Alphabet, Google’s parent company, recently announced the launch of the Chronicle, an artificial intelligence-driven solution for the cybersecurity industry that promises “the power to fight cybercrime on a global scale.” The news may have come as a surprise to many—including some within Google itself.
Just last year, Google’s own Heather Adkins, director of information security and privacy, spoke at a conference and criticized the possibility of using AI in the cybersecurity industry. She argued that the implementation of AI relies too heavily on human-generated feedback and that companies should invest in more human talent and less technology.
To battle, the constantly growing and ever-changing scope of threats from hackers, AI, and machine learning are becoming vital innovations that can hold the key to combating cybercrime. Security experts are in need of solutions that can both adapt to and react to these threats in real-time, which requires faster detection rates than existing security technologies and analysts are able to provide.
Today, major organizations such as Alphabet are realizing the potential of implementing AI and machine learning into their cybersecurity efforts, while others remain hesitant in adopting these tools. Organizations that are resistant to change should consider the following three points.
Increasing manpower won’t solve the problem
A common belief is that increasing the size of cybersecurity teams will increase security and eliminate the room for error entirely. However, it is misinformed to assume that increasing the size of your staff will decrease the amount and severity of threats. Equifax, with a team of 225 security professionals, still suffered a major breach simply because one employee failed to deploy a patch.
Additionally, there isn’t enough cybersecurity talent in the workforce to go around. Large organizations such as Google can easily attract top-tier talent because of their stature and influence in the industry. However, smaller organizations are suffering from a shortage of infosec professionals in the market today—and this disparity will only continue to grow. In fact, it’s predicted that the global cybersecurity workforce will be short 1.8 million by 2022.
Traditional security solutions—and the humans who use them—will fail
Many organizations today rely on off-the-shelf technology to secure their networks, applications, and APIs—yet one size does not fit all. There is a never-ending list of scenarios that influence the type of cybersecurity solutions enterprises must deploy to ensure their safety. These factors include the size of the company, location, number of offices, industry— right down to each piece of software used. In order to stay ahead of the curve, automation is key. Automation plays a major role in eliminating human error—and as more threat actors employ automation in their attacks, it becomes imperative to utilize the same tools as a defense.
Artificial Intelligence is cybersecurity’s hope
AI and machine learning are vital facets of the future of information security, and organizations that remain hesitant and fail to quickly innovate and adopt these tools will find themselves at a disadvantage—becoming increasingly exposed to more advanced attacks. AI is potentially limitless and can be smarter and faster than any human, but there is a misconception that AI is meant to fully replace security personnel. AI is meant to be implemented as a “supplement” to human talent, to empower security teams with the speed and agility to mitigate threats more effectively.
When it comes to preventing zero-day or new and novel attacks, AI operates as an added layer to a traditional security control, flagging potential threats that have not been seen before. If a request to a web server being inspected by a traditional web application firewall (WAF) does not match an existing rule or signature, does that mean that the request is not malicious? No, it doesn’t. Requests can still be malicious, and they may not get flagged by a traditional WAF that solely relies on rules and signatures.
However, an AI-enabled WAF may view the incoming request as unusual since it may not have seen anything like it before, or the request may look similar to something that it knows is malicious. The AI-enabled WAF would then alert the human operator that there is an anomaly that should be checked.
The human then determines whether the request is indeed malicious and trains the AI-enabled WAF to block exact matches or anything similar to the request it flagged. In this case, the human operator and the AI-enabled WAF work together to identify new threats, and the more the AI-enabled WAF is trained, the better it gets. This is not necessarily about a prediction, but more about an observation that the AI-enabled WAF makes to get ahead emerging threats.
Machines are your friend, security pros
It’s clear that cybersecurity teams of the future will be much more than just humans installing patches and relying on outdated technologies. Not only will the solutions evolve, but teams will evolve and include security intelligence analysts who can accurately and effectively analyze specific anomalies that are flagged by AI-driven solutions.
As the number of vulnerabilities and cyber threats rises at an ever-accelerating pace, organizations will have only one choice: adapt, or fall victim to an onslaught of complex, sophisticated, multi-vector attacks.
Laurent Gil, Co-founder, Zenedge
Unfortunately, we live in a time when identity theft and fraud are running rampant. Almost every month we hear of major security breaches, with companies like Yahoo, Uber, Equifax, and Dropbox all compromised. When these types of breaches occur, millions of usernames and passwords are hacked, often resulting in identity theft and fraud.
So what can you do to protect yourself in 2018? What steps can you take to ensure that you don’t get hacked? We’re going to break down how what, and why of protecting yourself, touching on everything from your digital accounts to your bank account.
Our social lives have experienced a complete upheaval in the last decade. Social media and online networking are entwined with our everyday lives. These accounts can provide us with great ways to keep in touch with friends and family, especially if you’re separated by vast physical distances. However, social media also opens up major privacy concerns, since we often reach broader audiences than we intend to. Online identities can prove problematic as people apply to jobs, build relationships, or even try to avoid cyberstalkers. Here are 10 ways to crack down on your social media privacy settings and take control over what people see.
1. Protecting Your Tweets
If your account on Twitter is public, then each tweet can potentially reach an unlimited audience. The keywords and hashtags in your posts will be searchable by the public. If you don’t need to communicate with the public at large, then you might want to consider switching over to a protected Twitter account. Protected posts are only visible to followers that have your approval. This can be an ideal way to network with your close friends, family, and audience members. It gives you an intimate space to share updates with a select group of people. Also, protected Tweets won’t be indexed by search engines, so no one will be able to view your Twitter updates when they Google you.
2. Turning Off LinkedIn Activity Broadcasts
So maybe you’re looking for a job and you start following several companies on LinkedIn. The only problem is that these interactions are broadcast on your activity feed. This can alert your current employer that you’re searching for new work. Do your connections really need to know every time you make a change to your profile, follow companies, or write recommendations? If not, dig into your Activity Broadcasts setting and uncheck this feature.
3. Restricting LinkedIn Update Followers
LinkedIn allows users to post updates, much like the status updates on Facebook. Other people, including those outside of your network circles, have the option to subscribe to these updates without adding you as a connection. By clicking on the privacy setting, “Choose who can follow your updates,” you can restrict this audience to your connections, rather than the public at large.
4. Limiting Future and Past Facebook Posts
Think about the nature of your Facebook posts. Unless you’re trying to promote products or services to the public, then it’s a good idea to keep your personal posts private. Seemingly innocuous public posts can become risks in the future. For example, you might not believe that publicly posting about your vacation is a major concern. However, this information could be used by criminals hoping to target unattended homes. You can restrict the audience of your past and future Facebook posts by visiting the “Privacy Settings and Tools” section and changing the settings under “Who can see my stuff?”
5. Changing Facebook Friend Request Settings
Spammers and cybercriminals will sometimes target users with public Facebook profiles, attempting to phish information by sending out random messages and friend requests. You can reduce risks to your online identity by restricting friend requests to “Friends of Friends” in the “Who can contact me?” section of Facebook’s privacy settings.
6. Preventing Search Engines from Indexing Your Facebook
Do you want anyone to find your Facebook posts when they type your name into a search engine? How about prospective employers? You can quickly turn off search engine indexing by unchecking the “Let other search engines link to your timeline” box in Facebook’s privacy settings.
7. Preventing Facebook Email and Phone Lookup
If you want to prevent members of the public from looking up your Facebook account using your phone number or email address, then visit Facebook’s privacy settings, navigate to the “Who can look me up?” section, and change the drop-down menu option to “Friends” or “Friends of Friends.”
8. Not Referring to Other Social Media Accounts
Many social media platforms allow you to fill in a profile field linking over to your other social networking accounts. However, it can be a good idea to maintain a separation between accounts, especially if they involve different personal and professional identities. For example, you might not want LinkedIn audiences to find your Facebook account. Avoid connecting these accounts to increase the privacy and security of your digital identities.
9. Forcing Facebook Tag Reviews
Let’s say you enjoy a fun night out, drinking with friends at a bar. One of your friends wants to post and tag a particularly embarrassing photo of you shotgunning a beer. You can prevent some awkward conversations by requiring tag request approval before your name is linked to a post or photo. This prevents others from attaching your name to content without your consent. Change these settings by visiting Facebook’s “Timeline and Tagging” section.
10. Create Custom Facebook Restricted Groups
You can micromanage precisely which friends see your Facebook posts by creating custom groups. For example, you might not want to unfriend an ex, but you might want to block them from viewing the majority of your posts. Just click “Friends” on your Facebook sidebar and scroll down to the “Restricted” list. Add friends to this list, and they will only be able to see the posts that you mark as “Public.”
Now, do you feel like you have greater control over who sees your social media posts? Reducing the amount of public visibility can increase the overall security of your online identity.