Information Risk Management (IRM) recently published its 2019 Risky Business Report. The document shows the results of polling decision-makers in the cybersecurity and risk management sectors to get their expert opinions on things like the changing threat landscape, corporate decision-making about cybersecurity and other pertinent topics.
Two topical things covered in the report were the fact that artificial intelligence (AI) could introduce new cybersecurity concerns, and that the upcoming 5G network could pose new risks as well. Here’s a look at how the report frames AI and 5G in cybersecurity.
The IRM report found that 86% of those polled think AI will impact their cybersecurity strategies within five years. It also concluded that the top three cybersecurity reasons that respondents use AI now are for network intrusion detection and prevention, fraud detection and secure user authentication.
However, the report calls AI “a double-edged sword.” It recognizes the worthiness of using AI for some cybersecurity requirements, such as to detect fraudulent bank account activity. However, the report also brings up how cybercriminals will use AI to carry out attacks, and clarifies that at least one such incident has occurred already.
Companies should not overlook how AI could enhance their cybersecurity plans, particularly if they struggle with not having enough cybersecurity team members to assess and categorize all the threats a company faces. Enterprises must simultaneously stay abreast of known or suspected ways that cybercriminals may utilize AI for more-successful, widespread attacks.
AI could also assist sectors that cybercriminals frequently target, such as the education industry. Cybercriminals know that entities in education have historically lacked cybersecurity resources, a problem that makes it easier to pull off successful attacks. One tip that education brands should follow is to create a prioritized list of risks. AI often makes it easier to take care of that responsibility without unnecessary delays.
Another highlight of the IRM report is that 83% of respondents anticipate 5G introducing new threats to tackle. More specifically, their three top concerns were that there would be an increase in attacks associated with Internet of Things (IoT) networks, that the 5G network would create a wider attack surface and that 5G hardware and firmware would lack security by design.
Those opinions mirror others discussed in recent coverage from Brookings Institute cited in the IRM report. It insists 5G’s arrival requires different techniques used to handle cybersecurity needs.
Shamik Mishra of Altran Group is another source brought up in the IRM report. Mishra specifically mentioned how the increased deployment of distributed network data centers would increase the size of the attack surface associated with the 5G network. Moreover, the presence of new and third-party applications once 5G arrives will increase the possibility of threats.
The coverage above is the extent of material in the IRM report about AI and 5G in cybersecurity. However, the document also contained other findings that are likely of interest to people who care about cybersecurity and data privacy. For example, most decisions about which cybersecurity solutions to deploy are still cost-based rather than driven by which options are the safest to use.
Positively, however, 91% of people who weighed in to help create the IRM study said that greater awareness of cybersecurity from C-level executives has affected their decision making. That could mean that companies will more often take a top-down approach when ironing out their cybersecurity strategies or making them better.
Another good sign is that 93% of the people who gave answers for the report said they had incident management plans in place. The study cautioned how the 7% of organizations that don’t should never assume they’re not targets for hackers. It brought up the example of a Missouri radio station that had its audio files compromised.
The IRM report presumably referred to an August 2019 incident involving ransomware that corrupted all the audio files associated with a Christian station. The criminals demanded $100,000 to restore access to the rightful owners, but the station decided not to pay it.
As the IRM study shows and the supplementary sources emphasize, AI and 5G necessitate thinking about cybersecurity differently than before and planning for the challenges they’ll bring. Now is the time for companies and their cybersecurity teams to do that. Waiting could leave enterprises scrambling to catch up and make them exceptionally vulnerable to preventable risks.
Companies also must not overlook how AI and 5G could create new risks. Planning how to conquer them now helps enterprises get prepared. Although outside sources haven’t published responses to this report yet, it likely gives them valuable reminders.
(SecurityAffairs – secure email gateways, malware)