The adoption of Artificial Intelligence (AI) and the Internet of Things (IoT) technologies can serve up fresh security concerns. So how do businesses keep safe?
The benefits of emerging technologies to propel the digital transformation of organisations are widely accepted by many firms. However, as corporates venture into new technological avenues, fresh security threats emerge just as readily.
Taking just two of the most prominent emerging technologies today – AI and IoT –businesses face complex challenges in staying secure as they adopt devices and applications in these areas.
So as these emerging technologies grow in popularity, are we just creating more doors for malicious attackers to enter through?
The new threat landscape
Malicious attackers trade in the originality of their means to breach systems and target technology. What emerging technologies provide is a new platform for such attacks.
The platform is vast too. Gartner found that enterprise use of AI grew 270% over the past four years. As for IoT, IHS expects there will be over 75 million IoT connected devices installed by 2025.
So what could these new threats look like?
When it comes to AI, new threats include control of the superintelligence of AI falling into the hands of a malicious user. Part of AI’s appeal is that systems progressively learn how to act, creating increasingly more potent technology. However, this also creates the prospect that our most powerful technology will fall into the wrong hands.
The Malicious Use of Artificial Intelligence report found that as AI capabilities became more powerful and widespread, it will change the threat landscape in three ways:
- The expansion of existing threats, with the cost of attacks, lowered by malicious users utilising AI to create traditional threats at a greater pace.
- Introduction of new threats, such as using AI to complete attacks that would otherwise be impractical for humans.
- Change to the typical character of threats, with attacks becoming more effective, finely targeted and difficult to attribute.
As for IoT devices, they usually have the same computing functionality as a modern tablet, meaning they can be hijacked in a similar fashion. For example, this can result in an IoT device being used as an email server sending spam emails or conscripted into botnets and used in distributed denial-of-service (DDoS) attacks. In 2016, even connected baby monitors were hijacked and used in DDoS attacks.
There is also the threat of privacy leaks, with unsecured IoT devices leaking the internet protocol (IP) address which can be used to pinpoint the residential location. As IoT bridges the virtual and physical worlds, this could result in home intrusions and office robberies with a compromised IoT device providing vital location information.
Other IoT related security threats include remote recording through devices; ransomware demanding bitcoin fines must be paid; or data theft where sensitive information such as customer billing information is obtained.
Getting a view of the ‘blind spots’
One of the major issues of staying secure as emerging technology is adopted is that existing networks are focused on a narrower set of devices that have been easily identified using basic discovery and profiling techniques.
When AI applications and IoT devices are added to this traditional ecosystem, it creates “blind spots” in the company’s security monitoring. It can be difficult for an existing networking visibility toolset to identify fresh threats.
A full-spectrum approach is needed on security visibility for the successful adoption of emerging technology. There is a partial irony that part of the solution to the problem of new security threats from AI is using AI itself to build better security solutions.
Aruba ClearPass is a virtual appliance that provides automation detection and categorisation of endpoint for security needs. Users get agentless visibility and role-based access control for security enforcement and response across wired and wireless networks. It does this in three steps:
- Identify the devices being used and where they are connected.
- Enforce accurate policies that provide proper user and device access.
- Protect resources with policy controls and real-time threat remediation.
The clear road ahead
Emerging technologies are producing a new threat landscape that businesses must grapple with to ensure they get fresh benefits without producing new security threats. The key notion is ‘visibility’ of the technology in a business’ technology ecosystem to ensure that threats can be detected and managed in real-time. There are security roadblocks to the success of emerging technologies adoption that can only be cleared with the right security capabilities in place.