This is part 4 of “101 Ways AI Can Go Wrong” - a series exploring the interaction of AI and human endeavor through the lens of the Crossfactors framework.
View all posts in this series or explore the Crossfactors Framework
This is a very high-level topic and I shouldn’t need to convince anyone of its importance. The growing availability of AI, to both the enterprise and bad actors, only amplifies these concerns.
Cybersecurity refers to the technologies and processes in place to protect computer systems, networks and data from digital attacks or other nefarious intrusion. Well-known threats include phishing, malware and ransomware. Lesser-known threats include crypto-jacking, credential stuffing and trojan software libraries.
Why It Matters
A report from IBM found that the average cyberattack costs nearly $5M. The losses to an organization are multi-dimensional and include financial losses, reputational damage and legal consequences. Every service and device given or sold to users also becomes an attack surface where they may become vulnerable to fraud or identity theft for many years.
Real-World Example
It is an unfortunate truth that examples abound and the Common Vulnerabilities and Exposure (CVE) system and other industry resources update and tabulate the latest vulnerabilities at a rate of several per hour! Browsing the latest such listings, we find that LSC PTZ dualband cameras, typically used for home monitoring and security, are vulnerable to malicious payload injection via the Wi-Fi password field or QR code. The severity of this vulnerability is listed as high, since it allows remote execution of arbitrary code on the device by the attacker.
Key Dimensions
Sophistication - Cyberattackers are extremely creative and knowledgeable, operating at the bleeding edge of technology. The state of affairs is widely recognized as a game of cat and mouse.
Expansion of the attack surface - Every new technology and function serves to expand the attack service available to cyberattackers. This includes every aspect of AI, including data sharing and ingestion.
Red-teaming and bounty programs - In the spirit of getting ahead of attackers, red teaming is used to discover vulnerabilities before they are leveraged by bad actors. Many organizations also offer bug bounties to white-hat hackers, often working independently, as a means to incentivize the discovery and disclosure of vulnerabilities.
Take-away
When it comes to cybersecurity, the task is all-encompassing, never-ending, and deeply intertwined with human behaviour and tendencies. When you bring an AI tool into your organization or integrate an AI function into your product, how are you addressing the potential vulnerabilities being introduced?