Cyber-attacks now rank alongside natural disasters and climate change as one of humanity’s top ten risks globally, according to the World Economic Forum. Like pandemics and global economic crises, a wide range of buildings, businesses, public services, and almost every facet of society is at risk after the widespread proliferation of connected technologies, such as the Internet. The key to the future of cyber attacks is artificial intelligence (AI), which will allow hackers to run 100 times more attacks with the same manpower and at increasing levels of sophistication. Therefore, the key to the future of cyber security is also AI, triggering an AI arms race for smart buildings and connected enterprises against evolving cyber-criminals.
“The increased cyber risks generated by digital transformation and IoT device proliferation creates a critical mass of data that many argue merits the usage of AI-powered analytics to manage,” reads our latest cybersecurity research. “One key advantage that AI holds over human intelligence is that it can process huge volumes of data that an individual or even a team of people could not feasibly analyze within a reasonable timeframe. In a world increasingly awash with data, AI can help to find “the signals in the noise” by identifying patterns, from which humans can draw actionable insights.”
In the context of cyber security, actionable intelligence means recognizing threats and addressing them, but it’s not as simple as just getting an AI and applying to your cyber security system. Buildings looking to implement AI for cyber security will need considerable computing power and data processing capacity, which will incur significant cost. Once those resources are in place, buildings will then need to train their AI on many different sets of malicious code, malware code, and other anomalies, adding further cost and time to the process. However, the reality is that buildings are not all investing time and money in developing AI but many hackers are.
“As the complexities of systems has increased, cyber attackers have also sought to exploit the power of AI to identify weaknesses in security, creating a cat and mouse game between attackers and defenders in the AI cyber security space,” reads the comprehensive new research report. “Hackers are using AI, machine learning, and other technologies to launch increasingly sophisticated attacks. Machine learning algorithms are becoming more complex and accurate. Every time a bot system makes a spam attack, it becomes better when it tries again.”
This is not a discussion on the future of cyber security, these AI-enabled cyber-attacks are already happening. A 2019 study by Nektaria Kaloudi and Jingyue Li mapped existing studies of AI-based cyber attacks to understand the entire cyber-threat landscape. The research found 11 different case studies of AI being used by hackers across five categories, including malware, password-based attacks, social bots, adversarial training, and even voice synthesis —such as one case in the UK, where an energy firm was scammed out of £200,000 when a hacker used AI to impersonate a CEO’s voice in a phone call.
The most prominent of those attacks came in 2018, however, when hackers accessed confidential information on 3.75 million users of the online labour marketplace TaskRabbit. The criminals used an AI botnet that enslaved building devices and used them in a DDoS attack against their own servers, ultimately taking the entire platform offline until security could be restored. A 2020 study by Forrester Consulting found that 88% of security professionals think it is inevitable that AI-driven attacks will become mainstream, and 80% agree that we need AI to defend our building and enterprise networks.
“Offensive AI may well be leveraged for its speed and scale but this is something that defensive AI also brings to the table,” states cyber security firm Darktrace. “It’s time for humans to step aside – this is a machine fight. When this major leap in attacker innovation inevitably occurs, investigation, response, and remediation must be conducted with AI’s speed and intuition. Only AI can fight AI.”
The race is on for AI supremacy and the field is open. All the open-source AI research tools needed to supercharge every phase of these AI cyber-attacks already exist today and are continuously getting more powerful. Simultaneously, the rapid proliferation of IoT devices, remote work, and a lack of cyber security investment is increasing the attack surface for hackers and creating a valuable criminal market. Smart building and enterprise network “hackers for hire” will soon become commonplace as long as these trends continue, threatening lives and assets, as well as smart building market growth.