What keeps me up at night: ‘AI gone wrong’

By Benjamin O. Powers

“What keeps me up at night” is a series where top security experts reveal the threats, technologies, and tactics that keep their industry constantly on its toes. As regular citizens, we don’t know the half of what’s going at the highest levels of national and international security (the true volume would probably induce mass panic). These experts can help give us a better idea of the type of threats we face, and how we as a society can protect against them.

In our first post, we speak with Tim Williams, vice chairman at corporate risk management agency Pinkerton. Formerly the chief security officer at tractor maker Caterpillar, Williams has received multiple accolades in his field for his contributions and leadership.


Williams’s concerns for the industry fall into both the physical and digital realms. While artificial intelligence (AI) threatens to make ransomware attacks more dire, physical security officers have, believes Williams, begun to let their guard down. In his mind, there’s one major way the industry can stay ahead of the game.

What is the most pressing security threat that faces us today?

Short answer: People aren’t worried enough

Generally, there is complacency across all aspects of security.

Physical security officers have become numb with predictable routines and boredom. This results in mistakes, such as the wrong person getting permission to access a certain location, missed safety issues on rounds, and cameras being improperly monitored. Emergency drills with employees become routine, as well. Everyone just “goes through the motions” with little understanding of what they will encounter if there’s an actual fire, bomb threat, earthquake, or active shooter.   

Cybersecurity can also become routine. Mistakes can happen in the course of patching servers and applications, leading to related hardware and software declines. This can cause numerous vulnerabilities that hackers and others see as “first choice” exploits. Employees who don’t take security seriously can become victims of phishing attacks and water holes, losing their authentication credentials and giving hackers a beachhead into the network.

What is the biggest security threat on the horizon that we don’t know about?

Short answer: AI gone wrong.

AI in the wrong hands. Nation states will use AI to significantly increase the speed and sophistication of their network attacks across all aspects of the Internet of Things. Hackers will quickly follow as AI attack tools get “into the wild”.  

AI in combination with facial recognition and drones may result in completely new, novel and sophisticated terrorist attacks; illicit drug smuggling; etc. The use of drones to discreetly “sniff” networks where the presence of a human being would be suspicious in close proximity to buildings and events is also on the horizon.

What can we do to address these security threats right now? How about in the future?

Short answer: Start training, training, training.

The use of “red teams” (internal security employees and others who routinely “attack” networks, applications, and new products) helps identify vulnerabilities faster in both physical and cybersecurity, and fights complacency among IT staff. Testing physical security in a similar fashion also helps fight complacency.   

The most critical element is thoughtful, realistic and informative training and education. Employees at all levels should have training on emergency procedures, cybersecurity risks and the importance of related processes. This requires the same thinking, focus and energy as driving a major product marketing campaign.

Generally, there is complacency across all aspects of security.

Physical security officers have become numb with predictable routines and boredom. This results in mistakes, such as the wrong person getting permission to access a certain location, missed safety issues on rounds, and cameras being improperly monitored. Emergency drills with employees become routine, as well. Everyone just “goes through the motions” with little understanding of what they will encounter if there’s an actual fire, bomb threat, earthquake, or active shooter.   

Cybersecurity can also become routine. Mistakes can happen in the course of patching servers and applications, leading to related hardware and software declines. This can cause numerous vulnerabilities that hackers and others see as “first choice” exploits. Employees who don’t take security seriously can become victims of phishing attacks and water holes, losing their authentication credentials and giving hackers a beachhead into the network.

What is the biggest security threat on the horizon that we don’t know about?

Short answer: AI gone wrong.

AI in the wrong hands. Nation states will use AI to significantly increase the speed and sophistication of their network attacks across all aspects of the Internet of Things. Hackers will quickly follow as AI attack tools get “into the wild”.  

AI in combination with facial recognition and drones may result in completely new, novel and sophisticated terrorist attacks; illicit drug smuggling; etc. The use of drones to discreetly “sniff” networks where the presence of a human being would be suspicious in close proximity to buildings and events is also on the horizon.

What can we do to address these security threats right now? How about in the future?

Short answer: Start training, training, training.

The use of “red teams” (internal security employees and others who routinely “attack” networks, applications, and new products) helps identify vulnerabilities faster in both physical and cybersecurity, and fights complacency among IT staff. Testing physical security in a similar fashion also helps fight complacency.   

The most critical element is thoughtful, realistic and informative training and education. Employees at all levels should have training on emergency procedures, cybersecurity risks and the importance of related processes. This requires the same thinking, focus and energy as driving a major product marketing campaign.

Photo by: Photo by Maurício Mascaro from Pexels

Comments

Your email address will not be published. Required fields are marked *

PublicSecurity.Today values a meaningful and respectful exchange of ideas and opinions. If you identify inappropriate comments, please contact us. Inappropriate comments will be removed and repeat offenders will be blacklisted.