Data/Cyber

AI fears abound

in ,

BY Richard Summerfield

Artificial intelligence (AI) and machine learning have the potential to revolutionise many aspects of our professional and personal lives. In the decades to come, the potential benefits to be gained from embracing technology solutions will be remarkable. That said, the negative impact of AI and machine learning is widely debated, and it may have unintended consequences.

The risk of immoral, criminal or malicious utilisation of AI by rogue states, criminals and terrorists will grow exponentially in the coming years, according to 'The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation' report. The report is authored by 26 experts in AI, cyber security and robotics from universities including Cambridge, Oxford, Yale, Stanford and non-governmental organisations, such as OpenAI, the Center for a New American Security and the Electronic Frontier Foundation.

Yet despite the potential risks posed by malicious actors, many institutions are wholly unprepared. For the authors, over the course of the next decade, the cyber security landscape will continue to change and the increased use of AI systems will lower the cost of a cyber attack, meaning that the number of malicious actors and the frequency of their attacks will likely increase.

“We live in a world that could become fraught with day-to-day hazards from the misuse of AI and we need to take ownership of the problems – because the risks are real. There are choices that we need to make now, and our report is a call-to-action for governments, institutions, and individuals across the globe,” says Dr Seán Ó hÉigeartaigh, executive director of Cambridge University’s Centre for the Study of Existential Risk and a co-author of the report.

In response to the evolving threat of cyber crime and the potential misappropriation of AI, the report sets forth four recommendations. First, policymakers should work with researchers to investigate, prevent and mitigate potential malicious uses of AI. Second, researchers and engineers in AI should take the dual-use nature of their work seriously, allowing misuse-related considerations to influence research priorities and norms. Third, organisations should identify best practices where possible in research areas with more mature methods for addressing dual-use concerns, such as computer security, and imported where applicable to the case of AI. Finally, companies should actively seek to expand the range of stakeholders and domain experts involved in discussions of these challenges.

Report: The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation

Rise of the robots

in , ,

BY Richard Summerfield

Automation is coming. Recent reports have suggested that millions of people around the world will be impacted by the wave of automation and other new technologies which are currently emerging.

A new report from PwC – 'Will robots really steal our jobs?' – suggests that while the financial services industry in particular could be vulnerable to automation in the short term, a variety of industries, including those in the transport space, are much more vulnerable in the longer term in the UK. Less well educated workers, too, will be increasingly susceptible to replacement. Female workers are also more likely to be replaced than their male counterparts.

PwC has identified three distinct waves of automation which will impact the global economy up to 2030: the algorithm wave, the augmentation wave and the autonomy wave.

The algorithm wave is already underway and will last until the early 2020s. It involves automating structured data analysis and simple digital tasks, such as credit scoring. This wave could see just 2-3 percent of UK employees affected – 4 percent of women and 1 percent of men.

The augmentation wave, which centres on the automation of repeatable tasks and exchanging information, as well as further development of aerial drones, robots in warehouses and semi-autonomous vehicles, could impact 20 percent of UK jobs – 23 percent of women and 17 percent of men. This wave will last until the late 2020s.

The third wave, the autonomy wave, suggests that AI will have developed to the point that it will be able to analyse data from multiple sources, make decisions and take physical actions with little or no human input. This wave will last until the mid 2030s and could affect 30 percent of the workforce – 26 percent of women and 34 percent of men.

Euan Cameron, UK Artificial Intelligence leader at PwC, said: “Our research shows that the impact from automation and AI will be felt in waves, with more routine and data tasks hit first. But just because businesses and people aren’t feeling the impacts right now, there is no excuse not to start planning for the future. AI technology is getting more sophisticated every day and businesses need to understand how, where and when their people are likely to be affected in the future. Those that understand the risks and opportunities can start upskilling their people and adapting their businesses, rather than simply reacting when it’s too late.”

Automation is expected to be a boon for the economy, however. PwC believes it could contribute as much as 10 percent to UK GDP and 14 percent to global GDP by 2030.

Report: Will robots really steal our jobs?

GDPR compliance a major concern for business leaders, claims new survey

in

BY Fraser Tennant

Increasing regulatory pressures such as the forthcoming EU General Data Protection Regulation (GDPR) are a major concern for business leaders, according to an EY survey published this week.

According to the third biennial EY Global Forensic Data Analytics Survey – ‘How can you disrupt risk in an era of digital transformation?’ – which examined the responses of 745 executives from 19 countries, 78 percent of respondents expressed increasing concern about data protection and data privacy compliance issues, specifically the GDPR.

Indeed, with less than four months to go until the GDPR comes into force on 25 May 2018, only 33 percent of survey respondents said they have a plan in place to comply with the EU legislation. Moreover, while the average response of respondents in Europe was more positive, with 60 percent indicating they have a GDPR compliance plan in place, the survey notes that much work remains to be done in other markets, including Africa and the Middle East (27 percent), the Americas (13 percent) and Asia-Pacific (12 percent).

“The pace of regulatory change continues to accelerate and the introduction of data protection and data privacy laws, such as GDPR, are major compliance challenges for global organisations,” said Andrew Gordon, EY global fraud investigation & dispute services leader. “But businesses that adopt forensic data analytics (FDA) technologies can achieve significant advantages, benefiting from more effective risk management and increased business transparency across all of their operations.”

The survey also found that 42 percent of businesses believe that data protection and data privacy regulations have a significant impact on the design or use of FDA. EY’s examination further revealed that 13 percent of respondents indicated that they currently use FDA to achieve GDPR compliance, with more than half (52 percent) of the respondents indicating that they are currently in the process of analysing exactly which FDA tools they would use to assist them with achieving compliance.

Overall, survey respondents stated that increased adoption of, and spending on, advanced FDA technologies, needs to be matched with greater investment in skilled resources.

Mr Gordon concluded: “While it is encouraging to see that investment in advanced FDA is increasing, companies need to hire the right talent and invest in core skills such as domain knowledge and data analytics in order to be successful in managing their risk profile.”

Report: How can you disrupt risk in an era of digital transformation? – Global Forensic Data Analytics Survey 2018

Confidence down as cyber threat grows

in

BY Richard Summerfield

Cyber threats are evolving all the time, and while cyber criminals become more sophisticated and better equipped, it is the responsibility of companies to ensure that they are well prepared for any attacks. Yet, according to a new report from Alert Logic, many organisations lack confidence that their systems can withstand an assault.

The ‘Threat Monitoring, Detection and Response Report’ notes that companies are increasingly under attack from ransomware and phishing, and frequently experience data losses (these are the three biggest concerns for companies). Yet many cyber security executives in the UK are unconvinced that their company’s overall security posture is adequate.

Just 42 percent of the 400 executives surveyed indicated that they were moderately confident about their company’s ability to repel an attack. Thirty-two percent of executives felt that their company was more likely to experience a cyber breach in the next 12 months, compared to a year ago. Twenty-nine percent believed a breach was less likely, 22 percent did not expect the threat to change and 17 percent were unsure.

Many companies expressed concern about their ability to resist attacks. Primarily, executives believed that a lack of budget (51 percent), a lack of skilled personnel (49 percent) and lack of security awareness (49 percent) were the most significant obstacles facing security teams and the biggest barriers companies face when trying to defend themselves from attack.

Insiders are another growing concern for respondents. Fifty-four percent of those surveyed perceived a growth in these threats over the past year. Indeed, inadvertent insider breaches were cited as the biggest internal threats companies faced (61 percent). Insufficient user training contributed considerably, with 57 percent of respondents claiming that improving training would help overcome internal threats.

Yet despite the increased profile of cyber threats in the media, many cyber security executives do not expect to see their budgets increase substantially. Only 32 percent expect to get more, while 9 percent expect to receive less and 54 percent anticipate the same level.

A number of organisations are utilising threat intelligence platforms to respond to attackers.  Forty-seven percent of respondents reported that they were deploying open-source threat intelligence. Thirty-seven percent claimed that they uses a range of commercial vendors. Forty-nine percent claimed that the use of threat intelligence platforms had a positive impact on reducing data breaches.

Report: Threat Monitoring, Detection and Response Report

Countering complacency key to defeating cyber criminals

in

BY Richard Summerfield

Despite an increase in the number of cyber attacks and data breaches over the last 12 months, including a number of high profile cyber events, there has been a decline in how seriously C-suite executives view cyber risk, according to a report from Zurich and Advisen Ltd.

In ‘The Seventh Annual Survey on the Current State of and Trends in Information Security and Cyber Risk Management’, 60 percent of the risk professionals surveyed said executive management view cyber risk as a significant threat to their organisation. However, this is down significantly from the 85 percent recorded in 2016.

The eroding of the importance of cyber security issues among senior management is a worrying trend, particularly in light of the number of cyber incidents recorded over the last 12 months, as well as the volume and value of the data stolen.

According to the report, only 53 percent of respondents knew of any changes to their companies’ cyber security systems in response to the high-profile attacks that took place in early 2017. Furthermore, growth in the purchase of cyber insurance has gone stagnant after a steady six-year increase from 35 percent to 65 percent.

“These findings may indicate that businesses are not up to speed on the magnitude of impact that business interruption losses are beginning to have on businesses,” said Erica Davis, head of Specialty E&O for Zurich North America. “Businesses must adopt a mindset of resilience that extends beyond the four walls of their organization. As cyber security breaches persist, it is more critical than ever to engage in an ongoing, comprehensive review of all business partner relationships including how those vendors and business partners approach their own exposures and controls and how the vendors’ supplier approach fits into their overall resilience plan.”

A total of 315 respondents, across a spectrum of businesses of all sizes, contributed to the report. Fifty-six percent of respondent were from companies with revenue of $1bn or less.

Report: The seventh annual survey on the current state of and trends in information security and cyber risk management

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.