.
“The situation has become a ‘perfect storm,’ with nearly half of respondents saying it’s very difficult to protect complex and dynamically changing attack surfaces, especially given the current lack of security staff with the necessary skills and expertise to battle today’s persistent, sophisticated, highly trained, and well-financed attackers,” Ponemon says.
“Against this backdrop, AI-based security tools, which can automate tasks and free up IT personnel to manage other aspects of a security program, were viewed as critical for helping businesses keep up with increasing threat levels,” he says.
Vulnerabilities to attack
Concerns in the Ponemon study were echoed by The Malicious AI Report, a study authored by a number of experts from the Center for New American Security, the Electronic Frontier Association, and similar organizations.
Essentially, the report concludes that AI in the hands of “black hat” hackers will make cyberattacks on companies and organizations easier this year and beyond, and will broaden the type and number of possible hacks a business can suffer.
“The whole point of AI is that it can learn on its own instead of being fed direction from an administrator,” says Tyler Kee, cloud solutions architect, Planet One. In practice, that means hacker-driven AI that can continually “respond in real time to a changing security landscape,” Kee adds.
Of special concern regarding dark AI: The possibility that the black hat operatives may use the advanced tech to infiltrate the facial recognition systems embedded in the computer networks of countless companies and organizations.
Meanwhile, the Malicious AI Report’s laundry list for anticipated attacks goes on: Otherwise legitimate companies may stoop to using AI-driven hacking to poison the databases of competitors or destroy their supporting database architecture.
Plus, the entire IoT—so rosily celebrated during the past few years—is mostly child’s play for AI-driven attacks, according to the report. Many if not most of the devices that comprise the IoT are ridiculously unprotected, sporting easy-to-guess passwords, which are often issued en masse with the same exact characters by manufacturers and never changed by IoT users.
“Most of these devices are manufactured at low cost and lack elaborate security features,” says Pieter Veenstra, a senior manager specializing in security and routing at NetNumber, an IT firm that provides systems and security for a wide array of industries. The result, Veenstra says, is “we already have seen severe network outages with botnet attacks where hackers used malware to compromise massive volumes of devices.”
Also, at special risk are small and medium sized genetic engineering and biotech businesses. Big corporations with deep pockets have upped their game considerably during the past few years when it comes to cybersecurity, so hackers have added small and medium sized businesses to their hit lists, given that cyberdefenses at smaller companies are often easily compromised.
The easier-to-penetrate networks of these small and medium sized businesses are also tempting to hackers because they can serve as a “back door” into the computer networks of the larger vendors and suppliers associated with those smaller businesses.
The good news is that some of the “good guys” are using AI in the security arena as well. Many of these AI tools are able to look for suspicious activity on a computer network, analyze that activity often in milliseconds, and neutralize its cause—usually originating from a rogue file or program—before it can do any damage.
This approach differs from traditional IT security, which has been focused more on identifying specific files and programs known to bear threats—rather than studying how those files and programs behave.
“We use AI and machine learning capabilities to improve our ability to detect and predict threats, and to find clusters of similar events that signify a possible attack on our network,” says Gary Symes, vice president of security for the Americas, BT—an IT company that offers services and security for a wide array of industries. “This gives us a vital headstart in responding to threats, and automating certain processes frees up our security team to prioritize issues which require human investigation.”
Probably one of the greatest advantages of the new AI-driven security tools is that they are designed to learn from experience and get better and faster over time.
Also encouraging is that the tools—if simultaneously used with numerous companies who happen to share the same IT cloud, for example—can often instantly transmit the knowledge of a new threat across the entire cloud, ensuring that if one company is hit first, other companies sharing the same cloud can be instantly protected from the same experience.
Even more of a plus: Cybersecurity pros say the threat of AI-driven viruses, malware, and similarly dark IT tools from hackers is still limited at the moment, given that the expertise and learning curve need to create and deploy AI security threats is steep.
On the downside, AI cybersecurity tools are still so new, the tech has acquired a reputation in many instances for triggering too many false-positive alerts. Too often, behavior that AI identifies as suspicious sometimes turns out to be benign. And files AI sometimes identifies as threatening sometimes turn out to be innocuous.
Even so, spending some time to at least get acquainted with the latest in AI-driven cybersecurity is considered mandatory by many cybersecurity experts, given that many of the black hats of the world have already embraced AI tools for their own nefarious purposes and have no intention of looking back.
A defensive arsenal
While your genetic engineering or biotech firm may not be able to afford AI-driven cybersecurity at the moment, prices for all things tech tend to have a way of plummeting rapidly. AI cybersecurity that may seem out-of-reach this year may look like a bargain next year.
But there are already several AI-driven cybersecurity tools currently available. A representative sample includes:
Symantec’s Targeted attack analytics (TAA) tool: TAA uses AI to study the characteristics of new viruses, malware, and other cybersecurity threats as they emerge in the databases Symantec protects for numerous clients. One of the primary advantages of this approach is that a virus that crops up at one business can subsequently be caught before it deploys at the next business Symantec protects.
“With TAA, we’re taking the intelligence generated from our leading research teams and uniting it with the power of advanced machine learning to help customers automatically identify these dangerous threats and take action,” says Eric Chein, technical director, Symantec Security. TAA is available for Symantec Advanced Threat Protection (ATP) customers.
Sophos Intercept X tool: Intercept X uses AI behavioral analytics to continually study the behavior of how malware, viruses, and other cybersecurity threats execute. The premise behind the protection is that Intercept X focuses on suspicious behaviors in your computer network, rather than what a file may look like.
According to Sophos, Intercept X is able to analyze a file in millions of ways and supposedly determine if the file is malicious in as little as 20 milliseconds. And given that Intercept X is equipped with AI, it continually gets better at recognizing malicious threats and dealing with malicious threats over time.
IBM QRadar Advisor: QRadar relies on IBM’s famous Watson technology—the computer that became a champion on the television game show Jeopardy! in 2011—to investigate potential threats posed by suspicious computer files and neutralize those that could compromise a computer network.
Besides studying rogue files, QRadar also studies how a suspicious file may be associated with suspect IP addresses, questionable Web sites, and the like to offer your company a holistic view of potential IT threats you may be facing.
Vectra’s Cognito: Like its competitors, Cognito continually gets better over time at detecting and eliminating cybersecurity threats using machine learning, data science, and behavioral analytics.
Having Cognito onboard will enable your company to either block a cybersecurity threat outright, or identify execution of a rogue application very early on to ensure it will not damage the core of your IT’s operation.
Darktrace Antigena: Like other AI-driven security tools, Darktrace continually studies your computer network for suspicious activity and automatically neutralizes threats sans human intervention. Core to its function is its ability to block threats without disrupting everyday business processes.
Says Paul Skroch, vice president, data science and platform engineering, Benson Hill Systems, “The Internet has become essential to every part of our personal lives, as well as critical for doing business in today’s global economy. There is no way to survive as a business and be disconnected.”
So, secure we must.
Joe Dysart ([email protected]) is an Internet speaker and business consultant based in Manhattan. Web: www.joedysart.com.