The artificial intelligence (AI) “opportunity” will be big in 2019. However, the rapid advancement and adoption of AI can turn out to be a double-edged sword. On the one hand, AI can help organisations ramp up their technology systems to new levels of sophistication, predict attacks and correspondingly take quick corrective action; on the other, it can also be misused by cybercriminals in avoiding detection and evading security.
Recently, there was an uptick in “Deepfake” videos that were created using deep-learning AI and involved creation of fake videos showing real personalities. In 2019, cybercriminals are likely to exploit the power of AI to a significant extent for nefarious purposes, circulate fake news and spread malware through phishing attacks. With security solutions yet to be developed as a counter, the only remedy available is to raise awareness and set up training for all stakeholders.
Smart contracts, which use Ethereum blockchain to maintain a decentralised ledger and subsequent contract between parties, have been implemented by some of the leading financial institutions. Increased usage is expected in financial transactions, including money transfers and protection of intellectual property rights. However, there have been flaws associated with this AI that may be exploited by cybercriminals. One of them is the “re-entrancy attack” that may see hackers accessing user's funds and extracting them without complying with contract requirements or without the knowledge and/or approval of the respective users.
Cloud computing, used extensively to store company data on servers, is another area at risk. In 2019, hackers will focus their effort to breach organisations’ systems, resulting in a radical shift from malware stored on the desktop to being stored within the data, making the same redundant. Investments in enhancing cyber security and incident response capabilities and hiring talent will be crucial.
Voice-controlled digital assistants are expected to be another area that will be targeted by cybercriminals, as they are used frequently by individuals as well as businesses. Hackers will further develop malicious codes and commands to target the Internet of Things (IoT) devices and their voice assistants. These assistants are also likely to be used in digital/financial payment applications, which will further augment risks.
While the threats continue to escalate, governments across the globe are launching initiatives and enhancing greater cross-border collaboration to fortify cyber security measures. The year 2019 will see India taking rapid strides to counter growing cyber threats by institutionalising a Defence Cyber Agency, under the supervision of the Integrated Defence Staff, inauguration of a national cyber forensic lab (NCFL) and Delhi Police’s cyber-crime unit, ‘CyPAD’. A National Centre for Artificial Intelligence is also on the anvil under the aegis of the ministry of electronics and information technology.
The EY Global Information Security Survey (GISS) 2018-19 highlights cyber security gaining prominence among the board. However, it also notes that more than three-quarters (87 per cent) of organisations do not yet have sufficient budgets to provide the levels of cyber security and resilience they want. Protection is patchy, relatively few organisations are prioritising advanced capabilities, and cyber security too often remains siloed or isolated. The cyber threat that stands before us is as real as it can get. In 2019, organisations will have to buckle up their cyber seatbelts for the bumpy ride ahead.
The writer is Partner, Forensic & Integrity Services, EY