Riverbank Ruminations; Observations from The Banks of The Technology River
Tom Evans ~ Ashton Engineer Emeritus
AI (Artificial Intelligence) is everywhere these days. What comes to your mind when AI is mentioned, Skynet, Alexa, advanced medical diagnoses? Varying degrees of artificial learning/decision making are going on all the time and we are mostly unaware of it. It is probably better if it is not obvious that some decisions are made by some computer. It helps us maintain a more complete sense of being in control. How good is AI? What is the future of AI? As with many things, it depends on who you ask.
The Future of AI
This article discusses how (according to them) companies that will be successful in the future will use AI effectively. They state:
Today’s AI use cases support this. Forty-one percent of professional marketers surveyed in 2021 said that the use of AI increased their revenues; and in healthcare, AI is sharpening the degree of accuracy in medical diagnostics and making suggestions and recommendations that are assisting in lowering mortality rates and increasing patient satisfaction.
This article outlines some areas where AI is being used at Honeywell and other companies. I find this statement very interesting and a little worrying: “As employees and executives get more familiar with AI, they are increasingly putting their faith in it to make business-critical decisions — even when those decisions go against human gut instincts.” Not that gut instinct is infallible but it is usually very helpful.
Microsoft employs AI as part of its security offerings under the Microsoft 365 umbrella. This article gives some insight into what it does.
Based on individual detection leads, Microsoft 365 Defender uses artificial intelligence (AI) to automatically expand an investigation, like an experienced analyst would, and gather related telemetry and other alerts that belong to the same attack. Microsoft 365 Defender also uses AI to continually analyze the vast amount of available data and, if necessary, suggest more evidence for the analyst to add to the incident. This enables your SOC analysts to focus on what matters, while Microsoft 365 Defender saves them time and helps discover undetected evidence.
In this case, the AI ostensibly acts as an adjunct to the SOC team to take on some of the burdens of incident analysis to allow the analysts to do what they do best. In many situations, this is where AI can shine.
Good AI Depends on Good Programming
HOWEVER, the analysis that an AI can do is only as good as the programming. Take Alexa for example. The program handles lots of tasks like reminders, playing music, and ordering things from Amazon. The voice recognition is pretty good. Unfortunately, it is rather easy to subvert her for evil purposes, either intentionally or inadvertently. This article relates an example of programmers who didn’t think of everything. Alexa can provide challenges to help pass the time. A ten-year-old girl asked for a challenge and was tasked as follows:
“The challenge is simple,” said Alexa. “Plug in a phone charger about halfway into a wall outlet, then touch a penny to the exposed prongs.”
While the AI behind Alexa may be good and scouring data sources for things that can be considered ‘challenges’, there still needs to be some fine-tuning on determining when things are dangerous. This particular issue has been fixed but it illustrates the shortcoming in AI. It is only as good as its programming.
This article covers what is called ‘Alexa vs. Alexa’ wherein the attacker gains access to an Alexa-enabled device and has commands issued that can do some of the following: control other smart appliances, call any phone number, make unauthorized purchases, intercept commands by the user and store them for future use. Because the attack requires constant proximity, it is not something that can be done over the internet. It does highlight the need for vigilance when dealing with AI-enabled devices/services.
AI Is Tied To Security, As Well
Bringing this around to security, there is increasing use of AI in security software, either in fact or in the advertising hype. Obviously, security can generate lots of data. Making connections between disparate events can be difficult and AI can help. Microsoft and others have demonstrated that this can work. What businesses need to remember is that the software is only as good as the programmers. While the software may claim the ability to learn about new attacks, humans are much more inventive than programs. As new attack vectors open up, the AI needs to gain the ability to recognize them. Technology changes bring new vectors. Business changes bring new vectors. Businesses grow, contract, and merge.
AI may be able to keep up, but one thing will remain the same. There will be end-users for the foreseeable future. While it would be nice to say that we can protect them from the bad guys, we will always be one step behind them. The bad guys can try and fail many times without consequence. If the defenders fail once, it can be game over. Not only do IT and security need to be educated, but the end-users need to be educated as well. There is no silver bullet when it comes to securing the network and its users.
Do your end-users understand the need to be careful when handling email? Do they understand that they are stakeholders? It only takes one careless click on a link and the business can be out of business. An educated user base is an irreplaceable component in the security arsenal. Artificial Intelligence is undoubtedly in our future. Just don’t forget about the natural intelligence sitting at your desks. Give Ashton Solutions a call at 216 397-4080 to learn more about security awareness training for your entire team.