Researchers at the University of Notre Dame are using artificial intelligence to develop an early warning system that will identify manipulated images, deepfake videos and disinformation online. The project is an effort to combat the rise of coordinated social media campaigns to incite violence, sew discord and threaten the integrity of democratic elections. Identify disinformation online: How does it work? The scalable, automated system uses content-based image retrieval and applies computer vision-based techniques to root … More →
More than half of enterprises are in the “mature” phase of AI adoption – defined by those currently using AI for analysis or in production – while about one third are evaluating AI, and 15% report not doing anything with AI, an O’Reilly survey reveals. These numbers demonstrate growth when compared with O’Reilly’s 2019 report, which found just 27% of organizations in the “mature” adoption phase and 54% in the evaluation phase. Organizations to institute … More →
Improved AI capabilities, accelerated business intelligence, and increased productivity and efficiency were the top expectations of organizations currently investing in cloud-based quantum computing technologies, according to IDC. Users are very optimistic Initial survey findings indicate that while cloud-based quantum computing is a young market, and allocated funds for quantum computing initiatives are limited (0-2% of IT budgets), end-users are optimistic that early investment will result in a competitive advantage. The manufacturing, financial services, and security … More →
While over half of organizations use artificial intelligence or machine learning in their security stack, nearly 60 percent are still more confident in cyberthreat findings verified by humans over AI, according to WhiteHat Security. The survey responses of 102 industry professionals at RSA Conference 2020 reflect the need for security organizations to incorporate both AI- and human-centric offerings, especially in the application security space. Three-quarters of respondents use an application security tool, and more than … More →
David Masson is confident that the use of sophisticated artificial intelligence by hackers is not a matter of if, but a matter of when.
The director of enterprise security for security firm Darktrace, who has been involved in cybersecurity since the Cold War, is adamant that the same algorithms that helped Darktrace develop intelligent defence capabilities that mimic the human immune system will be used by hackers to deliver massive blows to enterprises and public infrastructure.
“Now, we as a company use AI to protect organizations and networks. But what we have to consider is that the bad guys, the threat actors, they too, are going to start using artificial intelligence,” said Masson, who is also the company’s director of enterprise security. “And this has major implications for the cybersecurity industry right around the world and for all of us. But it’s once the threat actors start using AI…they’re going to be able to carry out very complicated and sophisticated attacks at machine speed, and human beings will not be able to counter them themselves. Human beings will need to use AI to fight AI now.”
It’s this thought process that has helped Darktrace elevate itself to new heights in Canada. The company entered the country in 2016, with an office in Toronto, and now has offices in Vancouver and Ottawa as well. It currently stands at an employee base of 30 in Canada, and a client base of 250, having attracted 110 clients in the last year alone.
The cybersecurity firm launched out of the University of Cambridge in 2013, and today has a second headquarters in San Francisco. It has a total of 40 offices and 1200 employees worldwide.
Masson’s extensive experience working for Public Safety Canada, the U.K. Ministry of Defence and Royal Auxiliary Air Force uniquely positioned him to lead Darktrace’s impressive growth in Canada, seeing the company sign two new customers per week. Having spent most of his career working in the national security both in the U.K. and in Canada, Masson describes himself as a risk manager.
“I’ve seen cyber go from analogue to digital…and cyberattacks have been going on for a long, long time, long before the internet ever came along, but the internet is going to make them so much easier. And basically, I spent most of my career being a risk manager. That’s one way to look at managing risk,” he said.
Now in the private sector, Masson manages cyber risk. And when it comes to risk, Masson said it’s important to remember that risk is made up of two issues. One is the cyber threat that individuals and organizations face, and the other is their vulnerability to that threat. In the government, he says, both vulnerability and the threat can be tackled. So, for instance, nations can arrest people and lock them up, take sanctions against those nations who carry out cyberattacks. But in the private sector, he says, that can’t be done. And what really needs to be done in the private sector is concentrate vulnerability to this threat.
“That’s basically what I do now with Darktrace. And with Darktrace we focus on our vulnerability to the threat. Using AI, we’re much better protected than we would otherwise be,” Masson explained.
Ransomware hasn’t reached its peak in Canada
Talking about cyber trends in Canada for 2020, Masson mentioned that the Canadian market hasn’t seen ransomware reach its peak yet. Ransomware has been an issue for many years, and it gets an awful lot of publicity. Curiously, over the last couple of years, he said the number of ransomware attacks has dropped, but their impact has become much more intense.
“The attacks are becoming increasingly sophisticated and will be turbo-charged by AI in the near future,” he said.
Added focus on protecting operational technology (OT) will be critical this year as well.
“The problem with OT networks is that they were never designed with security in mind, they used to be completely air-gapped and separated from the internet. But that is no longer the case. Because they’re now connected to the internet, they’re very, very vulnerable to cyberattack. And I think we’ll see more focus on that in this year,” Masson explained.
To improve stealth attacks, for example, hackers can use AI to create malware capable of mimicking trusted system components. Subsequently, as they blend with the security environment of an organization, they can execute undetectable attacks. For example, San Francisco-based online and mobile marketplace TaskRabbit – now owned by Ikea – was hacked in 2018, affecting 3.75 million contractors and app users, yet the attack could not be traced by investigators. More such sophisticated cyberattacks can be facilitated by AI, explained Masson.
“Sony Pictures was hacked a few years ago. To carry out that kind of attack, you need the resources, budget, and the manpower of a nation-state to do that kind of attack…very complicated, very sophisticated attack. But with AI, it will not be possible for anybody to carry one of those kinds of attacks. It will basically lower the barrier of entry to that kind of attack to criminal gangs and individuals will be able to buy the attack of the dark web and carry them out,” Masson explained. “And what you’ll actually see is highly sophisticated attacks, rather than just happening against one organization will be carried out against 10-20 organizations all at the same time.
As Canada’s former Minister of Public Safety, Stockwell Day says he can’t help but always have his antennas up.
For two years between 2006 and 2008, Day was responsible for the RCMP, CSIS, and the CBSA. He spent many hours with security officials during that time discussing security threats in Canada and abroad while using all the tools at the government’s disposal to protect people from danger.
“You’re always wondering how to continue to push the perimeter out further to protect people,” Day told IT World Canada. “Those situations never leave you.”
That’s why he became the head advisor for a Canadian company called First Responder Technologies, a startup from Vancouver that’s leveraging research from Rutgers University to develop a product that will be piloted in several countries, including Canada, starting in May.
The startup has discovered what Day calls a true difference-maker for law enforcement and the general public: WiFi. Sure, it’s often associated with connectivity, but Day says those wireless signals are the foundation for a new product that can detect guns and knives much more efficiently than traditional metal detectors. It’s a compelling product that can easily be set up in stadiums, concerts, virtually anywhere that is expected to draw a large crowd.
In most public places, wireless signals can penetrate bags to get the dimensions of dangerous metal objects and identify them, including weapons, aluminum cans, laptops, and batteries for bombs.
A 2018 study from the U.S.-based Rutgers University revealed that WiFi could accurately detect dangerous objects 99 per cent of the time; a figure that slips to 90 per cent when concealed objects are wrapped in material.
But despite the slight drop off, Day says he was confident this was the beginning of something significant.
“This particular technology checks all of the boxes: the ability to protect, the corresponding concerns about privacy, low cost, and relatively easy to set up,” he says.
Privacy by design is foundational to the product, explains Robert Delamar, chief executive officer and director for First Responders.
“WiFi allows us to detect the metal signature – and hopefully in time, the shape and size of an object – so we can detect the worst harms,” says Delamar. “But it’s not high resolution enough where we can see everything with 3D imaging. And that’s strangely the benefit by being only ‘good enough’ to detect the worst harms like knives and firearms. The technology isn’t so sensitive that it will detect a nail file. That was by design.
“The definition of what’s a minimum viable product for us is one that catches firearms and long knives only. Will it get better over time? Our roadmap says absolutely, we’re going to try.”
The product is expected to consist of a pair of posts with embedded WiFi antennas that create a virtual fence in between each other. They can detect dangerous metal objects, theoretically catching an individual with a weapon almost immediately once they enter the premises.
It also completed a major milestone earlier this month by demonstrating the prototype at the U.K. Home Office Show.
It’s also important to note, says Delamar, that the product doesn’t use the existing installed WiFi that’s connected to the internet. “It’s not a connectivity signal, it’s a detection signal,” he explains, noting the layers of encryption will make it tough for even sophisticated hackers to try and compromise the product.
“You’d have to hack the posts themselves,” he says.
When asked about how the pilots starting in May will look like, Delamar says it will involve one systems integrator, one local government, and one value-added-reseller.
Cybersecurity has been regarded as a necessity for all computer users, especially today when data breaches and malware attacks have become rampant.
However, one of the more overlooked aspects of cybersecurity is the prevention of other forms of cybercrime, such as the spread of harmful content and predatory behavior.
Most current discussions on cybersecurity revolve around organizations