The above picture from a major train station display in Europe is
surreal (especially for IT Managers). It shows the extent of IT system
vulnerability as reflected by the recent Wannacry debacle. Given the
targeting of crucial areas like health, travel and banking, the stakes
have now been raised significantly in terms of IT system breach consequences.
The situation needs to be quickly addressed as the whole of technological
progress is effectively under threat. Conventional security approaches
(like signature based databases) have now been proven insufficient as the
overall advance of technology has accordingly outpaced the advance of IT
security systems.
Virus executables like Wannacry and Petya are like a guerrilla force against
a conventional army, a situation where conventional warfare tactics do not
work. An asymmetric threat requires an asymmetric response.
AI and Machine Learning can be used as this asymmetric response, precisely
because they intrinsically implement approximation. Most virus executables
come in ‘families’. On average new versions are slightly different than
previous ones (with a view to detection avoidance).
Machine Learning, and especially Deep Learning, can be used to approximate
similarity between new potential threats and known ‘families’ of threats.
Deep Learning can find and learn internal ‘features’ of virus programs so
as to classify new programs as potential threats (or not) accordingly.
As an example, some virus programs including Wannacry, make calls to
non-existent IP addresses and do not expect a response. If there is a
response, then the virus knows that this is fake and consequently it has
been discovered, so it stops in its tracks in order to protect itself. Many
other features like this, and especially new and unknown ones, could be
discovered by ML and raise suspicions.
What is required?
An AI based ‘new school’ IT Security strategy would be comprised of the following:
• a Deep Learning Threat Detection Module
• a Conventional Security module (including Antivirus and Firewall)
• a heads-up Natural Language Processing system in order to automatically
read and monitor related blogs and news sites
• a strategy module that coordinates the above and interacts with IT security staff
What to do asap?
Especially for businesses, in the short term they should proceed to
urgently reassess (or to create God forbid) their Security and Data
Backup strategy with a view to immediate adjustments.
This should include (in parenthesis is what usually happens):
• Reviewing Firewall systems and related log files (they are monitored, right?)
• Reviewing Antivirus systems and virus database update methods (let sleeping
dogs lie)
• Replacing outdated Operating Systems like XP and Windows 2003 (if it works
don't fix it)
• Creating a Disaster Recovery Plan (doesn't company size mean this is optional?)
• Reviewing Data Backup Policies (no, optimism does not work here)
• Informing / training users on security issues (use of websites, email and
file shares,
but not on a Friday afternoon)
To conclude
Security is the cornerstone of IT Systems and if security issues are not
correctly addressed, technology may well peak over the next decade and then
crash like many a stock or real estate bubble.
Underestimating the consequences of IT security problems in terms of daily
revenue loss, information / data loss and brand reputation is unfortunately
very common.